In-Depth

MX Logic Introduces Security Crystal Ball

A security researcher announces a new Threat Forecast service that aims to keep security chiefs at least one step ahead of the bad guys

• By Stephen Swoyer
• 06/17/2008

Internet security firms are much better at telling you what's happening, but -- as a general rule -- aren't quite as good when it comes to telling you what's going to happen. This month, Internet security specialist MX Logic Inc. donned its wizard's hat, announcing a new Threat Forecast service that aims to keep security chiefs at least a step ahead of the bad guys.

There's no black magic in the mix here. Instead, officials say, MX Logic uses current and historical data and trends -- as well as the analytic chops of its own Threat Operations Center -- to develop its forecasts.

"The goal of the MX Logic Threat Forecast and Report isn't to predict the future, but to use our unique insight and knowledge to provide IT departments with some tangible things to be on the look-out for in the coming month, so they can better prepare to deal with them," said Sam Masiello, who heads MX Logic's Threat Management team, in a statement

What's in MX Logic's first forecast?

MX Logic predicts that overall spam volumes should climb slightly in June. That should come as no surprise -- after all, aren't spam levels always climbing? Not always. In fact, MX Logic measured a drop in overall spam volumes in May.

If history is any indication, however, spam will surge back. "Historically, a decrease in overall spam volume is only brief and temporary and is typically followed by an increase," the forecast indicates. "Another reason for the anticipated increase in spam is that the summer months often bring out more part-time spammers," researchers say.

Expect the same thing for worm activity. In fact, the ubiquitous Storm worm -- which isn't really a worm at all (it doesn't virally distribute itself) -- is poised for a timely comeback, according to MX Logic. "Variants of the Storm Worm are expected to re-emerge in the form of e-card spam, particularly around Father's Day," the Threat Forecast indicates. "In addition, a recent CNN news spam observed in late May could be a prelude to a broader attack. This particular spam didn't contain anything malicious, which is often a tell-tale sign of a test run by spammers."

Overall, worm activity abounds: Mydoom.BB is still with us, for example, and Srizbi has emerged as the most "popular" overall worm: it's yoked to the Srizbi botnet, which MX Logic pegs as the world's largest, with 315,000 bots. The Srizbi botnet accounts for more than half of all Internet spam, the researcher says.

How are spammers targeting users? Overall, MX Logic indicates, spammers are focusing on pain and pathos, launching spam and phishing attacks that target either rising gas prices or Chinese earthquake relief efforts. Users should be wary of other emerging spam or phishing attacks, too, MX Logic officials indicate. "In addition, spam related to the economic stimulus plan and government payouts should also remain a common ploy used by spammers to lure unsuspecting recipients to malicious Web sites collecting personal information," they assert.

The U.S. leads the pack with respect to spam generation (accounting for nearly one-third of all spam activity), followed by Japan (at 7 percent), the Russian Federation (at 6.5 percent), Italy (at 6 percent), and the UK (at 4.18 percent).