/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsFame has taken a back seat and money, big bucks, is now every hacker’s ultimate goal.
The attack on major banks and enterprises recently point out to the level of sophistication of modern day hackers, who use spamming, phishing and botnets (Tens of thousands of compromised PCs), to make their attack huge successes.
Prabhat Kumar Singh, director, Security Response, Symantec, explains to Idhries Ahmad of CIOL, this nexus between spammers, phishers and bot masters and how all of them are working together to inflict heavy losses to enterprises across the world.
Singh, a veteran in security domain with extensive experience in designing and developing security solutions, also explains the reasons for the recent spurt in image and PDF spamming, and how the new methods are being used by hackers to bypass anti-spam tools.
CIOL: We now don’t hear of mass mail attacks by hackers on a global scale like the ‘I Love you Virus’ in 2000, when PCs across the world got affected and resulted in $2.6 billion losses worldwide. So can we presume the days of mass mail attacks ar
Prabhat Kumar Singh: I would say no. Attacks by hackers on global scale still happen. Only they have become more organized and are being strategized in a very controlled manner.
The days of sending viruses for fun and getting recognized are long over. Today attacks are very dangerous and deadly and are done in targeted manner to cause maximum damage.
We see an unholy nexus exists between spammers, phishers and bot masters.
Hackers are employing a very high level of sophistication across the world. There is converged network of phishers, spammers and bot masters who work in unison to materialize their end goals.
Phishers send billions of spam mails through botnets to their targeted audiences in a particular timeframe.
However, how they are different from earlier attacks, is that the whole process is completed within that stipulated timeframe. Once a specified audience is reached through spam and required information obtained, whole process of spamming is stopped and taken off the Internet. This helps hackers from getting traced and gather resources to mount another attack.
CIOL: Symantec’s August spam report also points very interesting fact about upsurge in image based and PDF spam as new forms of spam. Why are spammers turning to image and PDF based spam.
PKS: Traditionally, spammers across the world favour text-based spam. But with many sophisticated anti-spam tools in the market, a good percentage of text-based spam is being caught and their affect negated. Also spammers always are looking at new variations to send spams.
Spammers are turning to image and PDF based spam. As most of anti-spam tools across enterprises, though very adept to catch text spam, are not competent enough to catch image spam. This is because the anti-spam tool can’t read the header, if it is an image spam mail.
Though optical character recognition (OCR) algorithms are in place, they find it very difficult to detect image spam. Also spammers continuously vary the subject matter of image spam mail, making it even difficult to for the anti-spam tool to catch them.
And in case of PDF, it is even more difficult because image resides within the file. It is very easy for a human eye to identify image-based spam, but for OCR it is very difficult.
At Symantec we are continuously working on upgrading our anti-spam tool kits so that they can meet up the challenges thrown by spammers.
CIOL: Symantec's report has very interesting figures that point out to this upsurge.
PKS: At its peak last January, Symantec estimated that image spam accounted for nearly 52 per cent of all spams. PDF spam continued to increase and in July accounted for between two per cent and eight per cent of all spams.
While overall spam activity remained steady in July 2007, the tactics being used are clearly changing. Image spam is on the decline, while the use of document attachments like PDF is on the rise. Image spam continued to decline and recorded its lowest percentage of total spam at eight per cent in mid-July.
CIOL: We also see an upsurge in spam mails, which talk about shares of particular company really doing well. Symantec report also talks about very interesting case where spam is being send to manipulate stock results. Why and how is it being done?
PKS: We refer to this to pump and dump. Researchers attributed this resurgence in unwanted email to “image spam" that is often tied to fraudulent penny stock schemes. Spammers, who have bought shares of little known company sends billions of spam mails mostly to manipulate and raise the stock of that company. When lot of people hear about the company and buy its share, the stock of that company rises and spammer sells his shares to make profit.
CIOL: Symantec does lots of research in security domain and has been in the field for many years now. Are enterprises more secure than they were five years ago if we take into account the level of sophistication of security products from vendors and also the increase in the complexity of attacks of hackers across the world?
PKS: Security environment has improved a lot across the world. We can never have a full proof solution. We are playing a cat and mouse game. It is very difficult to foresee a threat and come out with a solution. One cannot program to detect all types of attacks. We only try to minimize the damage to minimum
We have to think on the same lines as hackers do and continue to work towards effective solutions for these threats. We at Symantec do high-end research to be prepared and come out with advanced tools to prevent an attack.
At Symantec, we work on data security policy layers. And if it is policies are implemented effectively at every layer, then every enterprise is automatically safe.