We are losing the malware war. Conventional antivirus and anti-spam countermeasures seem ineffective against an increasingly sophisticated enemy. The argument is that server- and client-side solutions draw the battle lines far too deeply inside their own territory, robbing computing, bandwidth and other resources. What's more, their inherently reactive approach dooms IT staff to an endless cycle of patching and pushing out client updates.
E-mail security provider Messagelabs is taking the fight against spam and viruses elsewhere by offering proactive managed services that stop spam and virus threats at the Internet level, before they reach corporate networks and end users.
ZDNet spoke with Messagelabs chief technical officer Mark Sunner about current Internet threats, organised crime, and the latest trends in combating today's overwhelming flood of unsolicited mails and dangerous malware.
Within the last year, have you monitored an increase in the number and/or severity of Internet attacks? What were the hallmark features of recent Internet threat activity?
We've definitely noted an increase in overall traffic. I think the biggest trend we're seeing now is the increasing sophistication of the techniques used specifically in viruses. The sophistication is very much geared around subverting the flaws within traditional antivirus protection. Rather than obfuscating the viral code as in the past, virus writers are now changing the encoding techniques.
We've also seen social engineering being a factor as well, where virus writers are introducing a human element by putting malicious code in password-protected Zip-files and finding some route to encourage the user to then unlock the virus once it reaches the desktop.
The final trend that we're seeing is a new convergence between viruses and spam. Just to put a mark on that, 66 percent of the spam that we're now intercepting is coming from open proxies -- these are machines that have been infected with Trojans similar to those dropped with viruses such as Sobig, Fizzer or MyDoom. The use of large zombie networks is definitely becoming the en vogue technique of choice within the hard-core spammer community.
Talkback
I couldn't agree more that the monitoring and deletion of spam / viruses should move to a higher level than is currently the case. Many home users still don't have a clue how to protect their machines, and many cannot afford proper protection but still show their faces (and their backs!) on the net. Also, in third-world countries there are ISP's who struggle to provide the bandwidth that customers pay for, but there are always "low-tech" glitches which ensure that you don't even get that bandwidth. When spam starts rolling in, Internet access becomes nigh impossible, and the potential benefits for businesses in these countries fall away. Do we go back to the cleft stick, or do we accept that monitoring is better done as suggested, at Internet level? I'd willingly trade some degree of privacy for properly audited protection, stop frantically searching the Web at ridiculously low speed for patches, fixes (and nostrums), and get back to doing business in a relatively normal manner.
What are politicians afraid of? One very simple law would completely cure the problem world wide!
i.e. If a person or company does not specifically request another's SPAM, the SPAMMER commits an offence when distributing Spam, viruses or phishing. The offence of 'DISTRIBUTING UNREQUESTED INFORMATION OF ANY TYPE' commits the SPAMMER, Virus Writer, Phisher etc. (on first offence) to a minimum jail sentence of TEN years hard labour WITHOUT parole and WITHOUT access to any and all forms of I.T. for the duration of said prison term. (This should please the Human Rights vociferous minority as the majority of humans would be protected from Internet effluent and from the S.H.1.T. producing the effluent!).
Check out Spam-Exile, It works
I'm amazed that free classes have never been offered anywhere to show how the fight against spam and viruses must be do. I train my work people until it is second nuture to just set it up and make sure everyting is set to one of the higher levels of fighting viruses with a decent anti-virus program and the same with SPAM ... I use mail provided by ic24.net who's anti-virus and anti spam programs are about.
I very much agree with this article and would look for a way to pressure our parliment on this matter.
Actually I agree with the posting above. I used to get over 100 spam messages a day - now I get NONE.