3
FEATURE February 2012 Computer Fraud & Security 15 References 1. The Third Interpol Symposium on International Fraud, Saint-Cloud, Paris, France, December 11-13, 1979. 2. Computer-related criminality: Analysis of Legal Politics in the OECD Area (1986). 3. Ministerial Conference of the G-8 Countries on Combating Transnational Organised Crime, Moscow October 19-20, 1999, Annex 1. 4. Abraham D Sofaer; Seymour E Goodman. ‘A Proposal for an International Convention on cyber- crime and Terrorism’. CISAC, 2000. http://cisac.stanford.edu/publica- tions/11912. 5. Chief Judge Stein Schjølberg. ‘Report of the Chairman of HLEG’. International Telecommunications Union, Sept 2008. www.itu.int/osg/ csd/cybersecurity/gca/docs/Report_ of_the_Chairman_of_HLEG_to_ ITU_SG_03_sept_08.pdf. 6. ‘A Paper for the 12th Conference of Directors of Criminological Research Institutes: Criminological Aspects of Economic Crime’. Strasbourg, 15-18 November 1976, page 225-229. 7. Computer-related crime: Recommendation No. R (89) 9, adopted by the Committee of Ministers of the Council of Europe on 13 September 1989 and Report by the European Committee on Crime Problems. (Published in Strasbourg 1990). 8. Council of Europe: Recommendation No. R (95) 13 Concerning Problems of Criminal Procedural Law con- nected with Information Technology, adopted by the Committee of Ministers on 11 September 1995. 9. Council of Europe: Convention on Cybercrime, adopted by the Committee of Ministers of the Council of Europe at its 109th Session (8 November 2001). http:// conventions.coe.int/Treaty/en/ Treaties/html/185.htm. 10. Stein Schjølberg. ‘The History of Global Harmonization on Cybercrime Legislation – The Road to Geneva’. December 2008. www. cybercrimelaw.net/documents/cyber- crime_history.pdf. 11. Lolita Baldor. ‘U.S. report blasts China, Russia for cybercrime’. USA Today, 3 Nov 2011. www. usatoday.com/money/industries/ technology/story/2011-11-03/Cyber- attacks/51058852/1. Boosting your spam arsenal Ronan Kavanagh The best phishing protection tools use a multi-layered approach. And malware detection mechanisms need to be regu- larly enhanced to keep pace with the ever-changing threat climate. For exam- ple, a recent malware attack was able to change the DNS settings of infected computers, routing queries to rogue DNS servers. This attack allows crimi- nals to infect computers, direct them to servers they control, then redirect traffic to unintended websites, and reap the reward in terms of a financial windfall from this redirected traffic. Comprehensive protection A phishing protection scan engine should contain a comprehensive set of phishing signatures, support for Spam URL Realtime Blocklists (SURBLs) and heuristic rule tests. Enhanced and more-generic detection of phishing emails can be enabled by searching for URLs in email messages, which can help to detect and protect against zero- day phishing emails. DNS allows you to either convert a hostname to an IP address or, alternatively, convert the IP address to a name (reverse lookup). Some anti-phishing features, such as RBL and SURBL tests, depend on DNS availability in order to correctly categorise messages. With the use of Twitter and Facebook expanding and the number of people using these sites within the workplace also growing, these plat- forms have to contend with an ever- larger number of malware incidences. These events are varied and include click-jacking, phishing, trojans, and hacks that are allowing cyber-crimi- nals to use Twitter and Facebook for launching assaults across the web. A well-known example is the Cross-Site Scripting (XSS) virus that attacked Twitter in 2009. Trending topics such Ronan Kavanagh, SpamTitan Phishing attacks remain a clear and present threat to businesses. There is no evi- dence to suggest that network security measures are discouraging the number of phishing campaigns. In fact, the arrival of social networking in the workplace has presented scammers with an even bigger pond to phish in. Clear policies, along with improvements in user education and awareness supported by robust preventative tools, are the best way to beat phishing in all its forms.

Boosting your spam arsenal

Embed Size (px)

Citation preview

Page 1: Boosting your spam arsenal

FEATURE

February 2012 Computer Fraud & Security15

References1. The Third Interpol Symposium on

International Fraud, Saint-Cloud, Paris, France, December 11-13, 1979.

2. Computer-related criminality: Analysis of Legal Politics in the OECD Area (1986).

3. Ministerial Conference of the G-8 Countries on Combating Transnational Organised Crime, Moscow October 19-20, 1999, Annex 1.

4. Abraham D Sofaer; Seymour E Goodman. ‘A Proposal for an International Convention on cyber-crime and Terrorism’. CISAC, 2000. http://cisac.stanford.edu/publica-tions/11912.

5. Chief Judge Stein Schjølberg. ‘Report of the Chairman of HLEG’. International Telecommunications

Union, Sept 2008. www.itu.int/osg/csd/cybersecurity/gca/docs/Report_of_the_Chairman_of_HLEG_to_ITU_SG_03_sept_08.pdf.

6. ‘A Paper for the 12th Conference of Directors of Criminological Research Institutes: Criminological Aspects of Economic Crime’. Strasbourg, 15-18 November 1976, page 225-229.

7. Computer-related crime: Recommendation No. R (89) 9, adopted by the Committee of Ministers of the Council of Europe on 13 September 1989 and Report by the European Committee on Crime Problems. (Published in Strasbourg 1990).

8. Council of Europe: Recommendation No. R (95) 13 Concerning Problems of Criminal Procedural Law con-nected with Information Technology,

adopted by the Committee of Ministers on 11 September 1995.

9. Council of Europe: Convention on Cybercrime, adopted by the Committee of Ministers of the Council of Europe at its 109th Session (8 November 2001). http://conventions.coe.int/Treaty/en/Treaties/html/185.htm.

10. Stein Schjølberg. ‘The History of Global Harmonization on Cybercrime Legislation – The Road to Geneva’. December 2008. www.cybercrimelaw.net/documents/cyber-crime_history.pdf.

11. Lolita Baldor. ‘U.S. report blasts China, Russia for cybercrime’. USA Today, 3 Nov 2011. www.usatoday.com/money/industries/technology/story/2011-11-03/Cyber-attacks/51058852/1.

Boosting your spam arsenal

Ronan Kavanagh

The best phishing protection tools use a multi-layered approach. And malware detection mechanisms need to be regu-larly enhanced to keep pace with the ever-changing threat climate. For exam-ple, a recent malware attack was able to change the DNS settings of infected computers, routing queries to rogue DNS servers. This attack allows crimi-nals to infect computers, direct them to servers they control, then redirect traffic to unintended websites, and reap the reward in terms of a financial windfall from this redirected traffic.

Comprehensive protectionA phishing protection scan engine should contain a comprehensive set of phishing signatures, support for Spam URL Realtime Blocklists (SURBLs) and heuristic rule tests. Enhanced and more-generic detection of phishing emails can be enabled by searching for URLs in email messages, which can help to detect and protect against zero-day phishing emails. DNS allows you to either convert a hostname to an IP

address or, alternatively, convert the IP address to a name (reverse lookup). Some anti-phishing features, such as RBL and SURBL tests, depend on DNS availability in order to correctly categorise messages.

With the use of Twitter and Facebook expanding and the number of people using these sites within the workplace also growing, these plat-forms have to contend with an ever-larger number of malware incidences. These events are varied and include click-jacking, phishing, trojans, and hacks that are allowing cyber-crimi-nals to use Twitter and Facebook for launching assaults across the web. A well-known example is the Cross-Site Scripting (XSS) virus that attacked Twitter in 2009. Trending topics such

Ronan Kavanagh, SpamTitan

Phishing attacks remain a clear and present threat to businesses. There is no evi-dence to suggest that network security measures are discouraging the number of phishing campaigns. In fact, the arrival of social networking in the workplace has presented scammers with an even bigger pond to phish in. Clear policies, along with improvements in user education and awareness supported by robust preventative tools, are the best way to beat phishing in all its forms.

Page 2: Boosting your spam arsenal

FEATURE

Computer Fraud & Security February 201216

as the thanksgiving holiday or the recent death of Gadhafi are nirvana for spammers. Such events generate enormous levels of online interest worldwide, providing scammers with plenty of potential new victims. By piggybacking on news headlines, they can increase traffic volume to their websites. Grabbing headlines from CNN, Sky, BBC and other major news channels, the scammers randomise spam in a bid to increase traffic to their websites and therefore get a higher percentage of people purchasing their products. To date it is estimated that over $40bn has been lost to 419 scams alone, explaining why these scam emails continue to exist and grow in frequency and ferocity.

Business problems

Left unchecked, spam can create huge problems for businesses. User mail-boxes may be overrun, leading to lost productivity. Unchecked spam can also contain viruses capable of infecting the entire network. Gateway solutions are designed to catch the spam before it ever reaches users – some anti-spam systems, for example, might use multiple anti-virus engines – such as Kaspersky and ClamAV – to scan mes-sages for malicious code before they enter the network.

“Grabbing headlines from CNN, Sky, BBC and other major news channels, the scammers randomise spam in a bid to increase traffic to their websites”

A gateway solution needs to take a multi-layered approach to eliminating spam. This cocktail approach of deter-mining if a message is spam ensures that there is a minimum of false posi-tives – ie, clean mail misclassified as spam. A spam score is assigned to each message that is calculated by combining the scoring from each layer of the

message. The following tests are typically performed on each message:• Harvesting/dictionary attack protection• Collaborative spam fingerprint checks• RBL tests• SURBL tests• Bayesian analysis• Rule-based spam scoring• Whitelist/blacklist filters.

Further measures, such as the whitelisting of individual email addresses or entire domains, mean that you can be confident that messages coming from important colleagues, clients or partners will not be inadvert-ently caught in the filters. The bulk addition of a number of domains or whitelists can be cumbersome for some users, so many gateway solutions offer the ability to do this via an API to make the task much simpler.

“SPF can only stop spammers from forging the ‘From’ field in the email and it does not stop spammers from send-ing emails from a domain of which it is a member”

Sender identificationSender Policy Framework (SPF) tech-nology is often touted as an important anti-spam technology. But to dispel any misconceptions about the use of SPF, it is important to define the technology and its key purpose. It’s an anti-forgery approach in which the Internet domain of an email sender can be authenticated for that sender, thereby discouraging spam mailers who routinely disguise the origin of their email, a practice known as email spoofing.

A recent survey by SpamTitan revealed that some 43% of small and medium-size businesses (SMBs) were under the misconception that SPF is a method that can be used to stop spam from being sent using unauthorised domain names. Approximately 52% of organisations surveyed were not aware that SPF can only stop spammers from

forging the ‘From’ field in the email and it does not stop spammers from sending emails from a domain of which it is a member. While SPF is effective in stopping email spammers from forging email headers, SMBs should absolutely not consider using SPF as an anti-spam solution. SPF is not a standalone anti-spam technology and treating it as such is leaving organisations extremely vul-nerable to such email security threats as viruses, trojans, phishing and malware, in addition to spam. With spam and viruses growing exponentially as high-risk threats to businesses, leaving an organisation exposed to these nefarious threats is highly reckless.

Virtual models

Virtualisation is now firmly embedded in the enterprise mainstream. Cloud computing is quickly catching up. By moving away from the ‘one applica-tion per server’ deployment model to a cloud computing model, enterprises have been able to reap a broad set of benefits including cost reductions, improved availability and increased agility. However, many SMBs continue to view virtualisation as an enterprise-only technology that would not be viable in their smaller organisations – and that is a misconception.

“SMBs are now able to benefit from enterprise-class IT at a fraction of the normal cost.”

Cloud computing allows the maxi-mum use of resources and maintains an organisation’s competitive edge. Many email security solutions are available for deployment using virtualisation, which means that SMBs are now able to bene-fit from enterprise-class IT at a fraction of the normal cost. Every organisation will weigh up the pros and cons of what assets to move into the cloud on a case-by-case basis. Most will likely benefit from an increase in security after mak-

Page 3: Boosting your spam arsenal

FEATURE

February 2012 Computer Fraud & Security17

ing the transition, since a third-party provider is likely to have far superior security resources to those available in-house to SMBs.�

For services such as email hygiene, that already have a credible track record as cloud services, SMBs can use private cloud services to evaluate the return on investment from cloud while waiting for external offerings to

mature. Over time, private and public cloud resources are expected to merge as hybrid services. SMBs may well find themselves relying on private cloud services for many years, perhaps dec-ades, as public cloud offerings mature.

About the authorRonan Kavanagh is CEO of SpamTitan, a division of Copperfasten

Technologies, and is responsible for global sales and marketing for the SpamTitan suite of products. Educated in NUI Galway, Ireland, he joined Copperfasten Technologies in June 2004, prior to which he’d held posts at Eurokom, an Internet security serv-ices provider, and WorldofFruit.com, an Internet portal for the global fruit industry.

The inside threat to public organisations

Marc Lee

Outside hackers have a hammerlock on the collective imagination when it comes to data theft. But, in reality, internal users – people with legitimate access to the corporate network – are often the greater danger. Contractors, vendors, and current and former employees can do as much damage as an outside hacker while often leaving a much less visible trail. Public institutions expose themselves to risk by: not reviewing and certifying who should have access to what information; not properly changing or disabling access when necessary; and not controlling seg-regation of duties violations.

It’s natural for public organisations to want to open themselves up for easy navigation, but they must still consider the potential security risks. By offering web-based self-service access to users, for example, and managing overhead costs by using the web to streamline interaction with vendors, contractors

and outside service providers, organisa-tions are acting as responsible public service entities. But as they pursue such initiatives, they must take reasonable steps to safeguard sensitive information entrusted to them or risk losing public confidence.

“It’s natural for public organisations to want to open themselves up for easy navigation, but they must still consider the potential security risks”

Defining risksTo meet the highest standards of data protection, public organisations need to define and assess internal risks and enact strict control of access to sensitive information. ‘Internal’ in this context doesn’t just mean people who work in public buildings. Internal refers to

anyone who has legitimate access to public information systems, as opposed to hacking their way in forcibly. Addressing the data security risks of internal users requires three comple-mentary initiatives. The first is creating data security policies based on indus-try best practices that meet the policy and regulatory requirements of the organisation. The second is implement-ing the technology systems to ease the enforcement of these policies. The third is instilling the importance of these security measures and actions into the organisational structure and culture.

“User access intelligence can then help determine associa-tions and patterns that might violate compliance guidelines and company policies, or indicate hidden risks”

Together, policies and technology systems yield a stream of user access data that security administrators can analyse to identify, quantify and man-age risks to vital information such as intellectual property, medical records

Marc Lee, Courion Corporation Recent high-profile security breaches within public organisations have high-lighted the need to create effective preventive measures against security threats. Schools, hospitals and government organisations are frequent targets for data theft. The NHS data breaches, as well as the recent data theft cases in UK schools, clearly demonstrate that minor incidents such as losing a work laptop or failing to protect an office password could cost organisations millions of pounds in lost data as well as in long-term damage to their reputations.


International Telecommunication Union...International Telecommunication Union 4 Spam spam spam zWireless spam: SMS, MMS, email over mobile devices…(and SMS scams) z“Spim”: spam

International Telecommunication Union...International Telecommunication Union 4 Spam spam spam zWireless spam: SMS, MMS, email over mobile devices…(and SMS scams) z“Spim”: spam

Documents
Spam, Spam and More Spamcs5480/notes/spam-lecture-11-Sep-07.pdf · Spam, Spam and More Spam cs5480/cs6480 Matthew J. Probst ... • Recipient MTA Filter • TXT dns record on a domain

Spam, Spam and More Spamcs5480/notes/spam-lecture-11-Sep-07.pdf · Spam, Spam and More Spam cs5480/cs6480 Matthew J. Probst ... • Recipient MTA Filter • TXT dns record on a domain

Documents
An Illustrated History Of The Rock Island Arsenal And Arsenal Island

An Illustrated History Of The Rock Island Arsenal And Arsenal Island

Documents
EK Ch 17: Power laws and rich-get-richer phenomena (with an application of Web Spam detection Spam, Damn Spam and Statistics ) Spam, Damn Spam and Statistics

EK Ch 17: Power laws and rich-get-richer phenomena (with an application of Web Spam detection Spam, Damn Spam and Statistics ) Spam, Damn Spam and Statistics

Documents
GOURMET GUNNERS - James Collins’ nutritionjamescollinsnutrition.com/wp-content/uploads/2014/... · METABOLISM BOOSTING FOODS – THE TRUTH This month Arsenal Nutritionist James

GOURMET GUNNERS - James Collins’ nutritionjamescollinsnutrition.com/wp-content/uploads/2014/... · METABOLISM BOOSTING FOODS – THE TRUTH This month Arsenal Nutritionist James

Documents
Spam spam spam spam. Lovely spam! Wonderful spam! Spam spa ... Verdel.pdf · Als er iets is dat ik geleerd heb in de afgelopen 23 jaar waarin ik onderwijs heb mogen genieten, dan

Spam spam spam spam. Lovely spam! Wonderful spam! Spam spa ... Verdel.pdf · Als er iets is dat ik geleerd heb in de afgelopen 23 jaar waarin ik onderwijs heb mogen genieten, dan

Documents
Package ‘arsenal’ · Package ‘arsenal’ July 13, 2020 Title An Arsenal of 'R' Functions for Large-Scale Statistical Summaries Version 3.5.0 Date 2020-07-10 Description An Arsenal

Package ‘arsenal’ · Package ‘arsenal’ July 13, 2020 Title An Arsenal of 'R' Functions for Large-Scale Statistical Summaries Version 3.5.0 Date 2020-07-10 Description An Arsenal

Documents
Detecting Spam and Spam Responses

Detecting Spam and Spam Responses

Documents
ARSENAL LONDYN

ARSENAL LONDYN

Documents
Spam and Anti Spam Techniques

Spam and Anti Spam Techniques

Technology
Arsenal Herbicide Applicators Concentratebettervm.basf.us/frequently-asked-questions/literature/arsenal-ac... · How Does Arsenal® Herbicide Applicators Concentrate Work? The active

Arsenal Herbicide Applicators Concentratebettervm.basf.us/frequently-asked-questions/literature/arsenal-ac... · How Does Arsenal® Herbicide Applicators Concentrate Work? The active

Documents
Adsense Arsenal

Adsense Arsenal

Documents
Clustering Spam MIT Spam Conference 2008 Phil Tom

Clustering Spam MIT Spam Conference 2008 Phil Tom

Documents
MICE Arsenal

MICE Arsenal

Documents
Anarchist Arsenal

Anarchist Arsenal

Documents
FARMACIA / ARSENAL RE 5004 ARSENAL FARMACOLOGICO …

FARMACIA / ARSENAL RE 5004 ARSENAL FARMACOLOGICO …

Documents
Spam Spam Spam Spam

Spam Spam Spam Spam

Documents
Arsenal FC

Arsenal FC

Sports
Spam Overview. What is Spam? Spam is unsolicited email in the form of: Commercial advertising Phishing Virus-generated Spam Scams E.g. Nigerian

Spam Overview. What is Spam? Spam is unsolicited email in the form of: Commercial advertising Phishing Virus-generated Spam Scams E.g. Nigerian

Documents
Unpacking Prayer Our Endless Arsenal Part 6: Our Endless Arsenal

Unpacking Prayer Our Endless Arsenal Part 6: Our Endless Arsenal

Documents
NEW ABUSE REPORT - AFNIC · Google Safe Browsing Domain name Abuse spam phishing spam phishing spam Unwanted s spam spam malware GURID Registrar name Potential abuses Creation date

NEW ABUSE REPORT - AFNIC · Google Safe Browsing Domain name Abuse spam phishing spam phishing spam Unwanted s spam spam malware GURID Registrar name Potential abuses Creation date

Documents
Aromatherapy arsenal

Aromatherapy arsenal

Automotive
magician's arsenal

magician's arsenal

Documents
Spam, spam, spam

Spam, spam, spam

Documents
03 Arsenal

03 Arsenal

Documents
Mobile arsenal

Mobile arsenal

Technology
Spam – Solving it Economically?klarson/teaching/F04-886/... · Spam, tomato & Spam, egg & Spam, Egg, bacon & Spam...") that was current when spam first began arriving on the Internet

Spam – Solving it Economically?klarson/teaching/F04-886/... · Spam, tomato & Spam, egg & Spam, Egg, bacon & Spam...") that was current when spam first began arriving on the Internet

Documents
Introduction Spam in Society Email Spam IM Spam Text Spam Blog Spamming Spam Blogs

Introduction Spam in Society Email Spam IM Spam Text Spam Blog Spamming Spam Blogs

Documents
Arsenal Sheet

Arsenal Sheet

Documents
Topps - UEFA Champions League Match Attax 2015/16 (08 ... · Mesut Özil (Arsenal) 13. Santi Cazorla (Arsenal) 14. Mikel Arteta (Arsenal) - Captain 15. Olivier Giroud (Arsenal) 15

Topps - UEFA Champions League Match Attax 2015/16 (08 ... · Mesut Özil (Arsenal) 13. Santi Cazorla (Arsenal) 14. Mikel Arteta (Arsenal) - Captain 15. Olivier Giroud (Arsenal) 15

Documents