ISPs Striking Out on Multistaged Attacks

By Matthew Hines  |  Posted 2008-09-03 Print this article Print

A new position paper issued by anti-spam expert company Cloudmark calls out ISPs and other service providers such as e-mail vendors for failing to do more to protect their customers from multifaceted attacks that combine various techniques to reach and exploit users.

As many other security pundits have noted, e-mail users remain in the crosshairs of many different types of attackers, from botnet herders to identity thieves, at least in part because ISPs and e-mail specialists aren't sufficiently connecting the dots to head off complex threats that use multiple angles to dupe users into falling for their bait.

For its part, Cloudmark points to the use of traditional anti-virus solutions by service providers as one of the most significant factors in allowing these problems to continue to scale up.

Of course, the company does have something to gain from taking this position, as it offers Postini-like in-the-cloud filtering services that promise to address these challenges.

"These advanced threats embed anti-spam and anti-virus ... evasion techniques with the objective of eluding both spam and traditional AV filters. Most spam filters are not capable of catching these highly mutable threats because they do not follow the recurrent, mass e-mail tactics commonly found in spam. Likewise, conventional AV solutions bypass these messages as they appear to be spam or phishing," the paper contends.

The problem is further intensified by the issue of widespread botnet networks being used to forward threats further and faster, with a greater level of separation from the initial attackers, Cloudmark said. Botnets are currently responsible for between 70 and 80 percent of all spam sent over the Internet, the company said.

"Companies that fail to address the problem of outdated anti-virus solutions are inadvertently enabling the spread of spambots and botnets," Cloudmark CTO Jamie de Guerre wrote. "Attackers are now merging fraudulent techniques and using next-generation approaches to reach their targets, such as hosting a virus on a Web site rather than distributing it as an e-mail attachment.

"Unfortunately, operators often are employing outdated AV and anti-spam technologies to protect their subscribers," de Guerre said. "As the virus, phishing and spam industries merge into a single economy, the only truly effective messaging security solution is one capable of combating existing and future threats simultaneously. Operators who fail to take the same holistic approach to their IT security and filtering processes that spammers, hackers and malware writers are taking to their attacks are doing a significant disservice to their customers."

Again, clearly Cloudmark has something to gain by pointing the finger of blame at some older technologies that its own services aim to replace, but the conclusion is one that absolutely rings true.

Unless ISPs and e-mail providers do more to tackle attacks before they reach users' in-boxes, the spam-driven malware issue isn't likely to improve.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel