Darkmail - the shady new security threat 24 August 2005
Recent reports have revealed the dramatic escalation of a sinister new threat to business IT systems. Known as Darkmail, security company Email Systems says such attacks have risen 400 per cent in the last year. The attacks are known as Darkmail due to the fact that the vast majority of the emails are sent to addresses that don't exist and as such are never seen.
It is suggested that between 65 and 75 per cent of all email traffic is classified as Darkmail, with between 25 and 35 per cent of mail successfully making it to inboxes around the world.
The recent increase of distributed denial of service attacks (DDoS) and directory harvest (DHA) attacks have been blamed on Darkmail.
Darkmail and DDoS
Distributed denial of service attacks work by flooding a computer system or network with so much information that it causes a loss of service to users. This is typically the loss of network connectivity and services, achieved by consuming bandwidth or taking up processing power. Darkmail attacks overwhelm systems with emails causing them to slow down and even stop.
DDoS attacks are difficult to thwart due to the fact the the attacks are 'distributed' over the internet using hijacked virus infected machines to send the information. As there are so many IP addresses sending data security systems find it very hard to block them.
Darkmail and DHA
Directory harvest attacks usually target a specific domain with emails to many millions of combinations of email address at that domain. This doesn't have to be a large ISP or corporation as many domains are selected at random or by mistake. Most Darkmail emails will just bounce back but some will reach legitimate destinations, giving the spammer a live email address.
Small firms are at risk
It may seem that such attacks should only concern large businesses and organisations. However, Email Systems have highlighted the case of a company in the manufacturing sector with fewer than ten employees.
This company was recently targeted with more than ten million emails in a single day, each of which were sent to different email addresses at that domain. It is thought that the explanation for this Directory Harvest attack was that the attacker incorrectly believed the target domain to belong to an ISP.
Defence
With such figures, defence may seem futile. However, there are some methods that can be used to mitigate the effects of Darkmail.
If the target is a single computer, simply changing the IP address can temporarily end the flow of data. Some filtering software can also help. If the attack is unsophisticated, there might be a specific signature to the traffic and so it can be blocked or firewall rules altered.
To find out more about threats to your IT networks take a look at our recent articles on malware and security threats.
