Monday, March 07, 2005

Directory Harvest Attacks Jump In February

By TechWeb News

Directory harvest attacks, brute-force assaults on enterprise e-mails systems by spammers hoping to score valid addresses, were at an all-time high in February, a message security vendor reported this week.

According to Redwood City, Calif.-based messaging filtering firm Postini, DHAs were launched by spammers at a crippling rate.

"February was the worst month ever for DHAs," said Andrew Lochart, the director of product marketing for Postini, in a statement. "In fact, the five worst days ever recorded by Postini were in February."

The average Postini customer, added Lochart, was attacked 224 times per day during the month, with each attack comprising an average of 166 invalid message delivery attempts.

"That total of 37,184 invalid delivery attempts per day could have crippled customer e-mail servers if left unchecked," Lochart said.

In a DHA, a spammer guesses e-mail addresses until he gets some right, then harvests those valid addresses to use in later spam campaigns.

During 2004, Postini's clients were attacked by an average of 150 DHAs per day. February's rate, while not the 300 percent increase of 2004's average over 2003's, was an impressive rise of 50 percent over 2004's monthly average.

"[DHAs] will become more severe, as spammers turn to harvesting because they're finding it harder to locate valid addresses in other ways," said Chris Smith, the marketing director at Postini in an earlier interview.

In other security news, Postini said that spam accounted for 88 percent of February's e-mail, a number unchanged from the previous month, and noted that the Netsky worm took infamous honors as the month's most prominent e-mailed malware, easily beating Bagle by a factor of 2 to 1.

Anti-virus vendors, however, disagreed with Postini's take. Sophos, for example, claimed that Zafi.d was the most commonly-seen virus during February, accounting for 31 percent of the malicious code spotted. Netsky.p, which has remained in the top 5 of most such lists since its debut a year ago, took second on Sophos' list at 22 percent.

Moscow-based Kaspersky Labs followed Sophos' lead by naming Zafi as the most prominent worm of the month (22 percent) with Netsky second (18 percent).