As you probably know, I work for an email security company. I recently got added to the security update email list and now am hearing about all the scary things out there on the inter-web. Gory, detailed information about these new sorts of threats. Not that this is a big surprise. Years ago, in my past life as a email administrator, I built a Snort box.
My Snort was listening to all the traffic going in and out of my old company. It was amazing the quantity and consistency of ping, hits and attempts to access our network by nefarious entities. I developed a special love for our firewall.
Now, however, those nefarious entities are more clever. Since they can't get in due to firewalls, they are coming in via the web. Sites get compromised - My Space is a prime example. The html gets hijacked and, if you go to that site, even if you're behind a firewall, you are hosed. Some of these attacks are flash based and you don't even have the options of saying, "Don't Install". Mind boggling. My company is buliding a device to scan web traffic that is used at the office. So I feel safe to surf the web at work, of course HR isn't happy to hear that. At home I've very careful about the websites I go to and now, as I'm starting to be wary of email.
Email has become a tool of the nefarious entities, as they send out innocent looking emails that direct you to malicious websites. Which wouldn't be too bad, but with the addition of flash based malware/spyware, I'm afraid to open email from unknown sources. If the email itself has html that is pulled from a website and arrives loaded with malware code, I could be taken down just by opening a message.
My personal email is hosted by an ISP that doesn't run a quality spam filter. And I suspect they don't run a sophisticated email/malware filter that would protect me from these blended threats. This week I got 2 emails from names I don't recognize into my inbox. As I'm starting to live with a bit of fear, I saw an email from a Kevin. I stared it down and then realized that Kevin was a friend of Adam and was replying-all to Adam's email from yesterday.
Evil nefarious entities are making me scared to read email. Evil, evil, evil.
Here's what I'm talking about:
http://news.bbc.co.uk/1/hi/technology/7118452.stm
Criminal poisoned search results using thousands of domains set up to convince search index software they were serious sources of information. Unsuspecting web surfers innocently surfed to sites that infected their computers.
Thursday, November 29, 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment