Postini See Upward Trend In DHAs On Corporate Email In Augus

Postini See Upward Trend In DHAs On Corporate Email In August

Published 18th September 2006

DHAs jump 30 per cent in August; high-level geographical activity seen in Korea, Brazil and China...

Postini today announced that its August Monthly Message Security & Management Update confirms directory harvest attacks (DHAs) rose by 30 percent over July. The company anticipates these attacks to increase with the end of summer vacation and approaching winter holiday season.

DHAs are brute force attempts by spammers to hijack and steal an enterprise’s entire email directory, which is then used to launch junk email attacks against corporate email servers. In a DHA, an attacker unleashes a program that guesses at possible email addresses within a domain and attempts to send messages to those addresses. The server rejects requests intended for addresses that don't exist. By the process of elimination, the addresses it doesn't reject are deemed valid, and the program can add them to a spammer's databases. The result isn't just more spam. An aggressive DHA can place such intense demands on a server that it mimics a denial of service (DoS) attack and slows legitimate email delivery.

In August, the highest level of DHAs originated from a number of global regions including Seoul, Korea; Sao Paulo, Brazil; Beijing, China; Taipei, Taiwan; Tokyo, Japan; Mittelfranken, Germany; Calgary, Canada; and Herndon, Virginia.

“We have historically seen increased malicious connection activity during the end of summer and approaching winter holiday seasons. This increase may be a signal that hackers are getting an early start trying to obtain legitimate email addresses in order to launch spam, phishing and virus attacks,” said Scott Petry, founder, chief technical officer and executive vice president of product development at Postini. “With our patented Sender Behavior Analysis technology, which protects email based on the observed behaviour of source IPs, Postini can thwart directory harvest, denial of service and other debilitating attacks that may be launched, before they ever reach corporate networks, thereby safeguarding the 36,000 businesses and ten million end users using our services.”

Postini also noted a continued increase in encrypted email traffic for August, processing nearly 400 million encrypted messages.

Postini’s PREEMPT™ technology blocked 23 million inbound viruses for August, 0.45 percent of all email scanned for the month. Postini also blocked seven billion spam messages, an average of 78 percent of all email scanned for the month.

The top five viruses for August were:

Virus Name Quantity Blocked

Netsky 4,153,496
Bagle 3,192,394
Mytob 3,048,734
Mime 2,441,628
Mydoom 1,582,680