Service providers warned over hybrid attacks
Users are at risk of hybrid attacks if service providers rely solely on anti-virus solutions.
Cloudmark has warned service providers that they should not ignore sophisticated virus propagation techniques as attackers are employing hybrid attacks that combine elements of both spam and virus. In these attacks, malware authors embed links in informative or advertising e-mails and the recipient is enticed to follow these links to a website that hosts the malware, which could be a virus, worm or Trojan.
The company claims that these threats evade filters as they do not follow the recurrent, mass email tactics commonly used by spam and they bypass anti-virus solutions as they appear as spam or phishing messages.
Neil Cook, head of technology services at Cloudmark, said: “Companies that fail to address the problem of outdated anti-virus solutions are inadvertently enabling the spread of spambots and botnets. Attackers are now merging fraudulent techniques and using next-generation approaches to reach their targets, such as hosting a virus on a website rather than distributing it as an e-mail attachment.
“Unfortunately, operators often are employing outdated AV and anti-spam technologies to protect their subscribers. As the virus, phishing and spam industries merge into a single economy, the only truly effective messaging security solution is one capable of combating existing and future threats simultaneously.
“Operators who fail to take the same holistic approach to their IT security and filtering processes that spammers, hackers and malware writers are taking to their attacks are doing a significant disservice to their customers.”