/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsAHMEDABAD, INDIA: Cyberoam, a division of Elitecore Technologies has announced the Q2 2008 e-mail threat trend report, prepared in collaboration with partner Commtouch.
The report revealed attacks on new user groups like ISPs, educational institutions, Google Adwords users and Microsoft users. The trend showed attacks on these large user groups by exploiting their psychological behavior.
Around 10 million zombies were active in Q2, sending spam and e-mail based malware everyday. The majority of the zombie IP addresses were dynamic and the zombie botmasters succeeded in causing large scale damage by deactivating the IPs causing fresh attacks, switching among various IPs in order to bypass by traditional security solutions.
The zombie botmasters have hit hard the Internet service providers (ISPs) by exploiting ISP infrastructure to send out spam on the Internet. ISPs thus faced a tough challenge this quarter, protecting their users against incoming spam in their inbox while shielding them from being used by zombies to send out spam.
The latter is a bigger concern as it leads to blacklisting of IP ranges of these ISPs, which will also block legitimate outbound e-mails along with the junk. Zombie abuse consumes precious network resources of the ISPs, reducing network speeds and resulting in customer dissatisfaction.
Phishing, spam messages that attempt to coax users into handing over passwords and other sensitive personal information, continue claiming victims. This quarter such phishing attempts were targeted increasingly at university students and faculty members.
Text-based message spam, coming from IT department, collected their personal information and passwords. Yet another phishing scam hit the Google Adwords account owners with legitimate-looking subject lines they were most likely to succumb to. The e-mail contained legitimate Google links, which redirected the user to a phishing site hosted on a Chinese domain.
In a new form of Bayesian poisoning, spammers used the disclaimer message content in Hotmail messages to bypass content-based filters. The content also contained a link to a hosted image of a pharmaceutical ad.
With the hotmail disclaimer lowering users' guard, users confirmed the validity of their e-mail ids by viewing the image, also becoming easy targets in future.
"Duplicity in the virtual world continues with increased vitality, thanks to the new and innovative methods of spammers to manipulate Internet users. New and easily vulnerable user groups are being targeted today with techniques that can deceive even the more experienced in the industry," said Abhilash Sonwane, VP—Product Management, Cyberoam. "Attackers know that internal users can be their most vulnerable targets and they constantly innovate to come up with new methods to attack them. By allowing identity-based policies, Cyberoam controls user activities within the network. This, along with Commtouch's rapid pattern detection and outbreak prevention technologies, enables Cyberoam to offer end-users the deepest and most comprehensive level of protection from all types of spam, malware and other Internet threats."
Unlike traditional IP address-dependent solutions, Cyberoam's identity-based UTM appliances deliver knowledge of who is doing what in the network, providing greater granular controls in creating user-based policies and offering clear visibility in the network.