Businesses warned of new spam threat

Business networks could be swamped by new trend in spam whereby messages are sent via the resource-hungry Transport Layer Security (TLS) protocol, according to new intelligence from Symantec Hosted Services.

Malware analyst Dan Bleaken explained in a blog post that TLS, the successor to Secure Sockets Layer, is increasingly favoured as a secure comms channel between the client email sender and the email server to which the message is being delivered.

However, TLS uses far more server resources and is much slower than a plain-text email as it requires a "two-way conversation between the sending client computer and the receiving email server".

Bleaken said that the outbound traffic frequently outweighs the size of the spam message itself, and could "significantly increase" the workload placed on corporate mail servers.

Spam using TLS has shot up from 20 per cent of all spam last week to over 30 percent this week. Around 70 percent of spam sent from the Rustock botnet uses the protocol.

"Should the volume of spam from botnets that use TLS increase over the coming weeks and months, businesses need to carefully think about the resources required to handle this type of spam," wrote Bleaken.

"With corporate email servers coming under more pressure to handle these expensive but unnecessary TLS connections, it becomes a death by a thousand cuts.

"On its own the overhead of processing a single spam received with TLS may appear insignificant, but at large volumes the overall impact can be enormous."