Skip navigation

Behavioural Profiling of Spammers Thwarts Growing Attempts to Obfuscate Spammer Identities

Basingstoke, UK - April 18, 2007 – Barracuda Networks, Inc., the leading provider of application security appliances, today announced the Predictive Sender Profiling capabilities of the Barracuda Spam Firewall. These capabilities provide industry-leading protection against spammers’ latest attempts to evade traditional reputation analysis. Utilising a network of more than 40,000 customer systems worldwide, Barracuda Networks has the most diverse compilation of email available for profiling the behaviour of spammers. Using this data enables the Barracuda Spam Firewall to more easily determine a sender’s identity when identity obfuscation techniques are used.

“While 2006 marked the beginning of an assault on image spam, 2007 is marking yet another trend through spammer identity obfuscation,” said Stephen Pao, vice president of product management for Barracuda Networks. “Taking an analogy from the financial industry, where reputation analysis is like a FICO score, identity obfuscation, like identity theft, requires profiling against anomalous behaviour.”

“Reputation is a computationally efficient way to profile spam,” said Michael Osterman, president of Osterman Research. “However, we have observed that spoofing, botnets, and other means of hiding behind the reputation of another sender have made this technique less effective than it might otherwise be. As a result, while we believe reputation is very important, other spam prevention techniques that profile sender behaviour will be very important moving forward.”

Predictive Sender Profiling

Modern spam trends require reputation data be augmented with behavioural profiling techniques. For example, by taking control of networks of computers infected with malware (also called “botnets”), spammers can send email from diverse sources throughout the Internet, thus hiding their own identity from traditional reputation checks that profile sender network addresses. By registering new domains or by redirecting to spam Web domains through reputable blogs, free Web site providers, or URL redirection services, spammers have also learned to hide their identity from traditional reputation checks that profile spam Web domains.

When spammers obfuscate their identities, the Barracuda Spam Firewall can profile behaviours of all senders. Examples include:

• Sending too many emails from a single network address. The Barracuda Spam Firewall prevents spamming behaviour from an email server even when it does not have a previously established reputation for doing so.

• Attempting to send to too many invalid recipients. The Barracuda Spam Firewall automatically rejects SMTP connection attempts from email senders that attempt to send to too many invalid recipients, a behaviour indicative of directory harvest or dictionary attacks.

• Sending email blasts on the first day after registering a domain. Barracuda Central maintains domain reputations and automatically adds newly registered domains to Intent Analysis databases.

• Using free Internet services to redirect to known spam domains. Barracuda Spam Firewalls with Multilevel Intent Analysis enabled, automatically follow URL redirections from free Internet services and analyse the reputation of the destination Web sites and their associated DNS configurations.

“As identity obfuscation continues to proliferate, the stand-alone value of reputation data diminishes,” said Pao. “Through Predictive Sender Profiling, we are able to recognize bad sender behaviour and implement a broad variety of countermeasures in real-time. With six of the 12 comprehensive defence layers tuneable through updates delivered by Barracuda Central, our engineers have the broadest set of weapons available to stop the spam. Combining this set of weapons with the industry’s most diverse and active compilation of email, Barracuda Networks can deliver industry-leading spam accuracy even as the spam landscape continues to evolve.”

Barracuda Spam Firewall Reputation Analysis

While the standalone value of reputation data is diminishing, it remains an important baseline for sender profiling. For reputation analysis, the Barracuda Spam Firewall leverages data on both network addresses used to send email and domain names embedded in the Web links of emails gathered by Barracuda Central, an advanced technology operations centre where engineers continually monitor the Internet for trends in spam and virus attacks. Both the IP and reputation data combined, enables Barracuda Networks to implement countermeasures to mitigate those threats.

For network addresses used to send email, Barracuda Spam Firewalls download two lists used in its IP Analysis defence layer – a Block list (“blacklist”) of known spammers and an Allow list (“whitelist”) of known senders with good email practices. With these lists, Barracuda Spam Firewalls can efficiently differentiate those emails to be blocked or allowed with minimal processing. Other network addresses in the “grey area” are left for further analysis through nine subsequent spam and virus defence layers.

Domains embedded in Web links of emails are analysed through the Intent Analysis defence layer of the Barracuda Spam Firewall. Intent Analysis is designed to capture the call to action of a spam email – to click on a Web link, call a phone number, or reply to an email. Even when the network origin of an email cannot be identified, the intent of the email can often reveal the identity of the sender. Barracuda Central maintains the reputation of Internet domains and their associated Domain Name Server (DNS) configuration.

“As a baseline for Predictive Sender Profiling, Barracuda Networks remains committed to delivering state-of-the-art reputation data,” continued Pao. “With email sourced from our spam traps throughout the Internet, as well as submissions from thousands of customer systems worldwide spanning small and medium businesses, enterprises, government institutions, and Internet Service Providers across over 80 countries, Barracuda Central has the world’s most diverse corpus of email on which to base reputation data.”

Pricing and Availability

The Barracuda Spam Firewall Reputation Analysis and Predictive Sender Profiling capabilities are immediately available with Barracuda Spam Firewall firmware releases 3.4.10.100 and 3.4.11.200. All Barracuda Spam Firewall customers with current Energize Updates subscriptions may upgrade to the latest firmware releases at no additional charge. For new customers, Reputation Analysis and Predictive Sender Profiling will be included out of the box. Barracuda Spam Firewall pricing varies by model and starts at £1,349 with no per user licensing fees.

About the Barracuda Spam Firewall

The Barracuda Spam Firewall is available in six models and supports from 1,000 to 30,000 active users with no per user licensing fees. Its architecture leverages 12 defence layers: denial of service and security protection, rate control, IP analysis, sender authentication, recipient verification, virus protection, policy (user-specified rules), Fingerprint Analysis, Intent Analysis, Image Analysis, Bayesian Analysis, and a Spam Rules Scoring engine. In addition, the entire Barracuda Spam Firewall line features simultaneous inbound and outbound email filtering with the inclusion of sophisticated outbound email filtering techniques, such as rate controls, domain restrictions, user authentication (SASL), keyword and attachment blocking, dual layer virus blocking, and remote user support for outbound email filtering. The Barracuda Spam Firewall’s layered approach minimizes the processing of each email, which yields the performance required to process millions of messages per day. For more information on the Barracuda Spam Firewall, visit http://www.barracuda.com/spam.

About Barracuda Networks, Inc.

Barracuda Networks is the leading provider of application security appliances for comprehensive email, Internet and IM protection. Its products protect over 40,000 customers around the world, including Adaptec, Caltrans, CBS, Georgia Institute of Technology, IBM, NASA, Pizza Hut, Union Pacific Railroad Company, and the U.S. Treasury Department. The Barracuda Spam Firewall and Barracuda Spam Firewall - Outbound protect organizations against spam, viruses, and violations to e-mail security policy. The Barracuda Web Filter offers comprehensive content filtering and complete network protection against spyware, malware and viruses. The Barracuda IM Firewall is the only all in one gateway solution for IM traffic management and security. The Barracuda Load Balancer offers easy to configure, secure and comprehensive IP network traffic management across multiple servers. Barracuda Networks is a privately held company with headquarters in Mountain View, California. Barracuda Networks has offices in eight international locations and distributors in over 80 countries.

More information is available at www.barracuda.com.

# # #
Media Contacts:

Paul Shlackman, BondPR, +44 (0)1628 673007, paul@bondpr.com
Kylie Heintz, Barracuda Networks +1 408-342-5440, kheintz@barracuda.com

This press release was distributed by ResponseSource Press Release Wire on behalf of BondPR UK in the following categories: Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.