Feeds

Spam fuels boom in secure content market

But watch out for false positives

  • alert
  • submit to reddit

High performance access to file storage

Junk mail is an increasing problem but the search for an effective cure remains fraught with difficulties.

That's the message we take from a slew of recent surveys on the subject.

Market watcher IDC predicts that anti-spam products will be a key driver for the secure content management (SCM) software market which it expects to grow by 19 per cent a year to reach $6.4 billion in 2007.

"Virus infection is still the main concern regarding corporate security, but other factors, such as spam and regulatory compliance, are increasingly driving the adoption of secure content management technologies," said Brian Burke, research manager for IDC's Security Products service. "Anti-spam will continue to be an important adoption driver in the messaging security market. However, IDC believes it will become a feature of messaging security and not a distinct market."

ISC notes that spam is no longer just a nuisance but quickly becoming a potential legal liability and productivity drain for corporate IT departments and users alike. Spam is also another conduit for unknown viral applications into the corporation, for links to pornographic or objectionable Web sites, and for leaks of sensitive company information. For these reasons spam not only place strain on corporate bandwidth and storage, it creates legal pitfalls too.

Message security, which includes anti-spam products, is the smallest segment of the secure content management software market, but will grow the fastest over the forecast period of 2003-2007, increasing from $236 million in 2002 to $1.1 billion in 2007. IDC predicts Web filtering to be the second-fastest-growing segment of the secure management software market, increasing to $893 million in 2007. The largest segment of this market, anti-virus software, will grow the slowest over the forecast period, reaching $4.4 billion in 2007.

IDC looks at the market in more detail in its recently published Worldwide Secure Content Management Forecast Update and Competitive Vendor Shares report.

Annoying spam false positives

One of the main weapons in the fight against spam is filtering tools. However, the possibility exists that legitimate email will not make it through spam filters thanks to spam false positives.

A report this week from Ferris Research suggested that false positives are costing American businesses $3.5 billion this year. This figures comes from an estimate of the time spent chasing up emails, which have been mistakenly filtered out, or rooting through junk mail folders to find legitimate emails.

These figures seem way too high to us. After all, people normally follow up important email messages with a phone call anyway. Meanwhile, Ferris estimates that spam will cost US businesses over $10 billion in 2003 (again, too high, we feel) so it is calling out for a more intelligent approach to the application of spam filtering technology.

Separately, the Radicati Group recently estimated that most filtering software has a false positive rate of between one and ten per cent, a figure closer in line with our own experience of using anti-spam packages. Hopefully with developments in Bayesian filtering techniques this figure will be greatly reduced.

False negatives pose a problem too...
Meanwhile, a study by censorware outfit SurfControl highlights some of the techniques spammers are adopting to avoid detection. Some of the techniques are fairly well known but bear a recap considering they still often evade detection mechanisms.

The techniques incorporate multiple, sophisticated software tricks buried in HTML code to confuse and avoid detection by traditional content filtering mechanisms, such as dictionaries and statistical analysis. HTML-based spam now accounts for 95 per cent of all spam, and 99 per cent of adult spam now identified and analysed by SurfControl.

These techniques include:

  • Hidden Agenda - Most commonly used in porn spam, this technique attempts to fool filters by tricks within the HTML source code of the message. Spammers use ASCII control code to represent letters, random words or phrases, as well as white text on a white background in HTML, within HTML comments or in bogus HTML tags, all invisible to an email recipient. The result of these techniques is to split spam words that make them unreadable by dictionary-based scanning tools.
  • Treacherous Tracks - This technique allows spammers to use their Web servers to break down a URL directory structure and add code that can verify a user's e-mail address, track them online and redirect an email user automatically to a specific Web page.
  • Dodgy Domains - An increasingly common technique used in HTML-based spam, this subterfuge allows spammers to redirect unsuspecting email recipients to unexpected Web sites, typically using an @ sign in url addresses to confuse people about the domain they are really visiting. This technique is often used in "brand spoofing" spam.
  • Random Ramblings - This common technique used by less sophisticated spammers involves inserting long random words or characters in a subject line or body of a message. It is designed to skew statistical filtering.
  • Counterfeit Characters - A technique that uses numbers or accented characters to replace standard characters to fool filtering dictionaries unless these include spelling variables. V1agra or M0RTG4GE are two common examples of this trick.
  • Elusive Illusions - A technique used by spammers to hide or disguise the format and content of an e-mail to avoid dictionary scanners and statistical filters. Spam content can be hidden within JavaScript or frames.

SurfControl said that over the past six months research indicates these frequently used spam techniques have become commonly used by the most threatening and offensive spammers: pornographers and those engaged in 'brand spoofing' in order to steal personal information. The techniques (often used in combination within a single message) capitalise on the naïveté of e-mail users and pose significant legal, security, network and productivity risks for businesses, it adds.

"These deceptive tactics are making it easier than ever for spammers to prosper and harder than ever for technology companies and law enforcement officials to identify and stop them," said Susan Larson, SurfControl's VP for Global Content Operations. "In addition, spammers are using offshore Web hosting services that make them very hard to track and email harvesting services that make it simple to target more people than ever before." ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.