Neil Hammerton knows more about viruses, spam and other e-mail-borne pests than most people. As founder and chief operating officer of E-mail Systems, a UK company that manages e-mail for businesses, he has to be one jump ahead of the hackers. Even so, he occasionally gets caught out.
“This morning I switched on my home PC and there was a Trojan [Horse] on there,” he says. “That is despite having two firewalls on the computer.”
If someone with eight years of experience in network security can fall victim to a Trojan Horse – a malicious program disguised as legitimate software – then lesser mortals might be tempted to throw in the towel.
In fact, that is what Mr Hammerton would like businesses to do: stop trying to manage security themselves and instead outsource the task to a company such as E-mail Systems.
He argues today’s hackers are a lot more sophisticated and networks today are under attack from a greater variety of threats, many of which cannot be detected using the PC-based scanners that businesses traditionally use.
In the early days of the internet, viruses were the principal e-mail borne pest. The industry responded with scanners to detect the “signatures” of known viruses. Thanks to signature-based scanners, the chances of infection by known viruses are relatively small.
But unknown viruses pose a much greater threat, particularly as they are now designed to disseminate rapidly in the short window of opportunity before the signature is detected.
“It may seem that viruses have diminished but instead they are propagating much faster,” says Mr Hammerton.
E-mail Systems uses “heuristic-based” scanners to look for clues that the e-mail may contain an unidentified virus. One clue is an attachment that contains an “executable” file – a program that automatically launches if you click on the icon. Another clue is e-mail sent from an IP address used to send viruses in the past.
The latest weapon in the company’s growing armoury is a “zero hour” filter, which detects if a large number of similar e-mails have been received in a short time – a possible sign of a new virus. These e-mails are not delivered immediately but are held in a queue, thus giving the anti-virus companies time to detect a new virus.
Mr Hammerton grudgingly acknowledges that the virus writers are “pretty clever people” but he has less respect for the writers of spam, a more recent phenomenon and one which is more difficult to stop.
Another recent threat is “dark mail”, in which the hacker sends e-mails to numerous e-mail addresses, most of which are non-existent, in the hope of finding a valid target. These attacks, if undetected, may increase in intensity and clog up the company’s e-mail server, much like denial-of-service (DoS) attacks, which are “very big at the moment”, according to Mr Hammerton.
Classic DoS attacks are relatively easy to stop, he says, but a worrying new phenomenon is distributed DoS which uses multiple IP addresses to “blanket bomb” a target company with unwanted e-mails.
One of E-mail Systems’ customers, a small business with just five users, was recently sent 5m e-mails in one day. Thankfully, the hackers were foiled and none of the e-mails got through.
“Why do they do it? It just does not make sense at all,” laments Mr Hammerton.