Spam spikes wreak havoc

The spam blasts can be as disruptive as a DDoS attack, security vendor says

Extremely aggressive spam blasts against individual domains, dubbed "spam spikes," are on the upswing and can disrupt small and midsize businesses as much as a determined attack designed to knock a company offline, MessageLabs said Monday.

In one attack monitored by the U.K.-based security company, a spam run of more than 10,000 messages struck a single domain over an 11-hour period, accounting for 75 percent of all the messages pointed at the domain.

"The purpose of a spam spike is to defeat appliance-based anti-spam systems that rely heavily on signatures, rather like desktop antivirus software," MessageLabs said in a report it just published.

"For smaller businesses, these can cause problems for the company's e-mail servers. A spam spike can have an effect similar to that of a DDoS (distributed denial of service) attack," MessageLabs said.

May's data also indicated a continuing trend in targeted attacks that aim one piece of spam at a single recipient. The number of micromanaged spam attacks last month was down somewhat: 595 total e-mails, compared with March's 716. However, the percentage of those one-off attacks that relied on malformed Microsoft Office documents jumped to 95 percent from 80 percent two months before. Sixty-four percent of the attacks used a malicious Word document, while 17 percent exploited Excel and 14 percent offered up a bogus or infected PowerPoint file.

Microsoft patched its Office suite several times in 2006 to protect users against these types of attacks, and it released more fixes in January, February and May this year. But in a tacit acknowledgment that patches aren't enough, Microsoft last month promoted new last-ditch defences against Word-, Excel- and PowerPoint-based attacks. The new tactics include a free tool that converts Office 2003 documents to the more secure Office 2007 formats, and the ability to block specific Office document formats when an attack is anticipated.

MessageLabs culled other data from May's results, including a claim that phishing attacks accounted for 79 percent of all malicious e-mail intercepted last month. In one instance, the company found that a single and relatively small botnet of just 500 compromised systems was responsible for churning out nearly a quarter-million messages aimed at a single target and was also guilty of sending e-mail infected with 55 different strains of nearly 10,000 viruses.

Worldwide, 72.7 percent of all e-mail was tagged as spam by MessageLabs during May. That figure is below the six-month average of 75.3 percent and far lower than the highest-ever figure of 94.5 percent, recorded in July 2004.

Join the Computerworld newsletter!

Error: Please check your email address.

More about MessageLabsMicrosoft

Show Comments