A Viagra message has squirmed its way into your inbox. Such sales pitches are the most common form of spam and, as well as being irritating, they have cost companies big bucks in lost productivity. Now this traditional spam is being mixed with viruses and phishing scams, which can compromise a company's confidential data and gobble up countless hours of time.
And there are legal implications for businesses. Given 50 per cent of spam is considered illegal content - such as some pornographic material - it is potentially exposing a company to liability risk, SurfControl Asia-Pacific general manager, Charles Heunemann, said.
The spam problem is also exacerbated by the advent of zombies, which lets spammers hijack computers to stage attacks.
"We are seeing a major increase in the sophistication of attacks on corporate networks," Heunemann said.
The spam threat is undoubtedly amplified by phishing and zombies, while the unsolicited email problem isn't going away. Rather, it's becoming more pernicious, costing businesses millions each year in wasted time and upgraded security systems.
According to researchers at Frost and Sullivan, spam is the number one concern for local enterprise - scoring ahead of viruses, worms, spyware and hack attacks. IDC analysts have moved perceptions of spam from nuisance to major security risk for email users, IT departments and service providers.
Locally, IDC estimated the annual sale of anti-spam products and services would be worth $100 million by 2009, with the fastest growing markets across anti-spam solutions to be managed service and appliance-based offerings. The anti-spam software market provides the greatest total market opportunity, pegged to reach $65 million by that time from a base of $22 million in 2004.
So what's landing in the inbox? SurfControl's Heunemann said the top three spam topics were health and medicine; finance and home business; and products and services such as gift cards and diplomas.
With multiple layers of security threats plaguing enterprise networks, spam accounts for a huge chunk of security incidents. No doubt, the exponential increase in spam during the past year is forcing companies to look to technology providers for high-performance anti-spam solutions.
An evolving beast
Companies need to keep watch - and seek out reseller know-how - given spam is taking a myriad of forms, according to Marshal chief software architect, Peter Hodges.
"The whole spam front is continually mutating, there's a new attack and a new defence," he said. A newer type of spam is the 'stop trading' email, which makes the user aware of the stock info. "This is a hard one to police, because the spammers aren't selling you anything; there are no normal telltale signs of spam."
The problem runs the gamut, he said. "We are dealing with it all: the traditional sales messages, the services, the pornographic sellers, the combination ones, and the phishing and spoofing spam, which try to elicit confidential information out of users. Just think of the Nigerian Bank account scheme, which has been mailed around for ages."
The 'man-in-the-middle' attack, or the phishing scam, acts as a proxy website to gather logon information.
Phishing is characterised by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an official electronic communication such as email or Instant Messaging.
"Now spam is a lot more sophisticated and there is sufficient evidence to suggest it is being funded by organised crime," Hodges said.
CA technology services division architect, Chris Thomas, said the blended threat was the real beast to contend with these days.
"Spam is not just annoying and irritating," he said. "It's now classified as a new security threat as viruses and malware are propagated with spam."