'Dark Traffic' Zaps 83 Percent Of E-mail Resources

The amount of valid e-mail as a percentage of all incoming traffic has declined sharply since the beginning of the year, a messaging security vendor reported Tuesday, due to a tripling of directory harvest attacks by spammers after addresses.

Illegitimate traffic, dubbed 'dark traffic' by Tumbleweed Communications is a nod to astronomy's 'dark matter.' It is comprised of directory harvest attacks (DHAs), denial-of-service attacks, malformed SMTP packets, and invalid recipient addresses, which now account for 83 percent of all incoming bits. That's up from 64 percent in the previous reporting period, 2005's first quarter.

DHAs are brute force attempts by spammers to find valid e-mail addresses; the spammer connects to business's email server and guesses addresses until he gets some right. Those addresses are then harvested for use in later spam campaigns.

'In our first Dark Traffic Report, we were genuinely surprised at the amount of hidden traffic flowing into the enterprise,' said John Thielens, chief technology officer of Tumbleweed, in a statement. 'We were again surprised to see such large jumps in directory harvest attacks and denial of service attacks.'
DHAs grew by 170 percent since the first quarter, added Thielens, and denial-of-service attacks leapt 300 percent.

According to Tumbleweed's data, DHAs now account for 27 percent of all incoming e-mail traffic, while messages to invalid recipients--the vast bulk of which is due to spamming--account for 43 percent of incoming traffic.

"Enterprises are spending far too much on e-mail infrastructure to handle the 80-plus percent of useless traffic that could be stopped at the network perimeter," said Thielens.

Directory harvest attacks pose a serious threat to network security, Tumbleweed's report noted, since over 40 percent of surveyed enterprises use an employee's e-mail address as his or her log-in user name.

Most passwords can be broken in minutes by dictionary attacks, " the report said. "Once a username is obtained, the hard part is over for the hacker, because poorly chosen passwords are the most common weak link in the security chain. Weak passwords chosen by employees are generally very easy for software to crack in a brute force attack."

The full Dark Traffic report can be downloaded from the Tumbleweed site as a PDF file.

Beware Post-Holiday Phishing

Fraudsters will be busy in the post-holiday weeks, a security firm warned Thursday, and consumers should be especially watchful for bogus 'get out of debt' phishing pitches.

'Every year during the holidays, a high percentage of consumers find themselves spending a little more than anticipated, and then begin to panic,' said Jordan Ritter, chief technology officer of Cloudmark, in a statement. 'A phishing offer posing as your bank and offering to consolidate your credit card debt under one easy, low-rate card might be especially tempting now.'

Cloudmark offers a free anti-phishing toolbar for Microsoft's Internet Explorer that warns users who visit potential phishing Web sites; the toolbar can be downloaded here.

Other anti-phishing resources include the Federal Trade Commission's OnGuardOnline Web site, and an anti-phishing toolbar from U.K.-based Netcraft that works with Mozilla Corp.'s Firefox browser. "

Phishing Attacks Evolved Steadily Throughout 2005 Security:

Phishing attacks are continually evolving, as fraudsters develop new strategies and quickly refine them in an effort to stay a step ahead of banking customers and the security community. Here are some of the phishing trends and innovations we noted in 2005:

Open redirects became a favorite method for phishing attacks to "borrow" the URL and credibility of a trusted web site. Redirects are common on large web sites, where server side scripts are employed to redirect users to different parts of the site. "