Think Spam Has Gone Away? Guess Again.
Osterman has another well-written post up, this time about the enhanced phishing technique referred to as "longline phishing." The term comes from commercial longline fishing, in which "...a main line
of up to several miles in length contains hundreds or thousands of short
lines with hooks, each loaded with their own bait." Email longline phishing tries to accomplish something similar by using high volumes, highly customized messages, and zero-day exploits that bypass existing anti-virus methodologies. As Osterman says:
"The genius behind the longline phishing attack is that a) volumes of any one message are extremely low, which makes recognition of these attacks difficult; b) overall volumes of messages received per potential victim are also low, often not triggering conventional anti-spam or anti-malware defenses; c) the attacks exploit vulnerabilities for which no defense is yet available; and d) botnets are used to distribute the attack across a wide range of sending IP addresses – one such attack, designed “Letter.htm” by Proofpoint, found in excess of 25,000 unique senders IPs in use."
Longline phishing is also particularly effective because "the perpetrators will compromise legitimate Web sites to
distribute malware in order to gain higher clickthrough rates from
potential victims."
Now, for you long-time savvy Unified Communications Suite administrators, this comes as no news. (Indeed, see my post from 2009: Email Phishing: Still a Big Problem.) But perhaps it has been a while since you have looked at your anti-spam setup and techniques, so as a reminder, I'll point you to the document, Protecting Against Spammers who Compromise Messaging Server User Accounts, for best practices on combating this issue.
And go read Osterman's entire article, it's worth it.
Bonus: I updated the Unified Communications Suite wiki tag cloud so that if you look under either antispam or spam, you can see at a glance all the related documentation on this topic.