Resurgence of Techniques: How Two Spam Methods Cause Major Security Concerns

Spam has been a cat-and-mouse game between anti-spam vendors and spammers for decades. Today, numerous spam filtering services capture spam with varying degrees of success--usually even a majority of the spam messages. However, a lot of end users and IT professionals view spam as merely a nuisance instead of a legitimate security threat.

Spam has been a cat-and-mouse game between anti-spam vendors and spammers for decades. Today, numerous spam filtering services capture spam with varying degrees of successusually even a majority of the spam messages. However, a lot of end users and IT professionals view spam as merely a nuisance instead of a legitimate security threat.

Two spam techniques have seen a resurgence in usage this past year after near dormancy since the early- to mid-2000s: Snowshoe spam and image spam are thwarting even the most advanced anti-spam engines and frequently wreaking havoc on end users’ mailboxes. The true threat lurks within these messages in the form of link-based attacks that can lead to opened vulnerabilities, spear phishing or viruses.

Snowshoe spam is a technique in which spammers utilize a wide array of email addresses or IPs at once to distribute a large spam attack that is spread lightly over multiple sources. This allows the spam campaign to reach across a large base of compromised accounts, creating a small footprint on each compromised source.

Image spam is typically an attached image that contains the actual body of the message the spammer’s campaign is attempting to deliver. The body of the message may have common words that will likely bypass a spam filter, allowing the recipient to receive the message. Most mail clients will automatically display the image attachment without the user having to open it, causing the recipient to see the image with the spam campaign readily displayed. The message usually contains a link-based attack with the image being a hyperlink.

Formidable Spam Campaign

Combine these two techniques and you have a formidable spam campaign, possibly reaching end users’ mailboxes and potentially delivering a virulent payload. As a support manager for Nuvotera, a SaaS distributor, I personally handle this issue with clients on a daily basis. So, what’s the answer to this rising real-world digital security threat? Active link protection.

Some spam filters offer passive link protection, where a link is scanned for threats prior to delivery. With so many attacks today being link-based as opposed to attachment-based, with evolving zero-day threats you need all the link protection you can get. Active link protection scans a link upon receipt and upon click, providing real-time protection even if a link’s risk changes.

McAfee Email Protection features ClickProtect, which is incredibly strong active link protection. Depending on the configured policy and the link’s threat, it may outright deny the URL and log the event, or display a warning. It also provides a safe preview screenshot of the linked site. This feature alone has saved many of my clients from suffering attacks while providing peace of mind, all without increased cost or burden on the end user or IT administrator.

Regardless of what security vendors you use, from my extensive experience, I strongly recommend utilizing active link protection. Spam techniques with stealth capabilities and dangerous cargo, with more than 130 billion spam emails sent daily, equate to new dangers threatening every mailbox. Active link protection provides that mandatory additional layer of security.

Daniel Norris is Support Manager at Nuvotera’s 24/7/365 SaaS support department. Guest blogs such as this are published monthly and are part of Talkin’ Cloud’s annual platinum sponsorship.