Spam spikes wreak havoc

The spam blasts can be as disruptive as a DDoS attack, security vendor says

Extremely aggressive spam blasts against individual domains, dubbed "spam spikes," are on the upswing and can disrupt small and midsize businesses as much as a determined attack designed to knock a company offline, MessageLabs said Monday.

In one attack monitored by the U.K.-based security company, a spam run of more than 10,000 messages struck a single domain over an 11-hour period, accounting for 75 percent of all the messages pointed at the domain.

"The purpose of a spam spike is to defeat appliance-based anti-spam systems that rely heavily on signatures, rather like desktop antivirus software," MessageLabs said in a report it just published.

"For smaller businesses, these can cause problems for the company's e-mail servers. A spam spike can have an effect similar to that of a DDoS (distributed denial of service) attack," MessageLabs said.

May's data also indicated a continuing trend in targeted attacks that aim one piece of spam at a single recipient. The number of micromanaged spam attacks last month was down somewhat: 595 total e-mails, compared with March's 716. However, the percentage of those one-off attacks that relied on malformed Microsoft Office documents jumped to 95 percent from 80 percent two months before. Sixty-four percent of the attacks used a malicious Word document, while 17 percent exploited Excel and 14 percent offered up a bogus or infected PowerPoint file.

Microsoft patched its Office suite several times in 2006 to protect users against these types of attacks, and it released more fixes in January, February and May this year. But in a tacit acknowledgment that patches aren't enough, Microsoft last month promoted new last-ditch defences against Word-, Excel- and PowerPoint-based attacks. The new tactics include a free tool that converts Office 2003 documents to the more secure Office 2007 formats, and the ability to block specific Office document formats when an attack is anticipated.

MessageLabs culled other data from May's results, including a claim that phishing attacks accounted for 79 percent of all malicious e-mail intercepted last month. In one instance, the company found that a single and relatively small botnet of just 500 compromised systems was responsible for churning out nearly a quarter-million messages aimed at a single target and was also guilty of sending e-mail infected with 55 different strains of nearly 10,000 viruses.

Worldwide, 72.7 percent of all e-mail was tagged as spam by MessageLabs during May. That figure is below the six-month average of 75.3 percent and far lower than the highest-ever figure of 94.5 percent, recorded in July 2004.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?