The Growing E-Mail Security Challenge

The New Threat Landscape

According to researchers at Symantec, one in every 617 spam messages now contains malicious code.

"In the past, a message was either spam or a virus. … A single verdict was usually sufficient to catch it or remedy the situation," said Angelos Kottas, senior manager of product marketing for Symantec Messaging Security. "But what we're seeing as a trend is spam that also has malicious code embedded in it, so that a simplistic approach might not catch it."

In MessageLabs' monthly Intelligence Report for March, the company reported that it found one in every 169.2 e-mails containing a virus and one in every 228.7 e-mails containing a phishing attack.

The report goes on to say that some of these attacks were targeted—aimed at specific people in various organizations.

"We've been seeing a sharp increase in [targeted attacks]. On average, we will intercept about 30 targeted Trojans per day," said Mark Sunner, chief security analyst at MessageLabs. "In December 2005, that average would have been about two per week."

Most companies walk a high-wire e-mail risk without a net. Click here to read more. 

Spam is clearly increasingly being used as an attack mechanism, infecting machines so they can be used in botnets to send more spam, said Gartner analyst Peter Firstbrook. While only one in every 150 to 200 e-mails may contain a virus, a much higher percentage of e-mails include a link to a malware-infected site.

"Sharing threat intelligence is one reason to have a coordinated SMTP and Web gateway," Firstbrook said, adding that, for many organizations, the lack of a secure Web gateway capable of filtering malware is a glaring hole in their defenses.