Emergency.Blog

2006: "The Year of Computing Dangerously"

Cybercrooks Deliver Trouble
With Spam Filters Working Overtime, Security Experts See No Letup in '07

By Brian Krebs
washingtonpost.com staff writer

Wednesday, December 27, 2006; Page D01

It was the year of computing dangerously, and next year could be worse. That is the assessment of computer security experts, who said 2006 was marked by an unprecedented spike in junk e-mail and more sophisticated Internet attacks by cybercrooks.

Few believe 2007 will be any brighter for consumers, who already are struggling to avoid the clever scams they encounter while banking, shopping or just surfing online. Experts say online criminals are growing smarter about hiding personal data they have stolen on the Internet and are using new methods for attacking computers that are harder to detect.

"Criminals have gone from trying to hit as many machines as possible to focusing on techniques that allow them to remain undetected on infected machines longer," said Vincent Weafer, director of security response at Symantec, an Internet security firm in Cuptertino, Calif.

One of the best measures of the rise in cybercrime is junk e-mail, or spam, because much of it is relayed by computers controlled by Internet criminals, experts said. More than 90 percent of all e-mail sent online in October was unsolicited junk mail, according to Postini, an e-mail security firm in San Carlos, Calif. Spam volumes monitored by Postini rose 73 percent in the past two months as spammers began embedding their messages in images to evade junk e-mail filters that search for particular words and phrases. In November, Postini's spam filters, used by many large companies, blocked 22 billion junk-mail messages, up from about 12 billion in September.

The result is putting pressure on network administrators and corporate technology departments, because junk mail laden with images typically requires three times as much storage space and Internet bandwidth as a text message, said Daniel Druker, Postini's vice president for marketing.

"We're getting an unprecedented amount of calls from people whose e-mail systems are melting down under this onslaught," Druker said. Read all about it at: http://www.washingtonpost.com/wp-dyn/content/article/2006/12/26/AR2006122600922.html

Previous reference from this author: http://www.washingtonpost.com/wp-dyn/content/article/2006/12/22/AR2006122200367.html

---

Analysis and Commentary

The View From One Small Company in Chicago
By Paul Anderson

CHICAGO, IL: ERRI computer security analysts say that despite adding a Barracuda? Spam/Anti-Virus firewall box, and using updated firewall protection on each workstation in the Emergency.com network, the battle goes on with the spammers, crackers, and other cybercriminals. One ERRI network consultant said that the firewall appliance is being overwhelmed with an unprecedented number of spoof e-mails, "409" schemes, misdirections, and links to fake webpages that pretend to be those of banks, credit unions, and other financial institutions. He said, "We recently found over 2,000,000 fraudulent e-mails of one kind or another in the "quarantine archive" of our firewall...among them were 59 files containing various viruses."

ERRI CEO and senior analyst, Clark Staten, said today that the plague of spam and fradulent internet schemes has the greatest likelihood of "bring down the net," by diminishing confidence in it and clogging various chokepoints by the use of "bots" of various kinds. "It will not be a lack of ideas, a lack of innovation, or a lack of technology that could 'kill the net' as we know it...the net has proven itself terribly resilient in the face of various kinds of assaults," Staten said. "It will likely be the scourge of malicious intent and illegal commerce that will damage or even kill the internet," Staten added. "Much like the rest of society, if the internet is not globally governed in a fair and appropriate manner, and on-line users don't continually make their displeasure known about emerging (or long-time) nuisances on the net ...the cybercriminals will win," the long-time net enthusiast said.

Staten, who has been using the e-mail and the internet since the mid/late 80's, said that it continues to increasingly appear that many of the "nightmares" of early internet pioneers have materialized and that "the commercialization of the net" may be damaging it, both in intent and function. "However, please don't misunderstand my comments," Staten added. "Many, if not most, of the companies on the internet are using the net in a responsible and community-spirited manner...in fact, many have contributed both content and technical capability to the operation of the net and added a great deal to end-user satisfaction."

"But, there are 1-2% of internet businesses, who are engaging in fraudulent practices of some kind...there is also a segment of adolescents who seem to want to engage in graffiti and distribution of various kinds of malware...and finally, there are small groups or individuals stealing personal data and selling it to the highest bidder," Staten added. "At the risk of stating the obvious, the net community MUST make it clear to malcontents that the 'Wild-West days' of the internet are over and that real action will be taken to stop those who are exploiting (and ruining) this valuable resource," he continued. "Unless and until internet users, as a whole, condemn and actively combat fraudulent use of the internet...it will continue and even increase," Staten added.

"There can no longer be 'a wink and a nod' of understanding and acquiescence by regular internet users when it comes to spam, fraud schemes, and cybercrime...if end-users don't contribute to the solution...then, they are part of the problem," the veteran 'sysop' (system operator) concluded.