Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/22/2009
12:11 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cyberoam Releases 4Q Email Threat Report

Shutdown of notorious Web host leads to drastic fall in global spam levels; economic recession, Barack Obama, Google Docs leveraged for spam attacks

(22 January, Ahmedabad, India): Cyberoam, a division of Elitecore Technologies and the innovator of identity-based Unified Threat Management (UTM) solutions, today announced the Q4 2008 email threat trend report, prepared in collaboration with its partner Commtouch. The main highlight of the report was a huge drop in global spam in November to its lowest levels at 59%, from an average of 90+% earlier, due to the shutdown of McColo, one of the largest and most notorious spam-friendly web hosting service provider. This decline, bringing spam levels to a third of the normal volumes, was marked by three weeks of significantly lower spam activity, and finally, a slow increase.

Another significant story was the global financial crisis which has become an important pretext for spammers trying to lure unsuspecting email recipients with fake job offers, instant loans and cash advances. Also, in the mean time, people received a flood of US election-related spam and malware, the attackers' motive being to steal personal information through phishing links or to install malicious software in visitors' computers.

Barack Obama, in particular, has caught the attackers' fancy with several outbreaks of spam and malware messages disguised in purported Obama acceptance speech downloads and an Obama sex scandal. The messages were sent from zombies (botnets) which are typically home computers taken over by spammers and malware distributors and are used on and off as they are needed.

Says Abhilash Sonwane, VP-Product Management, Cyberoam, "These attacks are of very short duration and disappear before their signatures are detected. The only protection in such cases is a security solution like Cyberoam that blocks zombie-generated spam based on the sender's reputation rather than rely on signatures."

Topical themes that included Iran, Afghanistan, India, corporations like Sony, spam based on celebrities and known figures like Nicole Kidman, Bill Gates, Bill Clinton and Barack Obama, were all part of the attacks. In their efforts to randomize emails to avoid anti-virus and anti-spam solutions, attackers often changed subjects and bodies. But, sometimes these two didn't match as in the message where a subject line was of Bill Gates and the content was related to Obama.

Spammers used legitimate sites and tools like web-based emails and Google Docs to spread malware. Leveraging Google's strong reputation, attackers sent email messages with Google Docs hyperlinks inside to get past traditional anti-spam methods.

"Hence, it is important that the security solution is based on the pattern of message distribution to detect spam and malware like Cyberoam does with Rapid Pattern Detection (RPD)," says Abhilash Sonwane. "Secondly, content filtering solutions need to go beyond home pages and do run time scanning and categorizing of internal pages too, preventing visitors from entering malware-laden pages within legitimate sites."

Web 2.0 media are seeing an increasing volume of user generated content turning into easy vectors for carrying malicious codes. Chinese characters and image-based spam have made a comeback with attackers devising innovative techniques to confuse anti-spam technologies, e.g. "bending the image at a slight angle".

Streaming media and downloads were among the top 10 web site categories infected with malware and/or manipulated by phishing. Also, Brazil emerged as the leading region in zombie activity. The other top trends included the resurgence of Image spam, spread of Chinese language spam and high turnover of zombies with an average of 280,000 per day.

Cyberoam uses the Commtouch RPDTM technology to analyze large volumes of Internet traffic in real-time. Unlike traditional spam filters, it does not rely on email content, so it is able to detect spam in any language and in every message format (including images, HTML, etc.), non-English characters, single and double byte, etc. Its language and content agnostic nature enables it to provide effective spam blocking capabilities. Cyberoam incorporates this technology within its unique identity-based UTM appliances, which deploy user identity-based functionality across all of its features. A departure from traditional IP address-dependent solutions, Cyberoam determines precisely who is doing what in the network, providing IT managers with stronger policy control and clearer visibility of activity.

About Cyberoam Cyberoam Identity-based UTM appliances offer comprehensive protection against existing and emerging Internet threats, including viruses, worms, Trojans, spyware, phishing, pharming and more. Cyberoam delivers the complete range of security features such as stateful inspection firewall, VPN, gateway anti-virus, gateway anti-malware, gateway anti-spam, intrusion prevention system, content filtering in addition to bandwidth management and multiple link management over a single platform. Cyberoam is certified by the West Coast Labs with CheckMark UTM Level 5 Certification, ICSA Lab, an independent division of Verizon Business, and the Virtual Private Network Consortium. Cyberoam has received the 2008 Emerging Vendor of the Year award by Frost & Sullivan, 2007 Global Excellence Awards for Integrated Security Appliance, Security Solution for Education and Unified Security, the 2007 Tomorrow's Technology Today Award for Unified Security was rated Positive by Gartner in its Marketscope for SMB multi-function firewalls. Cyberoam has offices in the Woburn, MA, USA and India. For more information, please visit www.cyberoam.com.

About Elitecore Technologies Limited

Elitecore Technologies Limited is the global provider of Cyberoam UTM appliances. Elitecore's other divisions include Crestel Convergent Billing Solution that meets the voice, data, video billing and customer care requirements of Tier-1 service providers and 24online Billing and Bandwidth Management Solution for hotels, hotspots and Internet service providers. Elitecore has a strong R&D base and support center in India; it has sustained a healthy growth rate of over 75% since inception. For more information, please visit www.elitecore.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13100
PUBLISHED: 2020-10-26
Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.
CVE-2020-25470
PUBLISHED: 2020-10-26
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.
CVE-2020-7751
PUBLISHED: 2020-10-26
This affects all versions of package pathval.
CVE-2020-27678
PUBLISHED: 2020-10-26
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.
CVE-2020-27388
PUBLISHED: 2020-10-23
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.