Tag Archives: San Bruno

About 2239 days ago Computer Security

Beware of Botnets and Other New Kinds of Spam

Businesses appear to be falling behind in the eternal war against spammers. Just when they manage to block one variety of unsolicited junk email to their office inboxes, another variety is developed. Until new technological advances come along, the best they can hope to do is use existing technology to stem the flow or outsource the work to companies that fight spam full time. In the last year, the amount of spam rose 250 percent over 2005 levels, according to security software firm SonicWall, in Sunnyvale, Calif. There are two main reasons for this surge: Image spam and botnets. Making it past spam filters Botnets, in which a virus takes over a PC and turns it into a spam-sending machine, have helped increase the overall amount of spam. The way it works is that perpetrators that want to take over other people’s computers for the purpose of sending spam first distribute viruses or worms to mostly Windows PCs. The code also contains a bot, or software robot, that automatically logs onto a server. Spammers access the server and order it to force the PC to send out spam to mail servers. While botnets are dangerous, some businesses try to block bots from being deployed through the use of intrusion prevention systems, either through a hosted service or at the network level. While effective against network-base infections, IPS offers little to defend against infections caused by employees willingly downloading bot infection payloads deceptively marketed as screen savers or browser toolbars. And once infected, these systems won’t stop bots from communication with botnets using standard http and https protocols. Image spam is also proving difficult to combat. Image spam has added to the amount of spam that makes it past spam filters employed by many businesses or Internet providers. Image spam was devised to foil filters looking for words like “Viagra” or “XXX.” When text is presented in a JPEG or PDF, such text-seeking filters are rendered useless. Image spam has been around for a while, but until 2004 or so most of it was filtered out by software that was looking for “signatures” — domains, common words or phrases, bulk recipients, etc. — that were common to emails sent en masse. The spammers came up with “snowflake spam,” in which every image is unique, although they look the same to the naked eye. Spammers quickly discovered the technique works: In 2005, only 3 percent of spam was imaged-based. In 2006, that figure rose to 30 percent, according to IronPort Sytems, a San Bruno, Calif., gateway security provider. Patrick Peterson, vice president of technology for IronPort Systems, says signature-based filters don’t work very well anymore. IronPort does do some image-based filtering, like looking for similar background colors, but the technique is far from foolproof and optical character analysis — the ability to recognize image-based text — is still way too ineffective. How to block the new flavors of spam Another way to address image spam is to simply block all images unless they are sent from an address that has been pre-selected by the recipient. The downside, of course, is that some legitimate emails will inevitably be lost in the shuffle. In addition to of filtering and blocking, many spam-fighters are focusing on “reputation analysis,” that is, assessing the validity of the recipient based on the incoming email address. Such reputation analysis finds out where the spam is coming from and then creates a blacklist. Analysts say while reputation analysis is the most effective ways to combat spam right now, it is far from a total solution. The other problem is that, like with image spam blocking, legitimate emails may be blacklisted. “These are small steps,” says Jeanniey Mullen, executive director of email marketing for Ogilvy, the New York ad agency. “I don’t think anyone has the answer yet.” Arabella Hallawell, research vice president for Gartner Research, of Stamford, Conn., recommends either getting an email appliance to limit a system’s exposure to spam and/or outsourcing -mail management to someone else. Not surprisingly, Peterson agrees with her. “The ante has really gone up,” he says. “In the old days, five to 10 really smart guys could put together a spam solution that’s pretty good. Now we’ve got 30-plus guys working on spam just to stay ahead of what the bad guys are doing.”

About 4826 days ago Data Security

Bold Storage

Techniques: Microcases Telecommuting Problem: Handling crucial files on the road Solution: A Web site for storing them Payoff: Bypassing the cost and security risks of laptops As regional sales director for a Web-based company, Melissa McNatt twice a week left her cat and her apartment in the San Francisco suburb of San Bruno to make sales calls in Southern California. On the side, McNatt moonlighted as an independent sales consultant, helping small-business owners with everything from sales letters to telephone scripts. But with her PC firmly ensconced in San Bruno, McNatt faced a problem: how could she run her own business while she was on the road? “I was struggling with how to do it all from my home computer,” she says. Frequently, McNatt and her customers collaborated to develop sales letters or PowerPoint presentations. To communicate — whether from home or from a computer at an airport or the nearest Kinko’s — McNatt relied on E-mail attachments, which sometimes led to technical complications. “You can’t do a fast download of a PowerPoint file,” she says. “And small-business owners are paranoid as hell about getting viruses.” To satisfy her customers, she often had to resort to sending printouts of drafts through the U.S. Mail — a time-consuming chore. And her lack of equipment on the road often hampered her wooing of new customers. If, say, she met a prospective customer in Los Angeles at a bar, she’d have to wait until the weekend to send a follow-up letter. “When you’re selling, you want to close as fast as possible,” she says, “before they get buyer’s remorse.” Then last July, about five months after she’d begun consulting, McNatt was at home browsing the Web when she happened upon a link to a company that offered document storage at its site. NetDocuments, in Orem, Utah (888-297-2736; www.netdocuments.com), has a Web-site format that resembles that of an online E-mail account. After registering and getting a password, McNatt found herself in the “NetDocuments Inbox Folder.” From there she clicked on a link that gave her access to the site’s tools for creating new folders and subfolders. Once she’d created the folders, she clicked on “Add new items to this folder,” and a box containing all the files on her hard drive popped up. With her mouse she simply highlighted the files she wanted to import into the various folders she’d created on NetDocuments and hit “OK” for the upload to begin. Now when McNatt makes the trek south — or even to a local customer’s office (she left her sales-director job in January to consult full-time) — she takes her consulting customers with her. From those same rentable computers, she logs on to NetDocuments not only to access her documents but also to share them with her customers through a feature called NetEnvelopes. NetEnvelopes works like an E-mail in-box with editing capabilities. First, McNatt designates with whom she wants to share a document. Those parties receive an E-mail message telling them that the document is open and that they can log on at any time to view or edit it. The only hitch is that to get into a NetEnvelope, the user must be registered with NetDocuments and have a password. The site does, however, allow users to set up accounts for others: McNatt can register a customer’s name and E-mail address, and that customer will receive a temporary user name and password to access the NetEnvelope. For $4.95 a month, users can get a premium service that gives them 100MB of storage space. McNatt, however, is satisfied with the 10MB she receives free. In addition to avoiding the costs of buying a laptop, she’s built her own Web site without having to spring for the technology to make documents downloadable off the site. Visitors can learn about McNatt at her site ( www.JumpStartSales.com) and go to NetDocuments to take advantage of her services once they’ve signed on as customers. And if she meets a prospective customer at a bar, she can walk down the street to Kinko’s and personalize her best follow-up letter on NetDocuments in minutes. “Now my sales cycle is two days, whereas before it was seven or eight,” she says.