Spam gatecrashes the party

One new technique for getting spam past anti-spam filters he calls "random serialization" and simply involves adding a random number within the body of every spam message sent out. If an anti-spam engine is using checksum, looking for a specific message, it will fail to block messages that differ even only with the insertion of a single random number.

A more sophisticated serialization technique he calls "dictionary serialization" requires a text, such as Tolkein's popular The Lord of the Rings trilogy. The spam program inserts a random 50-word quotation from the book in each message. Spam engines such as the open source spamassassin which use key words to identify spam may be confused by the inclusion of words the end-user likes to see such as "magic" or "Tolkein" and may ignore other words that indicate the message is spam.

At its simplest, serialization simply requires the insertion of a time stamp (which can be falsified). The time stamp insures that few spam messages are identical, byte for byte.

Roy says some spammers simply use unusual MIME formats, such as base64, which some anti-spam programs cannot scan but which Microsoft Outlook and other mail clients can decode.

At present, few spammers are using the two most powerful weapons in the spammer's toolkit, graphic spam and viral spam. Viral spam uses Windows Messenger or other OS vulnerabilities to bypass mail-based filters and send popup spam directly to users' desktops. Graphic spam simply involves attaching an image file of the spam. Since there is no text, no text-based anti-spam engine can stop graphic spam. Instead, the method seems to be rarely used only because it involves large files which are inconvenient to spammers.

Roy is confident in the face of new threats. "Working with ISPs pays off. Our system uses humans, and humans can adapt to new situations," he enthuses.

Pricing and availability
Pricing varies depending on the options ordered, but starts at $6,495 for a package covering 1,000 mailboxes on one server (packages for up to 20,000 mailboxes are available). The Norman Data Defense anti-virus engine is included (an extra fee is charged to users who select McAfee anti-virus instead). Optional additions include remote installation and POP3 migration service. The package comes with one year of updates and anti-spam Sieve script definitions.

A high-end edition of the software, installed on Stratus Fault Tolerant Servers (ftServers) is also available, but pricing was not disclosed.

In early February, the company will release ModusGate 2.0, which provides the Sieve, anti-spam, and blocking features of ModusMail but allows ISPs to use their existing mail server.

Later this year, the company will also release an updated version of VOP Anti-Spam Gate, supplying just the anti-spam features, for companies that already have a mail server and anti-virus system they like but do not yet have an efficient anti-spam product.

—End

< Back to page one