Crafty spammers hiding behind HTTPS

A Symantec executive speaking at an international antispam conference said some spam creators are using secure URLs as shields.

SAN FRANCISCO -- The savvy of spammers gives even information security veterans fits. That includes industry heavyweights such as Cupertino, Calif.-based Symantec Corp.

"The main barrier to my fight against spam is the increased technological sophistication of spammers," said William

We don't have any technology yet that can trace HTTPS URLs.


William Plante,

Symantec

,
Plante, director of worldwide security and brand protection at Symantec. "Our first goal, of course, is to block spam, but after that, we want to know where it is coming from, and spammers are becoming better adept at obfuscation."

Plante, who spoke at the recent Institute for Spam and Internet Public Policy (ISIPP) conference, said one particularly effective obfuscation method is the use of secure HTTP Uniform Resource Locactors ( URLs).

"We don't have any technology yet that can trace HTTPS URLs," he said.

An unintended effect of antispam laws

Plante also believes that advanced obfuscation will become more common among less malicious spammers as various government laws get more stringent. "As untested laws get enacted, all spammers will start trying harder to cover their tracks to avoid being the first test of the laws."

So, what's currently the best strategy to combat spam? Plante recommends a multi-pronged defense.

"There are four components to a spam solution: legislation, public awareness, the responsibility of direct marketers and technology," he said.

The growing threat

Junk e-mail continues to mushroom at an alarming rate. Spam accounted for 42% of all Internet

For more information

Check out the Best Web Links on spam prevention

 

Read how e-mail threats are driving security spending

e-mail traffic in January 2003; it constituted 65% of traffic in June of this year, according to Plante.

"The amount of growth is even greater than these numbers indicate because there has been a growth of overall Internet e-mail from January 2003 until now," said Plante, who presented data gathered by Brightmail Inc., which was recently acquired by Symantec. Spam is "a very significant problem, which, left unchecked, will continue to grow."

Another pressing concern for Plante is the increasingly malicious spam technique known as phishing, whose creators use e-mail to mimic legitimate e-commerce sites in an attempt to trick users into disclosing sensitive information.

Advice for e-mail administrators

As for network and messaging administrators at the front lines of the war on spam, Plante recommended "self-education" on the types of spam and address-spoofing methods. Most enterprises have software that blocks spam, but Plante suggested that administrators "understand why some spam can get through," and he urged them to make data collection on block-evading spam a priority.

Conference notes: ISIPP speaker Michael Grow, an attorney and chair of the technology department at the Washington-based law firm Arent Fox PLLC, discussed the practice of prosecuting spammers for copyright and trademark infringement … Anne Mitchell, president of the ISIPP, announced a new program called the International Council on Internet Communication. The ICIC is a private industry group consisting of high-level executives and attorneys from around the world who will work to share information and resources in an effort to provide a more unified antispam initiative.

Dig deeper on Phishing and Email Fraud Protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close