Spam sneaks ahead of viruses as a business risk

3 Feb 2005

Spam’s progress has overtaken that of viruses and it represents a greater threat to many businesses, a security provider has claimed.

Paul Thackeray, managing director and EMEA vice-president of Barracuda Networks, a provider of spam filtering appliances, said that recent developments in unsolicited commercial email, or spam, have meant it is not just an irritant but is a genuine impediment to many organisations. “Spam slows your network and it’s not good for productivity,” he said. Moreover, spam is one of the main entry points for sending viruses and Trojans, he pointed out, so tackling the problem isn’t just about getting rid of a nuisance.

“The spam guys are probably more devious than the virus writers. Viruses are coming at a slower rate; spam signatures or fingerprints are changing every hour, to judge from the reports that we get. Spammers are clever people, they know there are [detection] products out there, so they change internet protocol addresses frequently.”

Barracuda, a US company, has developed a ‘spam firewall’ appliance specifically for dealing with the problem of unsolicited commercial email. Its set of rules for filtering email can take account of typical spammer tricks to avoid being detected, such as deliberately misspelling words – for example, v.agra or v1agra.

Barracuda also maintains a series of honeypots, which are deliberately unsecured computers set up with the purpose of attracting spam and viruses. Through observing these systems, it’s possible to catch the various kinds of messages that would, in time, find their way into many users’ inboxes. The characteristics of messages identified as spam are passed down to each device so that they can be blocked almost as quickly as they first appear, he said.

Thackeray also echoed the view of many security experts who believe that legal means have proved to be ineffective against spam. “It’s incredible what an increase in legislation there’s been and how much more spam there’s been,” he said. “We’re making all of these laws, but the only people breaking them are going to be criminals anyway. Legislation will never kill spam.”

By Gordon Smith