Today I received an email from UPS: my package had arrived! One of the best things about shopping online is that incredible rush we feel when the package arrives. Chemically speaking, the brain is releasing dopamine -- the most addictive substance known to modern science. And my brain was producing it by the bucket load.
Only problem was, I wasn't expecting a package.
This message, like so many before it was spam. A spammer was leveraging that excitement we all feel when a package arrives to get me to ignore the fact that I wasn't actually expecting anything. What could it be? Maybe I'd forgotten some eBay bid I'd made, and now here it was.
While the dopamine is rushing through your brain, warning signals are being ignored. While the heady rush is in full swing, the spammer is hoping you or I are going to click the tracking link to see what package they're talking about.
But I don't click. Lucky for me, I use MailGuard so the message had already been flagged as spam. And, while I still felt the thrill, the warning noises were able to overwhelm it. But let's think about what would happen if the dopamine won out -- as it so often does for most non-IT email users.
What could have happened?
The mother lode in this particular scam is to get a virus onto your computer that joins you to what's known as a "botnet". Essentially, the spammers want to take over enough of your computer to be able to send millions of spam messages to all your friends and colleagues (as well as a million or so people who've you've never heard of). Why? Because if they send from their own computer, they'll get blacklisted. And they'd much rather it was you that got blacklisted. Nice, aren't they?
I can hear you now: But I thought MailGuard stopped viruses?
Sure we do. Since 2001 we've stopped every virus that's come though our filtering technology. But this dopamine-enducing email wasn't itself a virus. Even the website it linked to was also not compromised. The problem didn't even come from the tracking app that the website needed me to install in order to track my mystery package. The problem was that that app then downloaded a virus in the background. MailGuard's two anti virus engines can only look at the email message -- there's nothing to check and therefore nothing to flag.
The decision and action to install the virus was going to be totally on my shoulders. I was going to follow that link. I was going to install the tracking software just to satisfy my curiosity. And sometime soon, I was going to send millions of spam emails to the world.
But of course that didn't happen. I understand that because the actual virus was several layers deeper than the original email message -- and required my own intervention to turn malicious, it wasn't going to be email filtering that protected me. Instead, I needed web protection. I needed something that could inspect the website I went to, that could inspect the tracking software I downloaded, and could stop the virus it downloaded -- all before it hit my desktop.
Problems with desktop AV
My desktop AV may have blocked the virus. After all, that's why I have it installed. But the problem with desktop AV is that the person who runs the desktop is responsible for maintaining that software. They need to make sure they're up to date with their virus software and definitions. Even as a security expert, I can't tell you the last time I opened my AV to check that the virus definitions are up to date. I'm guessing it will probably tell me if there's a problem. Right? Please? Be back in a minute.
The biggest problem with desktop AV is that in order to find a virus, the virus has to already be on my machine. Desktop AV cannot check anything that is outside it's own lovely beige case. So if my single-line-of-defense has crumbled, I'm gone. On top of that. virus engines can take over 24 hours to get new definitions for new viruses, so even if I'm "up to date" I'm still in trouble. I'm getting blacklisted by the world's anti-spam blacklists, and I'm going to have to make a grovelling apology to my friends. No thank you.
How to protect against this kind of web-borne threat
[pullquote]In 2001 most of the threats came from mail-borne viruses. In 2012, only 0.04% of email contains a virus payload[/pullquote]So I use WebGuard. WebGuard is the natural symbiote to MailGuard in that it protects me from the dangerous content that doesn't come via email. Back in 2001 when we started protecting email, most of the threats came from mail-borne viruses. Spam came later. Well now in 2012, only 0.04% of email contains a virus payload -- most of the activity has moved to the web.
Researchers have shown that a new malicious website appears every 2 to 3 seconds -- and that 75% of them are legitimate websites that have been hacked. Even if it's a site I've been to many times before, I need some level of filtering there to do what I just cannot do as a human: recognise a virus.
(On top of all this, WebGuard is also great for monitoring and reporting on my team's browsing habits and for protecting us from the legal problems associated with people gambling or viewing porn at work!)
You can get a WebGuard trial for 14 days today and get the peace of mind that dopamine won't make a dope of you or your staff!
This post was written by Rick Measham, MailGuard's Director of Product Development. Rick has been helping MailGuard customers avoid falling for tricks scammers and spammers try to play on them since 2005 and takes great delight in foiling their schemes.