Small to mid-sized Canadian businesses (SMBs) operating their own e-mail servers could be defenseless against a trojan that has infected more than five million machines so far. Detected last Thursday, the virus – referred to as Zipped Trojan or Storm Trojan – is said to be causing the largest spam run that corporate and individual computer users have experienced in a year.
The virus infiltrates computers in the form of password-protected zip files that purport to be warnings from a legitimate anti-malware program, according to Symantec Corp. Researchers at the Mountain View, Calif-based security software company said the trojan turns a victim’s computer into a spam relay machine, and also has the ability to download malicious modules.
Canadian SMBs that lack an effective e-mail filtering system could be highly vulnerable to the attack, according to LinuxMagic Inc., a developer of Web-security products headquartered in Surrey, B.C.
“These types of attacks could have a severe impact on Canadian SMBs that operate their own e-mail servers,” said Michael Peddemors, president and CEO, LinuxMagic. The estimated one million SMBs in Canada account for 95 per cent of companies in this country.
These outfits are far more vulnerable to security attacks than bigger companies, industry observers say.
While enterprises have the resources to deploy the latest e-mail security products, budget constraints often prevent SMBs from implementing tougher anti-spam systems, said Peddemors.
That’s a view shared by Zulfikar Ramzan, senior principal researcher with Symantec’s Advanced Threat Research Group.
“E-mail has become the most popular means for spreading malware and organizations without a filtering system are particularly vulnerable,” he said.
While Zipped Trojan or Storm Trojan is a variant of an older Trojan.Peacomm virus, Ramzan said the current breed of attacks employ “a different ruse.”
The trojan is transmitted as an e-mail message with a subject head such as: Spyware Alert!; Spyware Detected!; Trojan Alert!; Virus Detected!; or Worm Activity Detected! The attachments are generally a .gif image file with a zip password. The virus latches on to a user’s machine when the message is opened.
Observers suggest various ways SMBs can minimize or control security threats and spam. E-mail server outsourcing is one option that’s gaining some traction in the SMB arena, according to Peddemors.
He said outsourcing allows SMBs to save on security costs, but at the same time provides the benefits of up-to-date anti-spam technology.
“The estimated annual cost of running an in-house server is about $500 per employee, while outsourced solutions range from $6 to $120 per employee, per year,” the LinuxMagic chief executive said.
He said moving to an outsourced model also frees up the SMB’s limited IT personnel to concentrate on business-oriented tasks that generate revenue growth.
A recent survey by Nucleus Research Inc. in Wellesley, Mass. indicates that two out of three e-mails received in American workplaces are spam.
The research firm estimates the distractions unsolicited marketing e-mail causes can balloon to an average US$712 per worker, per year.
Traditional virus attacks meant to bring down services and create annoyance have decreased, but targeted assaults for monetary gain are on the rise, according to Natalie Lambert, senior analyst, Forrester Research Inc.
“Increasingly, hackers are creating viruses to phish for information that can be sold, or gain control of a network to steal money,” said Lambert.
She cited a recent incident where hackers were able to break into the network of a Brazilian bank and divert more than US$4 million. “Protection doesn’t just mean anti-virus. Today, it goes beyond that.”
Lambert advises companies to deploy “multi-layered security technologies” that protect at the desktop level as well as provided network protection such as reputation-based filtering products.
These applications screen incoming e-mails to determine their source. If a questionable domain name is detected, the message is either booted out or quarantined.
Another observer suggests that keeping employees informed is an important part of the solution.
Organizations must provide staff with quick and easy access to malware information, said John Cash, a security sales representative at Bell Canada Enterprise (BCE) Inc.
For instance, Cash said, firms must be quick to send out company-wide e-mails warning workers about potential threats.
“Dashboards or Web pages” that allow employees to validate e-mail messages they receive are also useful, he added.
“It all boils down to employee education and security awareness.”