MX Logic Identifies the Most Significant Emerging Email Threats over Next 12 Months

DENVER--(BUSINESS WIRE)--March 17, 2004-- MX Logic, Inc., a leading provider of innovative email defense solutions that ensure email protection and security for enterprises, service providers, government organizations, resellers and their customers, today identified the four most significant email threats that will affect end users and corporate networks in the next 12 months: mass-mailing spam trojans, distributed spam attacks, next-generation mass-mailing email worms, and Wi-Fi spam. These findings are based on research conducted in the MX Logic Threat Center, which is overseen by MX Logic CTO Scott Chasin.

"With more than 35 billion emails expected to be sent daily around the globe by 2005, the email medium is increasingly under attack, as are the methods used to access it," said Chasin. "Spammers and hackers are using more sophisticated and more malicious methods of attacking corporate networks and end-user inboxes, and these emerging email threats represent a new wave of challenges for IT managers and industry as a whole."

The four most significant emerging email threats are:

Mass-mailing spam trojans prey on neglected "always on" broadband PCs, which once infected, provide the worm authors with remote command and control. After hijacking the PC, a spam relay is installed, creating a legion of zombie computers that pump out unwanted email and often initiate Denial of Service (DoS) attacks.

"Given the current propagation rate of these email threats, we expect that in the next year, 30 percent to 50 percent of all spam will be sent by spam relays created by 'zombie' computers that have been infected by viruses and worms," said Chasin.

The SoBig worm, noted to be one of the first variants of spam trojans, first appeared on the Internet in early 2003. MX Logic saw six variants of the SoBig worm. The most recent variant is SoBig.F, which first appeared on Aug. 18, 2003, and, at its peak, infected one in twelve emails. Other spam trojans, such as the "Jeem" worm, have been found in the wild dating back to late 2002.

Most often a result of mass-mailing spam trojans, Distributed Spam Attacks (DSAs), such as the "Jeem" worm, allow spammers to create an invisible layer of hosting and render traditional anti-spam weapons, such as blacklisting, less effective.

Next-generation mass-mailing worms will not necessarily exploit an existing vulnerability in the operating system. Instead, they will use "social engineering" techniques to exploit the behavior of end users by tricking them into executing an attachment. Next-generation mass-mailing worms will harvest addresses from infected hosts, making whitelisting or challenge/response technology less effective and will most likely "consume" the infected hosts' identities and login credentials allowing for propagation through protected email gateways.

Authors of these worm attacks will leverage command and control capabilities through numerous chat and peer-to-peer networks. By leveraging anonymous or overcrowded chat networks, remote commands can be sent to interconnected zombie worms to execute new attack code or provide new spam messages to distribute. Unlike SoBig, which relied on a predefined set of compromised Web sites to download and execute code, next-generation mass-mailing worms will create their own peer-to-peer networks for enhanced communications. The worm author will, in effect, create a mass-mailing network without a centralized authority. In addition, because these worms can be released through peer-to-peer networks, open Wi-Fi access points or other anonymous insertion points, finding the origin of the worm will be more difficult if not impossible.

The Farpoint Group predicts that by 2009, Wi-Fi will be in 50 percent of all residences with a connection to the Internet, up from 12 percent now. According to industry analysts, 55,000 new Wi-Fi hot spots will be installed in the next five years. Wi-Fi provides additional points of entry for spam dispersion that must be secured. The WorldWide WarDrive states that more than 66 percent of the Wi-Fi access points found today by war-drivers globally did not have basic security settings activated.(a)

The potential for exploitation of open Wi-Fi access points continues to grow with the increased deployment of Wi-Fi in the home. Spammers and worm authors can use a laptop, PDA or other commodity hardware to identify Wi-Fi access points, tap into unsecured, unsuspecting wireless networks, send spam, seed worm attacks and then drive away undetected. "It's only a matter of time before 'spam trucks' cruise neighborhoods to anonymously distribute spam or release next-generation worms," Chasin said.

"To effectively fight these future inbox threats, it is critical that we focus on these four areas: accreditation, authentication, accountability and awareness," Chasin added. "Developing a technology standard to authenticate the sender of an email, devising a more sophisticated reputation management technique for separating the good messages from the bad, enacting and enforcing effective anti-spam legislation and increasing end-user awareness will enable us to win the war on spam and other email threats."

* Authentication -- Industry cooperation on devising a standard for Mail Transfer Agent (MTA) authentication, which would help identify spammers, is important. The Internet Engineering Task Force (IETF) will soon begin work on creating a standard for the domain name server (DNS) publication of data which authorizes SMTP senders within a specific domain, making it easier to identify and stop spammers.
* Accreditation -- Anti-spam technology must move beyond current reputation management techniques such as "distributed source IP blacklisting," which catalogs known spammers, to more sophisticated proof-of-work authentication technology that helps sort the good messages from the bad ones. This can be accomplished a number of ways, including attaching a cost on sending email or through paid-for credentials which leverage a central accreditation service.
* Accountability -- Effective and enforceable anti-spam laws are crucial for identifying and stopping spammers.
* Awareness -- End users must be informed about the best ways to protect their email inboxes from spam and other email threats.

MX Logic, Inc., provides innovative email defense solutions that ensure email protection and security for enterprises, service providers, government organizations, and resellers and their customers. Deployed as a managed service or on-premise software, the company's feature-rich solution suite is the industry's most comprehensive, flexible and easy to use.

Founded by messaging industry pioneers, MX Logic has delivered numerous industry firsts to the enterprise spam market, including becoming the first managed service provider to: leverage Bayesian Statistical Classification; provide spam beacon ("Web bug") blocking; offer quarantine management via email; provide corporate-level quarantine release reports that help reduce inappropriate email while decreasing corporate liability; and deliver a solution for tracking URL click-throughs from email to the Web, providing increased corporate control and security.

Through the company's managed service offering, MX Logic processes millions of messages per day for over 1,000 organizations, including EnCana, Hyundai Motor America, Sports Authority, YMCA, Service Master and U.S.I. Holdings Corporation. In addition, MX Logic is the only email defense company to offer both a managed service and a turnkey, carrier-grade software solution for service providers. For more information, visit www.mxlogic.com.