Spam spits out Linux in high volume attack

Struggling to cope with increasing volumes of spam, Deakin University was forced to redeploy its Linux e-mail servers and implement an alternative system for e-mail security.

Craig Warren, Deakin's operational service provision manager, said the Linux servers running antivirus and spam filtering software were effective for about three years, but "the spammers were steadily beating us".

As a result the university has implemented two IronPort c300 e-mail security appliances.

"We were continually spending time fine-tuning our detection and prevention, but the intruders were quicker than we were," Warren said.

Another organization that recently implemented IronPort is the CSIRO with IT security operations manager Tom Minchin confirming the science agency dumped its antivirus vendor Trend Micro in the process.

Enterprises claim they are losing their trust in e-mail as scams, spam, viruses and phishing continues to undermine its business value.

Blaming an over-reliance on the SMTP mail protocol Tom Gillis, IronPort marketing vice president, said the basic lack of identity and reputation of e-mail senders exacerbates the issue.

To overcome spam, Gillis said the entire industry needs to change the underlying infrastructure of e-mail, adding that the new wave of secured e-mail will be based on three core factors: identity, reputation and policy.

"We believe the root cause associated with all the things that slow e-mail down is in the SMTP protocol itself as it was designed when the Internet was a communication vehicle for scientists; the things that make e-mail successful are the things that make it vulnerable today," Gillis said.

"The key tool is adopting the notion of sender reputation because it is simple - if you look at the behaviour of the entity, mail or Web server, past performance is a good indicator of the future - all the industry is gravitating around the reputation of the sender, because it is much harder to spoof."

Ambika Gadre, IronPort director of information services, said 80 percent of spam now contains a URL, so tracking the reputation of spam senders is important.

Graham Henley, former law enforcement officer with the Australian Federal Police and current director of data recovery and forensic software firm Get Data, said security vendors are yet to create the ideal product to solve the e-mail problem.

"Reputation-based e-mail is a great idea, but let's just see if it works; a lot of the big players are still struggling to get it right," Henley said.

Peter Stewart, the chairman of antispam provider New Millenium Solutions, believes the industry has lost its way.

"One definition of madness is continually trying the same thing and expecting a different result; filtering isn't working," Stewart said adding that systems that check IP addresses in e-mail messages isn't the solution.

His company has developed a solution called TotalBlock which is based on "challenge response".

This technique builds a list of acceptable incoming e-mail senders by replying automatically to all those who are not on the user's allowed list effectively blocking unauthorized e-mail.

"Since the authorization process requires human intervention, it bypasses drone machines that spew out high volumes of spam," he said.

(Additional reporting by Sandra Rossi)

Spyware takes the crown in 2005: Sophos Report

Enterprises have seen a dramatic increase in spyware infections this year, according to the Sophos 2005 Security Threat Management Report.

Sophos attributes the increase to the business model used by virus writers. The goal for virus writers is financial gain through long-term infection, which is why spyware usage has been so prevalent. The global report found spyware rose to 66.4 percent of all malware threats in November this year.

In January, only 54.2 percent of all threats included a spyware payload and the year to date has shown a 48 percent increase in malware compared to 2004.

Sophos head of technology, Paul Ducklin, said virus writers with an organized criminal bent don't want another Blaster or Sasser, because it is counterproductive and affects their ability to compromise machines. Another emerging trend is 'spear phishing' which will overtake regular phishing campaigns.

"Instead of sending one million e-mails, which is obvious to the 900,000 who don't use a particular banking service, why not just send it to people who use that service," he said. The US, South Korea and China still account for 50 percent of all global spam, according to the report.

Join the newsletter!

Error: Please check your email address.

More about Australian Federal PoliceCrownCSIROCSIRODeakin UniversityDeakin UniversityFederal PoliceHISMillenium SolutionsProvisionRoseSophosTrend Micro Australia

Show Comments