Asian Anti-Spam Guide 1
Total Page:16
File Type:pdf, Size:1020Kb
Asian Anti-Spam Guide 1 © MediaBUZZ Pte Ltd January 2009 Asian Anti-SpamHighlights Guide 2 • Combating the latest inbound threat: Spam and dark traffic, Pg. 13 • Secure Email Policy Best Practices, Pg. 17 • The Continuous Hurdle of Spam, Pg. 29 • Asian Anti Spam Acts, Pg. 42 Contents: • Email Spam: A Rising Tide 4 • What everyone should know about spam and privacy 7 • Scary Email Issues of 2008 12 • Combating the latest inbound threat: Spam and dark 13 • Proofpoint survey viewed spam as an increasing threat 16 • Secure Email Policy Best Practices 17 • Filtering Out Spam and Scams 24 • The Resurgence of Spam 26 • 2008 Q1 Security Threat landscape 27 • The Continuous Hurdle of Spam 29 • Spam Filters are Adaptive 30 • Liberating the inbox: How to make email safe and pro- 31 ductive again • Guarantee a clear opportunity to opt out 33 • The Great Balancing Act: Juggling Collaboration and 34 Authentication in Government IT Networks • The Not So Secret Cost of Spam 35 • How to Avoid Spam 36 • How to ensure your e-mails are not classified as spam 37 • Blue Coat’s Top Security Trends for 2008 38 • The Underground Economy 40 • Losing Email is No Longer Inevitable 42 • Localized malware gains ground 44 • Cyber-crime shows no signs of abating 45 MEDIABUZZ PTE LTD • Asian Anti-Spam Acts 47 ASIAN ANTI-SPAM GUIDE © MediaBUZZ Pte Ltd January 2009 Asian Anti-SpamHighlights Guide 3 • Frost & Sullivan: Do not underestimate spam, Pg. 65 • Unifying email security is key, Pg. 71 • The many threats of network security, Pg. 76 • The UTM story, Pg. 82 Contents: • Social Networks: The New Frontier for Spam 52 • JupiterResearch: Marketers on guard, email marketing 54 facing tough times • The Importance of Reputation and Message Relevance 55 • Anti-Spam Legislation and Enforcement Down-Under 56 • Honeypots and Spam 57 • Leading security threats to SMBs 59 • Know what to do when spam is in your Inbox 60 • Email Authentication tools still not widely used 61 • False positives are on the radar, but spam filters 62 • ANTI-SPAM SUPPLEMENT 64 • Frost & Sullivan: Do not underestimate spam 65 • Packing even more of a punch in email security 67 • Spam’s not going away and more security with control 69 needed • Unifying Email Security is Key 71 • Email Reputation and Authentication are Crucial in the 73 War against Spam • UTM SUPPLEMENT 75 • The Many Threats of Network Security 76 • Frost & Sullivan: 80 The Possibilities with UTM are Endless • UTM story 81 • Bringing the x Factor to Unified Threat Management 82 • UTM: Bent on Creating a Storm 85 • International Anti-Spam Legislation Snapshop 88 MEDIABUZZ PTE LTD • Editorial 88 ASIAN ANTI-SPAM GUIDE © MediaBUZZ Pte Ltd Asian Anti-Spam Guide 4 Email Spam: A Rising Tide IT security and control firm Spam relayed from hijacked spam messages on other peo- Sophos has recently released botnet computers ples' profiles - these don't just its report on the latest trends Email spam is almost always get read by the owner of the in spam, and revealed the top sent from innocent third party profile, but anyone else visiting twelve spam-relaying coun- computers which have been his or her page." tries for the second quarter of hijacked by hackers. These bot- In May, the LinkedIn business 2008. The investigation re- net computers are owned by networking system was used by veals a disturbing rise in the innocent parties, who are un- scammers seeking to swindle level of email spam travelling aware that cybercriminals are money from unwary corporate across the internet between using them for financial gain. executives. On this occasion, April-June 2008, and how Typically they are home users the spammers offered a share of some spammers are now us- who have not been properly pro- a non-existent US $6.5 million ing Facebook and mobile tected with up-to-date anti-virus inheritance fund, further high- phones to spread their mes- software, firewalls and security lighting the need for users to be sages. patches. It is therefore important vigilant to unsolicited ap- By June 2008, research reveals that more be done to raise proaches online. that the level of spam had risen awareness amongst computer Sophos experts note that the to 96.5% of all business email. users about the importance of level of Facebook, Bebo and Having risen from a figure of keeping their PCs secure. LinkedIn spam is still dwarfed by 92.3% in the first three months email spam, but there is a grow- of the year, corporations are ing trend for spammers to use now facing the fact that only one other techniques to spread their in 28 emails is legitimate. messages. "If your company is on the inter- Another growing method for net, it's going to be hard for it to spammers to spread their mes- do business unless it has an sages is via SMS texts sent to effective anti-spam defense in mobile phones. Spamming a lot place. Otherwise the amount of of people via text message is an junk mail will be swamping legiti- effective way of generating a mate correspondence from your flash-flood denial-of-service at- customers and suppliers," says tack against the telephone sys- Graham Cluley, senior technol- tem of an organization you don't ogy consultant for Sophos. "It like. As mobile operators give should be remembered also that away more and more "free texts some spam is not just a nui- per month" as part of their call- sance, but malicious in its intent Spam: Spreading in new ways ing-plans, and make available - trying to get you to click on an Sophos has discovered that SMS web gateways that can be attached Trojan horse or lead spammers are increasingly us- exploited by hackers, we may you to a dangerous website. ing networking websites such as see more spammers using SMS Organizations need a consoli- Facebook and LinkedIn to send to clog up phonelines. dated anti-spam and anti- their unwanted links to online malware solution at their gate- Email continues to be a favorite stores and bogus lottery and tool of spammers and still pre- way, updated around the clock financial scams. to neutralize the latest internet sents a danger to computer us- attacks." "Spammers are finding them- ers. It is common for cybercrimi- selves increasingly obstructed nals to spam out links to com- Sophos recommends compa- by corporate anti-spam de- promised websites, often using nies acquaint their users with fenses at the email gateway. In a subject line and message to best practice advice for minimiz- a nutshell - we're stopping the tempt computer users into click- ing best practice advice for mini- bad guys getting their marketing ing through the promise of a mizing exposure to spam, auto- message in front of their in- breaking news story or a lewd matically update their corporate tended audience," says Cluley. topic. virus protection, and run a con- "To get around this, we are see- solidated solution at their email The Pushdo Trojan dominated ing spammers exploiting net- the chart of most widespread and web gateways to defend works like Facebook to plant against viruses and spam. continues on Page 5 © MediaBUZZ Pte Ltd Asian Anti-Spam Guide 5 From Page 4 — Email Spam: A Rising Tide malware spreading via email, accounting for 31 per cent of all reports. Pushdo has been spammed out during the year with a variety of disguises. Some for example, have claimed to contain nude photo- graphs of Hollywood stars Nicole Kidman and Angelina Jolie. On the bright side, attacks via email file attachments, however, have reduced in 2008. Only one in every 2,500 emails examined for malicious purposes, such as which have conspired to make it in the first six months of 2008 identity fraud. Spear-phishers more difficult to get some of- was found to contain a malicious generate the victims' addresses fending websites taken down attachment, compared to one in by using special software or us- promptly. 332 in the same period of 2007. ing lists of employees found on From the criminals’ point of view the networks of social media Phishing still going strong the use of Chinese domain sites such as Facebook or names is attractive, as they do Sophos continues to see wide- LinkedIn. not have to change their domain spread phishing email cam- To guard against this risk, all so regularly and may be able to paigns targeting the users of organizations should ensure operate for a longer period of online financial employees are fully educated time. institutions, and popular auction about the dangers of posting too Backscatter spam and payment websites. In recent much information on these sites, months social networking web- and of accepting unsolicited A noticeable spam trend during sites like Facebook have also friend requests the first half of 2008 was the caught the interest of phishers. growth in the number of non- “Businesses need to bite the delivery report (NDR) messages It is important to remember that bullet and take better care of generated by mail systems that phishing campaigns are not spe- securing their computers, net- accept spam messages during cific to any one operating sys- works and websites. They not an SMTP session. If there is a tem, and can affect any internet only risk having their networks delivery error (for instance, user regardless of whether they broken into, but are also putting “mailbox full” or “user doesn’t use Microsoft Windows, Mac OS their customers in peril by pass- exist”), the system attempts to X or a brand of UNIX. Because ing on infections,” adds Cluley.