Postini: Research Points to Increased Directory Harvesting

eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Researchers at security software maker Postini said the company detected a significant increase in the number of corporate directory harvesting attacks launched during August 2006.

According to Postinis monthly Message Security & Management Update, DHAs (directory harvest attacks), through which criminals attempt to make off with entire corporate e-mail account listings, increased by 30 percent compared with July 2006.

E-mail account data acquired in these attacks is typically then used to launch spam or virus attacks aimed at the servers of companies whose information has been stolen.

Postini, a messaging security specialist based in San Carlos, Calif., reported that it expects to see even more of these directory-oriented attacks now that the summer vacation months have ended in the United States and Europe.

/zimages/4/28571.gifApple Computer warns users to beware of rigged QuickTime movies. Click here to read more.

In a typical DHA attempt, an outsider uses a software program to try and guess all the e-mail accounts within a particular Web domain name and forwards messages to all the addresses it creates. By examining the messages that are bounced, the attackers determine which e-mail addresses do not exist on that organizations messaging servers, and which may exist.

Attacks that are successful in finding large numbers of valid addresses sometimes also overload e-mail servers, causing denial-of-service conditions.

/zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Postini said during the month of August it saw a large amount of DHA attacks emanating from nations in the Far East, including China, Japan, Korea and Taiwan. Other common sources of the attempts included Brazil, Canada, Germany and the United States.

Postini researchers said they are expecting to see a related increase in the number of spam, phishing and e-mail-borne malware attacks launched during the last months of the year, especially during the holiday buying season, when it is believed that large numbers of novice Internet users turn to the Web to do their shopping.

“We have historically seen increased malicious connection activity during the end of summer and approaching winter holiday seasons,” Scott Petry, chief technical officer at Postini, said in the report. “This increase may be a signal that hackers are getting an early start [on] trying to obtain legitimate e-mail addresses in order to launch spam, phishing and virus attacks.”

Overall, the security company said its software blocked approximately 23 million viruses aimed at its customers messaging servers during August and also rejected over 7 billion spam messages during the month. Combined, the infected e-mails accounted for a daily of 78 percent of all e-mail the companys systems handled, Postini said.

The most commonly discovered virus during August was the Netsky virus, which Postinis software blocked a total of 4.1 million times, followed in order by the Bagle, Mytob, Mime and Mydoom attacks.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.