Spam protection technologies

A modern spam mass mailing containing hundreds of thousands of messages can be distributed within a few minutes. Most often spam comes from zombie networks – formed by a quantity of users’ computers infected by malicious programs. What can be done to resist these attacks? Currently the IT security industry offers a lot of solutions and anti-spam developers have various technologies available in their arsenal. However, none of these technologies can be deemed to be a ‘silver bullet’ in the fight against spam. A universal solution simply does not exist. Most state-of-the-art products have to integrate several technologies, otherwise the overall effectiveness of the product is not very high.

The most well-known and widely spread technologies are specified below.

Blacklisting

DNSBL (DNS-based Blackhole Lists) is one of the oldest anti-spam technologies. This blocks the mail traffic coming from IP servers on a specified list.

  • Advantages: The blacklist guarantees 100% filtering of mail traffic coming from suspicious sources.
  • Disadvantages: The level of false positives is rather high, and that is why this technology must be used carefully.

Detecting bulk emails (DCC, Razor, Pyzor)

This technology provides detection of completely identical or slightly varying bulk emails in mail traffic. An efficient ‘bulk email’ analyzer needs huge traffic flows, so this technology is offered by major vendors who have considerable traffic volumes, which they can analyze.

  • Advantages: If this technology works, it guarantees detection of bulk emailing.
  • Disadvantages: Firstly, ‘big’ mass mailing can contain completely legitimate messages (for example, ozon.ru and subscribe.ru are sending out thousands of messages which are practically similar, but are not spam). Secondly, spammers can break through this defense with the help of smart technologies. They use software which generates different content (text, graphics etc.) in each spam message.

Scanning of Internet message headings

Special programs are written by spammers that can generate spam messages and instantaneously distribute them. Sometimes, mistakes made by the spammers in the design of the headings mean that spam messages do not always meet the requirements of the RFC standard for a heading format. These mistakes make it possible to detect a spam message.

  • Advantages: The process of detecting and filtering spam is transparent, regulated by standards and fairly reliable.
  • Disadvantages: Spammers learn fast and make less and less mistakes in the headings. The use of this technology alone provides detection of only one-third of all spam messages.

Content filtration

Content filtration is another time-proven technology. Spam messages are scanned for specific words, text fragments, pictures and other spam features. Initially, content filtration analyzed the theme of the message and the text contained within it (plain text, HTML etc). Currently spam filters scan all parts of the message, including graphical attachments.

The analysis may result in the creation of a text signature or calculation of the ‘spam weight’ of the message.

  • Advantages: Flexibility, and the possibility to fine-tune the settings. Systems utilizing this technology can easily adapt to new types of spam and rarely make mistakes in distinguishing spam from legitimate email traffic.
  • Disadvantages: Updates are generally required. Specialists, and sometimes even anti-spam labs, are required in the setting-up of spam filters. Such support is rather expensive and this influences the cost of the spam filter itself. Spammers invent special tricks to bypass this technology. For example, they may include random ‘noise’ in spam messages, which impedes the evaluation and detection of the spam features of the message, or they may use a non-alphanumeric character set. This is how the word viagra may look if this trick is used vi_a_gra or vi@gr@, or they may generate color-varying backgrounds within the images, etc.

Content filtration: Bayes

Statistical Bayesian algorithms are just another approach to the analysis of content. Bayesian filters do not require constant adjustments. All they need is initial ‘teaching’. The filter ‘learns’ the themes of emails typical for a particular user. For example, if a user works in the educational sphere and often holds training sessions, any emails with a training theme will not be detected as spam. If a user does not normally receive training invitations, the statistical filter will detect this type of messages as spam.

  • Advantages: Individual setting.
  • Disadvantages: It works better if used for individual email traffic. Bayesian filtration does not work perfectly on corporate servers with many different types of emails. If a user is lazy and does not ‘teach’ the filter, the technology will not be effective. Spammers try to find ways to bypass Bayesian filtration and in general, they are quite successful.

Greylisting

Greylisting is the temporary denial of the ability to receive a message. The denial includes an error code understood by all email systems. Normally the sender would then resend the message. However, once denied, the programs used by spammers do not resend emails.

  • Advantages: This is one possible solution.
  • Disadvantages: Delays in email delivery. For many users this solution is unacceptable.

Listes grises

Une liste grise empêche temporairement la réception d’un message. Le refus inclut un code d’erreur que tous les systèmes d’e-mails comprennent. En général, l’expéditeur va renvoyer le message. Cependant, une fois qu’ils ont été refusés, les programmes utilisés par les spammeurs ne peuvent pas renvoyer les e-mails.

  • Avantages : C’est une solution possible.
  • Désavantages : Cette technique cause des retards pour recevoir des e-mails. Pour de nombreux utilisateurs, cette solution est inacceptable.
cryptoransom-spam

Every little bitcoin helps

It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is no exception to this rule, especially in its most common cryptocurrency incarnation. The attacks targeted employees of small companies, but such emails could be sent to any user’s personal mail. Read Full Article

it-threat-evolution-q3-2017

IT threat evolution Q3 2017

Our growing dependence on technology, connectivity and data means that businesses present a bigger attack surface than ever. Targeted attackers have become more adept at exploiting their victims’ vulnerabilities to penetrate corporate defences while ‘flying under the radar’. Read Full Article

spam-and-phishing-in-q3-2017

Spam and phishing in Q3 2017

In terms of the average share of spam in global email traffic (58.02%), the third quarter of 2017 was almost identical to the previous reporting period: once again growth was slightly more than one percentage point – 1.05 (and 1.07 p.p. in Q2 2017). As in previous quarters, spammers were quick to react to high-profile events and adapted their fraudulent emails to the news agenda. Read Full Article

spam-and-phishing-in-q2-2017

Spam and phishing in Q2 2017

In Q2 2017, the average share of spam in global email traffic amounted to 56.97%, which was only 1.07 p.p. more than in the previous quarter. One of the most notable events of this quarter – the WannaCry epidemic – did not go unnoticed by spammers: numerous mass mailings contained offers of assistance in combating the ransomware. Read Full Article

nigerian-phishing-industrial-companies-under-attack

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research demonstrated, this was just part of a bigger story that began much earlier and is unlikely to end any time soon. Read Full Article

two-tickets-as-bait

Two Tickets as Bait

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air, Turkish Airlines, Air Asia, Air India, and other companies. Read Full Article