• United States

SurfControl turns a trick on phishers

Oct 04, 20043 mins
MalwareMessaging AppsNetworking

In response to the growing threat that phishing poses to e-mail users, SurfControl plans to upgrade its e-mail filter to catch these attacks, and flag more spam and other abuses.

In response to the growing threat that phishing poses to e-mail users, SurfControl plans to upgrade its e-mail filter to catch these attacks, and flag more spam and other abuses.

SurfControl’s E-mail Filter 5.0, slated for release next week, has been designed to trap phishing attacks, in which e-mail users receive messages that appear to come from a bank or retailer asking them to divulge personal or financial information and end up victims of identity theft.

E-mail Filter, which can be installed at an organization’s mail server or gateway, has been upgraded to include the company’s URL Category Database. This database lists known phishing sites and sites that disseminate spyware and other malicious code, says Paris Trudeau, SurfControl’s senior product marketing manager.

By including this database, which also is part of SurfControl’s Web filter product, the upgraded e-mail filter can scan incoming messages for these URLs and delete them or store them in a quarantine folder, depending on how an organization configures the filter, Trudeau says.

SurfControl’s threat command centers find these malicious Web sites by searching for URLs embedded in messages that land in its network of honeypot e-mail accounts – phony accounts set up to attract unwanted e-mail – and by using artificial intelligence. Whenever such URLs are found, SurfControl pushes software updates to its customers so the e-mail filter can trap messages that include these links, Trudeau adds.

In addition to Version 5.0’s ability to scan incoming e-mail in a variety of foreign languages, one beta tester says he is impressed with the filter’s protection from denial-of-service (DoS) attacks. Version 5.0 lets users set limits for maximum number of connections coming from the same IP address in a certain time frame, for example.

“Although we use the [real-time black hole list] option, the transient nature of the beast means that we still see mass mailing attempts from time to time,” says Ed Concannon, network analyst with Computer Sales International, a technology leasing company. “The [DoS] option will let us block an address for a pre-determined amount of time, which means less administration on my part.”

Version 5.0 also features enhancements to the company’s spam-detection tools. These include digital fingerprints that classify spam into 17 categories, making incoming unwanted messages easier to identify; heuristics that look for telltale signs of spam in a message’s content; LexiRules, which use advanced Boolean techniques to develop spam-catching rules; and an update to the company’s neural network technique that weeds out spam related to gambling and adult content.

E-mail Filter 5.0 ranges in price depending on the size of an organization; a company with 500 users would pay $19 per user. The Anti-Spam Agent and URL Category List are sold as a combined optional plug-in, which is free for the first year and costs $9.50 per user, per year, starting the second year.

SurfControl competes with anti-spam filter makers such as Symantec and MailFrontier, and with e-mail security appliance vendors including IronPort Systems and CipherTrust.

This week SurfControl also plans to release an e-mail gateway appliance called RiskFilter, a mail transfer agent that filters spam, viruses and other security threats.

RiskFilter is priced starting at $26,000 for up to 2,000 users and $49,000 for up to 5,000 users, plus an annual subscription fee of 50% of the initial charge.