Page Two

By Cameron Sturdevant  |  Posted 2005-06-20 Print this article Print

Message technology companies that process, protect, store and filter e-mail, instant messages and, soon, SMS (Short Message Service) and possibly VOIP (voice over IP) messages are moving from plain old spam fighting to providing anti-fraud protection. What eWEEK Labs observed at the conference confirmed that no really new anti-spam technologies lie ahead. Instead, anti-spam vendors are offering beefed-up e-mail authentication and sender-reputation services. Reputation services verify that digital message senders are good, bad or unknown based on a senders e-mail transmission patterns and practices.

If senders obey laws (including the CAN-SPAM Act), send mail that is likely to be of interest to recipients and allow receivers to opt out, they will generally be categorized as good. ISPs will also likely vet senders to ensure that senders arent consuming undue bandwidth.

The future of reputation services was a hot topic at Inbox, but a more pressing problem, phishing, got the most attention at the show. Phishing uses e-mail to direct users to fake Web sites that imitate commerce sites. Once at the fake site, users are enticed to turn over identity and account data, which often is used to promptly steal money from users.

According to Oliver Friedrichs, senior manager at Symantec Corp.s Security Response Center, which screens approximately 25 percent of worldwide Internet e-mail messages, phishing e-mail increased from 9 million messages per week in July 2004 to about 33 million messages per week by December 2004. Further, representatives from Symantecs Brightmail Inc. unit said that 54 percent of nefarious code captured is e-mail with a malicious payload, such as a keylogger or back door, that can access confidential data.

The increase in malicious code that will likely infect corporate computers should be a key concern for IT managers. As phishers accumulate sensitive corporate data, it is likely only a matter of time before this data is used for financial gain.

Phishing isnt the only malware IT managers need to worry about. Pharming—where hackers exploiting weaknesses in the DNS infrastructure can redirect traffic intended for a real domain to a fake site—surfaced at the end of last year. And in the not-too-distant future, threats that combine phishing with pharming, in which bogus e-mail entices users to visit pharmed sites, are likely to outstrip phishing alone as a major problem for e-commerce, said experts at Inbox. "The reason pharming will exist in the future, and will eventually take over from phishing, is stealth," said Scot Chasin, chief technology officer of e-mail security company MXLogic Inc., during an Inbox seminar.

Click here to read more about pharming. "The attackers dont want to be caught, Chasin said. "Sending out millions of e-mail messages that pose as a financial [as phishers do] arouses suspicion. The idea of [pharming] crimes is to create stealth." Instead of sending millions of messages indiscriminately, pharmers send carefully crafted e-mails that tempt users to go to Web sites and divulge personal data. While no studies were cited, Inbox attendees said phishing/pharming campaigns have a much higher potential payoff than is normally associated with typical spam campaigns.

For IT managers, this means anti-spam tools will need to catch specially crafted messages sent at much lower volumes—thousands of messages rather than millions. This attack will likely require more user training on spotting fake Web sites, protecting personal data and keeping malware off corporate computers.

Finally, although sessions on storage were a small subset of the shows offerings, they raised some of the most interesting technical questions. Aside from determining where and how to store e-mail information, the clear trends show that large amounts of corporate intellectual property are stored in e-mail systems. This raises questions that IT should list among its strategic concerns.

Labs Technical Director Cameron Sturdevant can be reached at

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel