9.2 Threat: Viruses and spamUCE


9.2 Threat: Viruses and spam/UCE

Unsuspecting users may inadvertently execute programs they receive in email. These programs can, in turn, infect systems and cause enormous amounts of damage that cost organizations dearly. According to Ferris Research, e-mail-borne viruses account for at least 95% of all attacks reaching the desktop computer. According to Gartner Research, macro viruses account for over 80% of these. The term virus has been used generically, but actually only represents one form of attack. There are actually four forms of viral threat—viruses, Trojan horses, worms, and mobile code. A virus is a piece of code that replicates by attaching itself to other programs or files. When these files are run, the virus is invoked and can further replicate itself. A Trojan horse is a piece of code embedded in a useful program for malicious purposes. A Trojan horse differs from a virus in that it does not try to replicate itself to other programs. A worm is a program that replicates by running copies of itself across a network. A virus can exhibit both virus and worm characteristics, as in the 1999 case of WormExplore.Zip. Mobile code comes in the form of links (URLs) embedded in Web pages and e-mail messages, which execute Java or ActiveX programs that can cause undesired results.

If you look at the most common types of viruses and Trojan horses (logic bombs, bacteria, worms, and macro viruses), you see a very important similarity: They are all applications or programs that need to be run. Because of the nature of messaging, the following realities apply. First, most viruses require the end user to run an application or open an e-mail attachment. Rarely does simply opening a message invoke a virus (this is certainly not far off, however). Second, most viruses are run on the local desktop. Third, e-mail is simply a transport for spreading viruses (as the floppy disk was prior to the global deployment of e-mail systems). We will discuss the viral threat and the methods available to counteract this threat later in the chapter.

Unsolicited Commercial e-mail (UCE), or spam, as it has been affectionately named, is another less destructive, but related, threat to our messaging environments. Most companies that have deployed any sort of spam protection are finding that anywhere from 20% to 50% of inbound mail traffic is spam. For large ISPs like MSN and AOL, that number can even be higher. Microsoft currently sees an average of 40% of inbound mail traffic as spam and filters it at the SMTP gateway. While spam is usually more of a user annoyance and capacity waster (think of the extra capacity that would be available if 20% to 50% of inbound mail were eliminated) than it is destructive, spam is also a productivity reducer. For me, the fewer unwanted or irrelevant e-mails in my inbox, the more productivity gains I see. Spam fills inboxes and Exchange stores and, in the end, increases the cost of running the messaging infrastructure. Overall, if spam traffic goes unchecked, it has great potential to impact the overall service levels of your messaging service as stores are bloated, gateways are swamped, and users are frustrated. We will look at antivirus and antispam measures as part of a total messaging gateway protection strategy later in this chapter.




Mission-Critical Microsoft Exchange 2003. Designing and Building Reliable Exchange Servers
Mission-Critical Microsoft Exchange 2003: Designing and Building Reliable Exchange Servers (HP Technologies)
ISBN: 155558294X
EAN: 2147483647
Year: 2003
Pages: 91
Authors: Jerry Cochran

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net