First, the good news: E-mail security threats like spam and phishing seem to be leveling off in number, and might even decline in the coming years, said Mark Sunner, chief technology officer at MessageLabs, which provides corporate clients with filtering services for e-mail, HTTP and instant messaging traffic. The bad news, though, is that the existing attacks are getting far more furtive and effective.
“We don’t see the overall volume necessarily rising—if anything, it’s starting to flatten,” Sunner said. “I think one of the overarching things that really stood out was in 2005, we really started to see a narrowing of focus from the bad guys’ perspective. In 2004 and throughout 2005, we saw botnets getting smaller. It didn’t necessarily mean that the spam or phishing numbers were going down, but it seemed to be that there were maybe more, smaller botnets. We think the bad guys are trying to stay under the radar longer and hit a more targeted audience. It seems like the bad guys might have sat on a lot of these technologies up until recently, and now they’re starting to better understand, refine and use those engineering techniques.”
For example, spam has been enhanced to fool a particular kind of audience. Now, attackers attempt to trick, say, seven out of 10 e-mail users as opposed to three out of 500. “Spam itself is starting to become much more localized, whereas not that long ago, the vast majority of spam was in U.S. English,” Sunner…
Please log in or subscribe to read this article