Skip to content

OPLIN 4cast #474: Slipping through the spam filters

Posted in 4cast

spam filterIt’s the middle of winter, so let’s talk about snowshoe attacks. These actually have nothing to do with the weather or dangerous winter footwear – they’re a particular type of spam attack that is not new, but started showing up with increasing frequency a couple of years ago. Much like a snowshoe is designed to stay on top of the snow without crashing through the surface, snowshoe spam is delivered to email servers in such a way that the spam does not break through the limits of the tests the server runs for detecting which email is legitimate and which is spam. The only currently effective method for stopping such spam is to increase the number and variety of tests used by the server.

  • What dangers are lurking in your e-mail? (Secure360)  “When we think of spam, we typically think of one person (or computer) sending out a massive volume of email. Until recently, that method proved to be true, making it easy for spam filtering software to prevent us from seeing much spam. Unfortunately, a new method of spam is taking over inboxes: snowshoe spam. This form of spam is not sent from one computer, but instead thousand of users, each sending messages in low volume. It is easy for filters to block spam coming from one location, but it becomes difficult to keep up with many different hosts.”
  • Snowshoe spam attack comes and goes in a flurry (Cisco Blog | Alex Chiu)  “As you can see from the chart below, we’ve seen the amount of snowshoe spam double since November of 2013. Snowshoe spam can be a challenge for some anti-spam detection techniques because it typically uses multiple IP addresses with very low spam volume per IP address. Depending on how an anti-spam technology works, this can cause severe problems with detection.”
  • Spam continues to thrive thanks to ‘snowshoe’ strategy (CIO | CP Morey)  “Email gateways will give incoming messages a simple “pass / fail” based on a single point in time. Spammers only need to figure out how to outsmart the email gateway once in order to overrun the network with spam. Many organizations use a layered defense comprised of multiple tools from a variety of vendors that check and block spam at different points throughout the network. This is a more effective approach, based on the idea that spam missed by one tool will be blocked by the next.”
  • E-mail spam goes artisanal (Bloomberg Business | Jordan Robertson)  “As artisanal spam becomes a bigger problem, the cyber-security industry is pushing for adoption of new protections that could save our in-boxes. One, called DMARC, is a global registry that lets retailers and other companies register the servers they use to send the kind of mass mailers some people enjoy receiving. Messages purporting to be from those companies but coming from an unregistered address would get flagged.”

Articles from Ohio Web Library: