Spam as much of a threat as viruses, says Cisco
By Darien Graham-Smith
Posted on 27 Apr 2010 at 17:01
Unwanted email has traditionally been considered a nuisance, rather than a threat. But according to networking giant Cisco, spam is now a major delivery method for malware.
“Spam is changing,” said Cisco IronPort product manager Swastik Bihani, speaking to PC Pro at the InfoSec expo at Earls Court. “85% of the spam messages we see contain some kind of link, and more and more of those links are leading to malware sites.”
Bihani explained that the universal availability of email makes it a perfect vehicle for attacks. “In any medium you’ll find bad guys trying to exploit the system for their own benefit. But the ubiquity of email gives it an especially good ‘return on investment’ for a criminal.”
According to Cisco’s estimates, the average individual with an email address receives 30 items of spam every day; but Bihani was confident that the dangers could be defeated.
“We believe that email can be fixed. Of course, basic education to end users is important, but for enterprises and smaller companies we also recommend SPF,” he explained, referring to the Sender Policy Framework that allows mail servers to verify the origin of incoming email.
Asked whether SPF would become standard for home users too, Bihani declined to speculate. “In the long run, security companies need to work with the authorities to help them locate the bad guys and cut out the problem at the source. We need to wipe away the threats altogether.”
SPF the answer?
SPF is a good system, but it isn't going to work unless everyone gets on board. I have SPF enabled on my home mail server, but I have to maintain a huge whitelist because so many companies don't use it. To give you an idea, some of the companies in my whitelist are: Samsung, British Airways, Countrywide, Ebay, Eden Project, Eurostar, Facebook, LoveFilm, Cotton Traders, Borders, Photobox, PayPal, SamKnows, Runnymede Council, Canterbury Council, RSPB, Ticketmaster and Webroot. If we can't get companies like these to adopt SPF then it doesn't stand much chance of success.
By jgwilliams on 28 Apr 2010
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software