In-Depth

In Brief

Most unsolicited e-mail originates in U.S., survey finds; securing storage; name-dropping attacks

• By Mathew Schwartz
• 09/08/2004

Most Unsolicited E-mail Originates in U.S., Survey Finds

When it comes to spam-producing countries, America is tops. According to antivirus vendor Sophos, 42.5 percent of all spam originates in the United States, making it the worst spam-sending offender in the world, followed by South Korea, China (and Hong Kong), Brazil, and Canada.

“Almost nine months on from the Can-Spam legislation … the United States’ attempt to clean up its act appears to have had little impact,” notes Graham Cluley, a senior technology consultant for Sophos, referring to the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, which became effective on January 1, 2004.

Sophos scanned its global network of honeypots to conduct its research. The other countries making Sophos list of the dozen worst offenders are (in order) Japan, Germany, France, Spain, the United Kingdom, Mexico, and Taiwan.

If legislation isn’t having an effect, how wired a given country is may be a leading indicator of spam generation. Take the number-two spam-generating offender, South Korea, which has the world’s highest per capita broadband adoption—making its consumers’ PCs high-profile targets for bandwidth-hungry attackers. “Spammers are motivated by watching their bank accounts get fatter and fatter, and many have turned to hacking … innocent, third-party computers to send their junk e-mails,” says Cluley. Today, “many of the computers sending out spam are likely to have had their broadband Internet connections exploited by remote hackers.”

Zombie computers—compromised without their owners’ realizing, and set to await further instructions—send about 40 percent of all spam, he says.

Despite the current ineffectiveness of Can-Spam, don’t count such measures out, says Cluley. “Only a combination of technology, international legislation, and user action will put a stop to spam.”

Related Articles:

Can-Spam’s failure
http://www.esj.com/security/article.asp?EditorialsID=1097

Can-Spam, Laced with Loopholes, Creates Confusion
http://esj.com/news/article.asp?editorialsId=845

- - -

Secure Storage Use to Increase

A number of companies plan to implement a secure storage plan—if they don’t already have one—within the next year. Yet to create truly automated and regulatory-compliant information-protection systems, organizations still need to increase coordination between their in-house security and storage experts.

Those findings come from research firm TheInfoPro (TIP), which interviewed 450 enterprise security and storage professionals.

The study found leading drivers for secure storage include such government regulations as HIPAA, Sarbanes-Oxley, and the Gramm-Leach-Bliley Act, which require the safeguarding of confidential—and sometimes financial—information. In fact, 45 percent of respondents cited “audits and regulatory compliance” as the leading business driver (or else pain point) fueling security spending. The need to comply with regulations was especially acute for respondents in financial services, high technology, health care, and the federal government.

Secure-storage growth won’t abate anytime soon. “Customer installations and new projects in this area have increased steadily over the semi-annual studies conducted by TheInfoPro,” says David Taylor, the company's chief research officer. He expects a continued uptake.

When it comes to naming names, interviewees feel EMC leads the space, followed by Vormetric, which focuses on SAN/NAS stored data encryption. When ranking companies, respondents said encryption speed was a primary factor.

- - -

New E-mail Scams Target Users

Three new scams target end users by name-dropping current events.

Given people’s “greater awareness of the risks associated with spam and e-mail, ” notes Susan Larson, vice president of global content for SurfControl, “spammers must continually create new techniques to trick end users.”

In these cases, the attacks dangle Google, U.S. Bank, and the Olympics. (Perhaps the latter will soon be too news-unworthy to merit end users’ further attentions.)

The Google attack is labeled “Google, #1 Search Engine,” and offers users a link to the latest Google toolbar. Of course, the downloaded executable file isn’t from Google, and “has all the signs of a [seriously] virus-infected file,” notes SurfControl. Astute recipients will further note the e-mail “from” header doesn’t say it’s from Google.

Also making the rounds are e-mails pretending to be from U.S. Bank, plus a well-known drug manufacturer. This attack utilizes embedded graphics, rather than HTML, enticing users to click the graphic. By discarding HTML, attackers can circumvent HTML-scanning defenses in the latest version of Microsoft Outlook, as well as text-scanning engines. “We think spammers will see a higher catch rate by incorporating graphics in their messages in this way,” says Larson.

Finally, the attack that name-drops the Olympics pretends to offer medal results, also supposedly sponsored by a well-known drug company. Advertisements for “performance enhancing” drugs aside, such subject lines as “Olympic Games,” “Olympic Medals,” and “Athens 2004” will hopefully alert end users to the e-mail’s suspicious intentions. Then again, maybe this year’s Olympic fever lives on.