Email an open door to sophisticated security threats

Email, once a straightforward vehicle that delivered viruses, Trojans, spam, etc., is now an open door continually exploited by individuals, organised groups of malware authors and cybercriminals to deliver sophisticated and stealthy adaptations of security threats.  Without any obvious signs, they take up residency on desktops and can even establish an extensive stronghold on corporate networks.

Just how open is email as a door for security threats? How easy is it to take steps to ensure computer users avoid unknowingly inviting malware - the unwanted guest - into the 'corporate home'?

These 'houseguests' - some invited and others appearing unannounced - travel far and wide and bring with them unique offerings. There are botnets, which have matured from simple command-and-control channel structures for malware, to forms that are more discreet and dangerous, difficult to halt, and possess much improved agility and functionality.

There is the ever-present spam nuisance that exploits a variety of technologies (Adobe Acrobat PDF, MP3, Microsoft Excel and Word, RAR, XLS, RTF and ZIP) and easily avoids traditional defences. Spam often leaves behind a mountain of junk mail, such as the well-known stock pump-and-dump and advanced-fee fraud campaigns, while delivering a variety of malicious 'gifts'.

Despite its enormity, spam volumes have remained relatively stable over the years, but new and previously unknown sources have surfaced with sophisticated attacks that traditional anti-spam software, appliances and traffic management controls cannot easily stop.

These mischief-making houseguests are joining forces with new and more sophisticated security threats going beyond easily detected malware attachments to include links to websites that host the malware code.

These houseguests also love their social and peer-to-peer networks (Limewire, Kazaa, MySpace, Linked-In, Facebook, Twitter, etc.). With the abundance of readily available information including personal and business email addresses, these networks are like a well-stocked refrigerator ready to serve up hour after hour of fun and excess. Combine personal data easily gleaned from social networking sites with information on corporate websites, and these houseguests drop on the sofa, put their feet up and design personal attacks.

They do not get any more personal than social engineering. Malicious emails are created to look like convincingly real email messages to trip-up unsuspecting, often sophisticated users (presumably those who should know better). These message attacks are typically aimed at C-level executives, aiming to steal intellectual property or confidential information by referencing tax infractions, legal notices, etc. Whaling, as it is known, is a customised and personalised attack within an apparent data file that contains a spying Trojan.

As we become an even more 'virtually social' society and engage in expanded social internet works, 'etiquette experts' will suggest new approaches for hosts to control unwelcome houseguests. While it is never polite to push visitors out of the door, in the world of computing, ensuring a heavily padded front door, installing a peephole to know who is knocking and delivering a swift kick in the derrière of unwanted guests, along with a slam of the door are certainly appropriate.

This onslaught of malware drives security vendors to create technologies that provide proactive detection and faster updates. This rapid development cycle has shaped the offering of third-party testing organisations, such as West Coast Labs, which has responded with real-time testing. This is a test network that measures the effectiveness of vendor research and responsiveness to and effectiveness against threats. This helps ensure customers have the best protection and provides vendors with a timely and relevant source of research invaluable against the fast changing threat landscape.

These unwelcome guests come from various locales, across many countries and bring along luggage full of new 'treats' - sophisticated phishing expeditions that will exploit VoIP technology, rock phishing, plus fast-flux that will allow phishing sites to remain undetected for weeks, new sophisticated spam techniques and viruses spread through email that contain hyperlinks and executable attachments. These guests, fixated on cybercrime, are establishing themselves as an interconnected network of groups that offer different 'hostess gifts' at different price points.

Lysa Myers, director of research for West Coast Labs, a leading independent test facility for information security and threat trends, and IANS faculty member.