Thursday, September 11, 2008

Spammers getting passed through encrypted email attachments

Who doesn’t hate spams? The answer is a resounding "Nobody!" These spasms invade our internet world like bacteria and viruses and no matter how much we try to disinfect or protect ourselves, the still get through.

Many email service providers have had effective solutions to blocking these spasms. One of the most effective and commonly used ways is to filter all income and outgoing emails. Email servers try to read the contents of all emails and they have their own algorithm to detect spasm. These machines can even know the attachments whether or not they contains spasms and other malicious codes like virus and Trojans. Once these emails are identified as spasm of malicious, the IP address of the sender is then blocked. But these can be easy to overcome because there are ways to changed IP addresses.

Now, filtering has been very effective. But the thing now though is that spammers use encrypted email attachments to encode their bad plans exploiting the fact that many spam systems cannot scan inside emails that are encrypted or password protected.

Email Systems, a filtering service provider, disclosed that in the past few weeks they have detected that a steady stream of spasms had been coming out from hosts which were compromised by bots. These spasms contained the compressed version of the Storm Trojan which had victimized many people in January when they inadvertently opened the password protected attachment.

The easiest to determine whether there are spasms and malicious codes in an attachment is to look at the file size and if is 77 kb, then there is a high chance of attack.

To be guarded against email spasms and other attack these days is simply not to open suspicious emails and delete them immediately, most especially if these emails come from strangers.

Also, be very careful with giving away your email address when signing up in some unreliable websites online. These could be website who will give away your email address and other information to spammers.

And this one: as much as possible, do not forward any chain emails. Many of these chain emails may sound to have good intentions like helping a sick girl or praying for world peace. But this is another strategy of spammers to gather as much email addresses as they can. Take note that many chain emails tell you to forward the email to all your friends and each of your friends will forward the email to each of their friends. That translates to exponential growth of email address the spammers can collect!

If there are any threatening of harassing email messages coming into your mailbox, report this immediately to your internet service provider. And for phishing, those emails trying to misrepresent a reputable company to draw money from people, immediately report any incident to the company being mispresented.
If all else come to worse, you can always file a complaint with the US Federal Trade Commission. Dealing with spammers is always a cat-and-mouse game. But in the end, the cat usually gets the mouse.

No comments: