Think Spam Has Gone Away? Guess Again.
Osterman has another well-written post up, this time about the enhanced phishing technique referred to as "longline phishing." The term comes from commercial longline fishing, in which "...a main line
of up to several miles in length contains hundreds or thousands of short
lines with hooks, each loaded with their own bait." Email longline phishing tries to accomplish something similar by using high volumes, highly customized messages, and zero-day exploits that bypass existing anti-virus methodologies. As Osterman says:
"The genius behind the longline phishing attack is that a) volumes of any
one message are extremely low, which makes recognition of these attacks
difficult; b) overall volumes of messages received per potential victim
are also low, often not triggering conventional anti-spam or
anti-malware defenses; c) the attacks exploit vulnerabilities for which
no defense is yet available; and d) botnets are used to distribute the
attack across a wide range of sending IP addresses – one such attack,
designed “Letter.htm” by Proofpoint, found in excess of 25,000 unique
senders IPs in use."
Longline phishing is also particularly effective because "the perpetrators will compromise legitimate Web sites to
distribute malware in order to gain higher clickthrough rates from
Now, for you long-time savvy Unified Communications Suite administrators, this comes as no news. (Indeed, see my post from 2009: Email Phishing: Still a Big Problem.) But perhaps it has been a while since you have looked at your anti-spam setup and techniques, so as a reminder, I'll point you to the document, Protecting Against Spammers who Compromise Messaging Server User Accounts, for best practices on combating this issue.
And go read Osterman's entire article, it's worth it.
Bonus: I updated the Unified Communications Suite wiki tag cloud so that if you look under either antispam or spam, you can see at a glance all the related documentation on this topic.