Directory Harvesters Pounded Enterprises in February

Two companies say February saw a small dip in the total amount of virus-infected e-mail traversing networks, but one notes that spammers using directory harvesting attacks blitzed its customers with 4.2 billion invalid delivery attempts.

By Michael Hall | Posted Mar 1, 2005
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Two companies reported that even though February was a slightly better month for virus-infected e-mail, enterprise mail servers were hammered harder by spammers using brute-force techniques to gather addresses.

Postini, an e-mail security and management company, reported that February was "the worst month ever" for directory harvest attacks (DHAs). Directory harvest attacks generally involve a simple process of elimination: Spammers blitz a mail server with e-mail addressed to a variety of likely addresses drawn from a dictionary of names. Messages that aren't bounced as addressed to non-existent users are assumed to have been sent to good addresses, which are kept for further use.

Defending against DHAs has its share of difficulties. Mail addresses based on names are a natural choice for companies since they're easier for users to remember than obfuscated addresses, so abandoning predictable addressing scheme entails some inconvenience.

In general, software aimed at thwarting DHAs focuses on examining the ratio of deliverable to undeliverable mail from a given domain or address and blocking further messages if the sender has too low a ratio of non-deliverable to deliverable mail.

The cost incurred by weathering a DHA attack can be fairly high, though. According to Andrew Lockart, Postini's director for marketing, the company's average customer "was attacked 224 times per day, with each attack comprising 166 invalid message delivery attempts," for a total of 37,184 invalid delivery attempts per day. According to the company, its customers dealt with "25 million DHAs that attempted 4.2 billion invalid delivery attempts" during all of February.

The outlook was slightly brighter on the virus front. Postini and anti-virus vendor Sophos both agreed that virus-infected e-mails dipped in frequency over the month of February. Postini reported a drop from 0.9 percent to 0.7 percent, which Sophos claimed a drop from 4.3 percent to 3.5 percent.

Overall, the proportion of legitimate to viral or unsolicited mail is still low: Postini reported that of the 14.8 billion messages it processed in February, unwanted email represented 88 percent of the total.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter