Stopping Spam Dead In Its Tracks
Curtis Moroney, systems administrator at Mississippi-based Britton & Koontz Bank, had been dealing with spam-related issues for almost ten years and had seen the problem get progressively worse. Then he decided to install e-mail security software, and stopped the problem in its tracks.
The bank reported that from October 28 - November 26, 2006, the software averaged an accuracy rate of greater than 99.999 percent in blocking spam messages. The software analyzed almost 7.16 million e-mails sent to Britton & Koontz addresses, an average of more than 238,600 every day.
The software employs probabilistic reasoning to block spam messages before they reach end-users' inboxes. The system is a hybrid artificial intelligence solution, which learns to recognize key patterns throughout an organization's e-mail flow, providing inbound threat protection, as well as outbound content policy management, without human intervention or updating of policies.
"The software is so easy to operate, that many days I do nothing but look at the report that it generates," says Moroney. "Its artificial intelligence engine automatically detects and learns patterns that we might otherwise miss. In addition, it is able to quickly learn and identify new spam patterns within seconds to recognize and trap future messages with the same pattern."
Moroney noted that the flow of incoming spam now dwarfs the number of legitimate incoming e-mails on a daily basis, saying that on an average business day, only one-half of one percent of e-mails are actually intended for Britton & Koontz's employees. Indeed, many firewall and antivirus software packages donâ€™t protect computers from spyware, which can be automatically downloaded when users open or view spam.
Spyware collects personal and confidential information about a person or organization without their proper knowledge or informed consent, and reports it to a third party. Users may unwittingly install spyware without understanding the full ramifications of their actions.
A user may be required to accept an End User Licensing Agreement (EULA), which often doesnâ€™t clearly inform the user about the extent or manner in which information is collected. In such cases, the software is installed without the user's informed consent.
Spyware increases the risk to financial institutions by exploiting security vulnerabilities or settings, changing the computer configuration to relax security settings, or allowing a channel into the institution's systems by circumventing the firewall. The result is that attackers can eavesdrop and intercept sensitive communications by monitoring keystrokes, e-mail and Internet communications. This monitoring may lead to the compromise of sensitive information, including user IDs and passwords.
It can also providing attackers the ability to control corporate computers to send spam or malicious software, or to perform denial of service attacks against other organizations. It compromises the institution's ability to conduct business by disrupting Internet connections as a result of the improper removal of spyware and increases the incidence of spam to corporate e-mail accounts.
It increases vulnerability to â€œphishingâ€ and â€œpharmingâ€ attacks. Phishing seeks to lure a user to a spoofed Web site using an e-mail that appears to come from a legitimate site. Pharming seeks to redirect a user to a spoofed Web site by introducing false data into a legitimate domain name server (DNS). The spoofed Web sites are set up to collect private customer information, such as account user IDs and passwords. In addition, objectionable or inappropriate information received by the customer from redirected Web sites can ultimately damage the financial institution's reputation.
The Federal Deposit Insurance Corp. recommends several actions institutions can take to mitigate the risks associated with spam and spyware:
- Restrict users from downloading software, especially software not previously approved by the institution. This prevents users from unwittingly downloading spyware.
- Maintain software patches. Several spyware programs take advantage of reported vulnerabilities that, if patched, would limit the spyware's effectiveness.
- Install and maintain current versions of anti-virus and anti-spyware programs.
- Implement tools to scan e-mail for spam and either block the e-mail or designate it as spam. E-mail scanning can limit the likelihood that users could unknowingly infect their computers by viewing or reading e-mail that contains spyware.
- Analyze firewall logs to determine whether a significant number of customers are connecting to Internet banking Web sites using the same Internet address. If research determines that the Internet address belongs to a service that intercepts Internet communications, consider blocking access to the Internet banking site from that address.
- Install and configure firewalls to monitor both inbound and outbound traffic. If possible, block outbound ports that are not necessary for business functions. Financial institutions should assess the need for employee access to instant messaging as well as peer-to-peer services, and prevent access when a legitimate business need is not present.