Few Surprises in Store for Security Pros

The coming year will hold few surprises for security professionals. More viruses, more hack-attacks and increasing threats to instant messaging systems (IM) will be the norm; just as it was in 2005.

“Our outlook for next year is exactly that: No surprises,” said Andrew Lochart, Postini’s senior director of Worldwide Marketing.

According to messaging management vendor Postini’s annual Message Management and Threat Report 2006 will bring:

Accelerated threats as spammers and hackers exploit multiple vectors of attack, including IM, VoIP and mobile devices.

Expanded use of images as a substitute for text to circumvent older spam filters.

Expanded data retention and archiving activity for email and IM in response to governance policies and regulations.

A marked increase in the use of message encryption technologies.

A federation or interoperability of public IM networks that will permit worms to propagate faster and more widely, causing more damage to unprotected networks.

The biggest concern in ’06 should be IM, he said. With federation joining IM networks such as MSN and AOL continuing, the potential number of victims on one attack increases dramatically. Yet, many corporate messaging managers are still in the dark when it comes to IM security.

“That’s what we’re working against here is that IM is something that teenagers use to chat with their friends,” said Lochart. “I think we’re going to eventually get (a major attack) coming over IM and that’s going to finally get people moving to put some IM security in place.”

The report points to an increasing complexity and amount of attacks coupled with the deep concern of messaging system and security professionals about the crush of message traffic from email, Instant Messaging (IM), VoIP, SMS text messaging, and other emerging forms of enterprise communications.

The Postini study is based on primary research and statistics from Postini’s global data centers, which currently process an average of one billion messages every day. The report findings are enhanced by a survey of 615 messaging professionals.

The incidence of spam has been continuously high, at between 75-80% during 2005. Virus activity by Sober and others has also dramatically increased, and new vectors of attack, such as IM and mobile email, are complicating the situation.

The reports other key findings include:


While spam levels as a percentage of all email traffic remained consistently high spam as a proportion of all traffic showed a decline toward the end of the year as activity shifted to a higher proportion of virus and phishing activity versus spam.

An analysis of spam messages by type shows that discount drugs and software (28%) and frauds, scams and phishing (27%) are the top spam categories in 2005, with special offers (20%) and pornography (15%) rounding out the top four.

Small companies were sent almost 50 spam emails per day per user in 2005, up from 36 in 2004. That’s four times the number that employees at large companies were sent on average last year (12 in 2005 versus 3 in 2004).

The publishing industry, with over 70 spams per user per day, and advertising, with more than 50, continued to lead all others in the amount of spam in 2005 just as they did the year before; however, healthcare, insurance, banking and utilities each saw multi-fold increases in 2005 over 2004 in this category.


On November 29, 2005, Postini detected and blocked a massive outbreak of the Sober virus. Over a seven-day period, the Sober virus generated a 1500% increase in virus-infected traffic and Postini quarantined more than 218 million Sober-infected messages. Postini ultimately stopped more than 1.2 billion viruses over the next 30 days, making this outbreak the largest virus attack on record.

More than 2.5% of inbound email processed by Postini contained email-borne viruses: Of those customers wit outbound content email filtering, nearly 2% had email-borne viruses blocked that could have infected recipients of their emails.


Postini recorded a record summer season in 2005, as phishing attempts in July reaching their highest levels since the company started tracking for this type of fraudulent email. (This increase may have been due in part to a hacking incident in May involving Credit Services International, in which more than 500,000 credit card processing records were compromised.)


Postini observed a nearly ten-fold increase in encrypted messages in 2005, with 22% of all inbound messages encrypted by the end of the year, and a doubling of the percentage of outbound encrypted TLS connections.

Instant Messaging

According to data sourced from IMLogic’s Threat Center, attacks generated through IM increased by 1700% in 2005. And MSN Messenger was by far the biggest IM network attacked, with 57% of attacks flowing through MSN, versus 34% for AOL, and 9% from Yahoo! Attackers also used “rootkit” technology late in the holiday season in a worm disguised as the “Santa” worm to attack unsuspecting IM users.