Sunday, October 9, 2011

Symantec SPAM Guessing


According to the Symantec security blog, there s a new tactic of harvesting / guessing email addresses from every domain name. They have programs that run through all possible first names against public domains (basically almost all domains), and check to see if they get a refusal or if they are accepted and delivered. More importantly Symantec is claiming Small Businesses are being specifically targeted for private information, since they are more careless about their information and security protection practices.
Here is what the blog says:
In fact, cybercriminal see SMBs as a prime target. Back in July, we talked about how some types of attacks more frequently target SMBs.  We keep finding examples of why SMBs can’t let down their guard when it comes to security.  Recently, we’ve seen targeted spam attacks become a problem for small businesses.
For example, spammers are increasingly using a traditional technique called a ‘dictionary attacks’ against SMBs.  This trick uses dictionaries of first names and last names combined with a target domain. Spammers generate millions of potentially valid email addresses for a single domain. Spammers might try the following name and/or word variations:

john@companyname.com
jsmith@companyname.com
johnsmith@companyname.com
sales@companyname.com
info@companyname.com

An attack like this can be a problem for a large enterprise – even those with anti-spam technology in place – because the servers are still forced to accept the email connection, even if they are going to reject it because the user doesn’t exist.  But imagine how this can impact an SMB with a server designed for 250 or fewer users.
The entire article can be viewed here.