A Zero-Day Spam Attack

Sudden increase in spam that got through the filter over the weekend. Since most spam detection is ‘reactive’, using a database (or signatures) of ‘known spam’, a new spam campaign will likely get through your spam filter for a day or two.

Since those messages were short (pun not intended), a dictionary-based blocking wouldn’t work. Only when the spam databases get updated with the latest attack will the spam be blocked.

So the various users got a bit excitable this morning as they saw a few more spam messages in their email inbox than they usually see.

Although if you use Gmail, you might not have noticed the spam attack. Gmail seems to be very effective in blocking spam. I suspect it’s because there is user involvement via the ‘report spam’ button. There are so many Gmail users that there are a lot of people reporting spam.

I suspect that Gmail proactively removes spam from your inbox. For instance, a zero-day spam attack might get some spam into your regular “in” folder. But as people report messages as spam, I suspect that the Gmail guys actually dynamically remove the spam from your in folder and stick it in the spam folder.

Zero-day spam attacks prevention is much like the risk of a zero-day virus attack. A new virus might get through your virus detection until the anti-virus vendors get things updated. So relying on one layer of protection is not enough.

I suspect that these ‘zero-day’ attacks will become more prevalent in the future as the more organized spam cartels get better at bypassing spam filters.

Leave a Reply

Name and email are required. Your email address will not be published.