Think before you click

Jason Ashley is

senior partner at BEW Global

Over the past three months, message threats have continued to steadily morph and increase in volume. Ask most people with an e-mail account and they will tell you that they have noticed more spam in their inboxes recently. Industry watchdogs have reported a sharp rise in malicious message volumes, with a 20 per cent spike in global mail volumes during July.

TSUB

There are many culprits leading the field. These include old favourites such as botnots and zombies (compromised PCs used for spewing spam, viruses and ‘phishing’). There are systems available that can deal with these fairly easily and most people are now familiar with the forms these uninvited e-mails take. However, there is a new twist in the development of spam operations. These spammers use tools to generate random images which are deployed at speeds of up to one million per hour. This is called image-based spam.

Image-based spam is a constant stream of unwanted e-mail messages that use embedded images in order to evade spam filters.

Using images in spam is nothing new – it’s been happening for a long time. What the spammers have developed, however, is the ability to change the image in real-time for each message that is delivered. To the spam filters in your system, each message can appear as unique, which makes identification very difficult.

The problem

With the majority of images being large gif and jpg files, image-based spam puts a huge amount of stress on a bank’s infrasructure. Banks typically store massive amounts of data, requiring a lot of storage and bandwidth. Image-based spam can be about eight times larger than a regular spam message – a typical message is around 8k in size, compared to 70k for messages sent with this new tactic. These messages create storage and bandwidth problems. Let them go undetected and your systems and data are severely at risk.

Insurance companies that are subject to regulatory compliance standards have to archive all their e-mail messages, so storage can get eaten up very quickly. Without blocking image-based spam, a lot of which is pornographic, I would say that around 25 per cent of storage space has gone. Then, of course, there’s always someone keen to click on the message, which unleashes any manner of virus into your system.

Make no mistake, these messages aren’t sent by students bored with studies and looking to make a name for themselves. This is a high-stakes, high-profit business. A business that continues to invest heavily in attempts to get messages delivered to users in the face of increasingly effective anti-spam systems.

A multi-layered approach

You should look at a multi-layered approach to this problem

You will undoubtedly archive e-mail for regulatory compliance reasons, so you should engage a technological solution that blocks incoming spam outside the firewall. If the messages are stopped outside the company, they don’t have to be retained.

If your organisation doesn’t have to retain e-mails for compliance reasons then choose a system that characterises the internet’s messaging traffic and make it understandable and actionable. These systems identify spammers using image proliferation and manipulation to evade detection. Multi-identity reputation systems are the most effective means of blocking illegitimate e-mail. Finally, tell your people about the problem. Don’t wait for them to open an unsuspected email then bolt the gate afterwards.