I have been kept more than busy. Super busy. Recently with the many online exploits that assault us on all fronts.
I wonder how many of you are noticing it yet. Steep uptick in the past two weeks.
First, of course, spam continues to snowball. (A snowball from Hell!) Increasing at a ferocious rate. Since I manage email for a number of friends and customers, I have multiple spam filters in front of my mail because I receive hundreds of spam messages every day (many of them duplicates, of course, to the same account). Having three filters means that almost all spam messages are caught. But the filters are so aggressive that many messages I need to read also are trapped in the spam dragnet. So I have to go thru the spam box several times a day and 1) fish out the legitimate messages; and 2) trash-can the spam.
My defenses include: 1) SpamAssassin running on my mailserver, which catches at least half of the spam so it never reaches my computer, and almost never quarantines a message that I really want; plus 2) Intego Personal Anti-Spam which is more than aggressive and is rule and blacklist-driven; plus 3) SpamSieve, which is a Bayesian filter (looking at word combinations).
For virus-protection on the server side, I have Macafee anti-virus installed (integrated into my Kerio mailserver) – which updates its definitions every few hours, and on my computer I use Intego VirusBarrier, which complements Intego’s spam product.
The other problem that’s on the rise over the past couple of weeks is a malware explosion, including trojans/viruses embedded in attachments. We call ’em poisoned files. I have seen poisoned ZIP, RAR, PDF, DOC and JPG files recently. It has gotten so bad that I no longer open any attached files unless I know exactly what they are and where they came from.
And many of these viruses look like they came from friends – even though their computers seem to be uncompromised. (Viruses used to mail themselves from infected computers, but recently that has not been the attack vector and instead the viruses seem to know how to get a list of your friends from elsewhere and then use that list, plus a legitimate email you have sent in the past, to target only your friends who would be interested in that message. Truly social engineering.
And the most insidious attack vector is the poisoning of files that are legitimately available for download on well-traffic’d web sites. Particularly visible among the Tibet support groups, certain computers have been invaded and trojans and virus-laden versions of PDF and other files that are there for download have been poisoned with viruses. So you go to a perfectly-good web site, download a file you expect to be OK, and suddenly you’ve got a virus. This practice is so widespread that it’s almost impossible to tell 1) how the file got infected; 2) how the server was invaded; and 3) to even know that you shouldn’t download! (I can say more about this later on when we know more about the attack vectors and the results of the malware – this is still pretty new and is evolving rapidly.) I hear from friends that Kaspersky and F-Secure are the best protection against virus-laden downloads – at least for Windows users.