Secure gateway email servers key to virus blocking

Gateway email security is key to stopping the spread of virus outbreaks such as Sobig.F, according to analyst group Gartner.

Sobig.F used spoofed email addresses to spread itself from infected computers - and the problem was compounded by a deluge of spam caused by anti-virus systems, which sent an alert notifying the spoofed sender that the message they had supposedly sent was infected.

A second wave of attacks, whereby infected computers attempted to download a Trojan horse from 20 'master servers' set up by the virus writer, was prevented when security experts successfully took them offline.

Arabella Hallawell, analyst at Gartner, said in a First Take that the blending of traditional virus-writing techniques and spam highlights the need for more than just updated desktop anti-virus software.

"This blending of worms and spam indicates that spam - usually seen as a nuisance or legal risk - poses security risks, too. Email from spoofed addresses may not just be unwanted but may have attachments that contain malicious code. In response, enterprises should expand their security capabilities at the SMTP gateway," she said.

Better spam-filtering by internet service providers and improved email authentication are also essential to limit email's ability to be used as a means of spreading spam and viruses, said Hallawell.

"Like spam, worms such as Sobig succeed because email inherently has weak authentication, and users have a permissive attitude toward messages that turn up in their mailboxes. Efforts by ISPs and carriers for more extensive blocking of addresses will help slow the flood of spam and stem email as an easy vector for infection. Eventual standards for better authentication of email will also help," she said.

Gartner also reinforced the need for multiple layers of security to protect the enterprise against virus and hack attacks.

"Protecting against viruses requires more than traditional, regularly updated anti-virus software," said Hallawell.

The analyst group recommends that users check and fix security holes on key servers and applications, examine gateway mail server security so it cannot be hijacked, turn off auto responses to outside recipients when viruses or spam are detected and combine server-based anti-virus with desktop security, including personal firewalls.