Companies Continue to Overlook Evolved Virus Attacks

Attackers are moving beyond traditional tactics to employing hybrid attacks that combine elements of both spam and viruses.

by / September 4, 2008

A recent security advisory from a messaging security company warned that service providers are placing e-mail users at risk by continuing to ignore sophisticated virus propagation techniques. Attackers are moving beyond traditional tactics, such as sending messages with virus executables attached or virus-infected documents, to employing hybrid attacks that combine elements of both spam and viruses. In these attacks, malware authors embed links in informative or advertising e-mails. Recipients are enticed to follow these links to a Website that hosts the malware, which could be a virus, worm or Trojan.

These advanced threats embed anti-spam and anti-virus (AV) evasion techniques with the objective of eluding both spam and traditional AV filters. Most spam filters are not capable of catching these highly mutable threats because they do not follow the recurrent, mass e-mail tactics commonly found in spam. Likewise, conventional AV solutions bypass these messages as they appear to be spam or phishing. As these attacks become the norm, operators are urged to re-examine their anti-virus strategies and ensure that their messaging security processes are capable of detecting these hybrid threats.

Computers infected with automated Trojans or spambots are one of the most widespread mechanisms for sending spam and abusive messages over the Internet. Compromised PCs are controlled by virus writers who rent them out to attackers who in turn use these computers to send enormous volumes of phishing attacks and for other fraudulent activities. Botnets, where a network of PCs are all infected by the same virus, are thought to be responsible for between 70 and 80 percent of all spam sent over the Internet.

"Companies that fail to address the problem of outdated anti-virus solutions are inadvertently enabling the spread of spambots and botnets," said Jamie de Guerre, CTO at Cloudmark. "Attackers are now merging fraudulent techniques and using next-generation approaches to reach their targets, such as hosting a virus on a Website rather than distributing it as an e-mail attachment. Unfortunately, operators often are employing outdated AV and anti-spam technologies to protect their subscribers. As the virus, phishing and spam industries merge into a single economy, the only truly effective messaging security solution is one capable of combating existing and future threats simultaneously. Operators who fail to take the same holistic approach to their IT security and filtering processes that spammers, hackers and malware writers are taking to their attacks are doing a significant disservice to their customers."


Platforms & Programs