Security management services provider MessageLabs released its first monthly intelligence report of the new year, which shows that the amount of spam has increased nearly 10 percent from the previous month, but virus-carrying e-mails are on the wane. However, the number of these and other threats such as phishing and Trojans are becoming far less significant than the nature of these forms of attack, said Mark Sunner, CTO of MessageLabs.
“I think there’s a trend that will play out through this year, and that’s the concept of targeted attacks,” he said. “What we actually observed throughout 2005 was kind of the refinement of the bad guys across the board. They’re definitely getting more adept. We saw botnets getting a lot smaller. In the beginning, botnets were about 100,000-plus machines in size, whereas now the average size is about 20,000 machines. The reason for doing that is they get to stay under the radar of the security community a little bit longer. Obviously, if you’ve got something that has a really big spread—something like the MyDoom of yesteryear—that gets on the radar very quickly and patches get distributed. Things are a lot more discreet now.”
The spam and phishing blasts that are emerging from the botnets also are becoming much more advanced, he added. “Far less now do we see the ‘splatter gun’ approach, where literally millions of e-mails are sent out pretending to be eBay or a certain bank. Now a much smaller run is sent out, and they are going to individuals who absolutely do use eBay or that particular bank. We’re just starting to see now those same e-mails carrying bits of information that might be pertinent to the recipient, such as a postal code that’s correct. So it’s purporting to be your bank, everything looks fine, and it has some pieces of information about you.”
One of the numerically smallest but most dangerous threats is Trojans that are targeted not at several or even a few recipients, but just one organization. MessageLabs, which processes about 160 million e-mails per day, only intercepts about two of these a week, but they’re so well designed that they appear legitimate to almost anyone on staff. “These things demonstrate that the senders have some knowledge of the inner workings of the company they’re trying to get into,” Sunner said. “For instance, a company might be soliciting for a particular kind of business, so they would be expecting to get tenders coming in word documents. The Trojans would come in through those.
“They’re unique, so the chances of those ever getting on to the radar of the broader security community are incredibly small,” he added. “We think that this is something that will probably never be reported about, because it would be very hard for somebody to come forward and say they were hit and their intellectual property was siphoned out. But we think this is something that will be a theme throughout 2006.”
For more information, see http://www.messagelabs.com.