Feeds

Spam fuels boom in secure content market

But watch out for false positives

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Junk mail is an increasing problem but the search for an effective cure remains fraught with difficulties.

That's the message we take from a slew of recent surveys on the subject.

Market watcher IDC predicts that anti-spam products will be a key driver for the secure content management (SCM) software market which it expects to grow by 19 per cent a year to reach $6.4 billion in 2007.

"Virus infection is still the main concern regarding corporate security, but other factors, such as spam and regulatory compliance, are increasingly driving the adoption of secure content management technologies," said Brian Burke, research manager for IDC's Security Products service. "Anti-spam will continue to be an important adoption driver in the messaging security market. However, IDC believes it will become a feature of messaging security and not a distinct market."

ISC notes that spam is no longer just a nuisance but quickly becoming a potential legal liability and productivity drain for corporate IT departments and users alike. Spam is also another conduit for unknown viral applications into the corporation, for links to pornographic or objectionable Web sites, and for leaks of sensitive company information. For these reasons spam not only place strain on corporate bandwidth and storage, it creates legal pitfalls too.

Message security, which includes anti-spam products, is the smallest segment of the secure content management software market, but will grow the fastest over the forecast period of 2003-2007, increasing from $236 million in 2002 to $1.1 billion in 2007. IDC predicts Web filtering to be the second-fastest-growing segment of the secure management software market, increasing to $893 million in 2007. The largest segment of this market, anti-virus software, will grow the slowest over the forecast period, reaching $4.4 billion in 2007.

IDC looks at the market in more detail in its recently published Worldwide Secure Content Management Forecast Update and Competitive Vendor Shares report.

Annoying spam false positives

One of the main weapons in the fight against spam is filtering tools. However, the possibility exists that legitimate email will not make it through spam filters thanks to spam false positives.

A report this week from Ferris Research suggested that false positives are costing American businesses $3.5 billion this year. This figures comes from an estimate of the time spent chasing up emails, which have been mistakenly filtered out, or rooting through junk mail folders to find legitimate emails.

These figures seem way too high to us. After all, people normally follow up important email messages with a phone call anyway. Meanwhile, Ferris estimates that spam will cost US businesses over $10 billion in 2003 (again, too high, we feel) so it is calling out for a more intelligent approach to the application of spam filtering technology.

Separately, the Radicati Group recently estimated that most filtering software has a false positive rate of between one and ten per cent, a figure closer in line with our own experience of using anti-spam packages. Hopefully with developments in Bayesian filtering techniques this figure will be greatly reduced.

False negatives pose a problem too...
Meanwhile, a study by censorware outfit SurfControl highlights some of the techniques spammers are adopting to avoid detection. Some of the techniques are fairly well known but bear a recap considering they still often evade detection mechanisms.

The techniques incorporate multiple, sophisticated software tricks buried in HTML code to confuse and avoid detection by traditional content filtering mechanisms, such as dictionaries and statistical analysis. HTML-based spam now accounts for 95 per cent of all spam, and 99 per cent of adult spam now identified and analysed by SurfControl.

These techniques include:

  • Hidden Agenda - Most commonly used in porn spam, this technique attempts to fool filters by tricks within the HTML source code of the message. Spammers use ASCII control code to represent letters, random words or phrases, as well as white text on a white background in HTML, within HTML comments or in bogus HTML tags, all invisible to an email recipient. The result of these techniques is to split spam words that make them unreadable by dictionary-based scanning tools.
  • Treacherous Tracks - This technique allows spammers to use their Web servers to break down a URL directory structure and add code that can verify a user's e-mail address, track them online and redirect an email user automatically to a specific Web page.
  • Dodgy Domains - An increasingly common technique used in HTML-based spam, this subterfuge allows spammers to redirect unsuspecting email recipients to unexpected Web sites, typically using an @ sign in url addresses to confuse people about the domain they are really visiting. This technique is often used in "brand spoofing" spam.
  • Random Ramblings - This common technique used by less sophisticated spammers involves inserting long random words or characters in a subject line or body of a message. It is designed to skew statistical filtering.
  • Counterfeit Characters - A technique that uses numbers or accented characters to replace standard characters to fool filtering dictionaries unless these include spelling variables. V1agra or M0RTG4GE are two common examples of this trick.
  • Elusive Illusions - A technique used by spammers to hide or disguise the format and content of an e-mail to avoid dictionary scanners and statistical filters. Spam content can be hidden within JavaScript or frames.

SurfControl said that over the past six months research indicates these frequently used spam techniques have become commonly used by the most threatening and offensive spammers: pornographers and those engaged in 'brand spoofing' in order to steal personal information. The techniques (often used in combination within a single message) capitalise on the naïveté of e-mail users and pose significant legal, security, network and productivity risks for businesses, it adds.

"These deceptive tactics are making it easier than ever for spammers to prosper and harder than ever for technology companies and law enforcement officials to identify and stop them," said Susan Larson, SurfControl's VP for Global Content Operations. "In addition, spammers are using offshore Web hosting services that make them very hard to track and email harvesting services that make it simple to target more people than ever before." ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.