Virus-to-E-mail Ratio Grows Worse

E-mail security firm MessageLabs
has detected a sharp increase in malicious viruses, spam and Web-based scams
this year, warning that the technical sophistication of attacks is making it
tougher to stay ahead of hackers.

MessageLabs, which provides e-mail filtering software to government and
enterprise clients, said the problem of clogged in-boxes from spam has
become so bad that the number of unsolicited mail will far exceed legitimate
messages in the new year.

The company’s end-of-year report on e-mail security said it found one
virus in every 212 e-mails in 2002 (one virus every 3 seconds), a dramatic
increase of the one virus per 380 e-mails last year. And MessageLabs expect the upward trend to continue. It recognized a whopping
one in every 12 e-mails as unsolicited spam (one spam e-mail every
half-second) and warned that tighter controls need to be implemented by
vulnerable enterprises.

MessageLabs chief technology officer Mark Sunner took the e-mail
security/anti-spam gospel to this week’s Information Security Conference,
leading a panel discussion on “Defense-in-Depth: Defining a Layered Security
Architecture” where he was expected to outline specific responses to the
troubling trends found in the company’s year-end report.

“E-mail security must remain a high priority for every business in 2003.
Email has become a gateway for billions of business transactions per year,
yet most companies continue to leave their servers wide open to unknown
threats,” Sunner said in a statement, again warning that the sophistication
of attacks from virus writers and spammers means “proactive protection is
more crucial now than ever before.”

MessageLabs, which boasts a client roster that includes Bank of New York,
Fujitsu, Conde Nast and the British Government, said blended threats and
trojans like the Klez worm are on the rise. The company said its
filtering technology intercepted about five million copies of the Klez virus
in 2002.

“Blended threats” are used to describe the combination of spam e-mails
bearing malicious virus. MessageLabs said it also found a rise in Trojans
aimed at specific companies or individuals this year and expect this trend
to carry through next year.

“The virus-to-email ratio has grown worse during 2002, chiefly because a
vast number of home users and small businesses do not keep their security up
to date. Popular virus characteristics of the past year included spoofing
the sender’s e-mail address and deleting locally installed desktop AV
software,” MessageLabs warned.

In addition to the virile Klez virus, which first appeared and created
havoc in April, MessageLabs said it trapped more than 237 new viruses in
2002 and expects this number to rise next year. “The Yaha virus was the
second most prolific virus with close to two million copies intercepted
since June,” the company said, noting that the recent BugBear outbreak has
also garnered significant numbers – over 800,000 since
September.

In addition to viruses and spam, which continue to hit e-mail inboxes
worldwide, MessageLabs warned that the Nigerian e-mail scam, which lures
naive individuals into “get-rich-quick” schemes has showed no sign of
abating.

Recently, Americans in particular seem to be falling victim to the scam.
A recent report by the U.K.’s National Criminal Intelligence Service stated
that up to five Americans per day have been witnessed waiting in London
hotel lobbies to meet people connected with the scam,” the company said,
warning that if this trend
continues, the Nigerian scam operations is projected to gross over two
billion dollars in 2003.

Lately, MessageLabs said the “FriendGreeting” malicious spam, which
features an applet that’s used to trick users into downloading mass-mailing
software, was high among the list of intercepted mail. “(We)intercepted
over 70,000 copies to date, and expects to see not only additional greeting
card scams in 2003, but stronger and smarter tricks as well,” it warned.

The company predicted that software installed on end-user machines
will send spam not only to people in the victim’s address book, but also to
any e-mail addresses the software can find in the Internet Explorer browser
cache, again in a manner similar to techniques deployed by virus
writers.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web