Spammers are increasingly targeting individual companies' domains with large volumes of concentrated spam.
This could put small businesses' mail servers at risk of suffering denial-of-service conditions, said messaging security firm MessageLabs.
"Increasingly we've seen spam runs take place in a burst of activity lasting a few hours," said Paul Wood, senior analyst at MessageLabs. "Spammers are sending large volumes of spam destined for individuals within organisations, to try to get round signature-based anti-spam [products]."
For example, MessageLabs witnessed a series of spam spikes against one particular company's domain. The company, which MessageLabs did not name, had fewer than 200 employees and would typically receive approximately 730 messages per day. This number went up to several million messages during spam spikes. While the company knew its mail servers weren't operating efficiently, it found it difficult to pinpoint the cause of the problem.
MessageLabs said the company was being targeted in a dictionary attack, which involved the spammers sending a large amount of spam to email addresses compiled from common first and last names, combined with the company domain, in the hope that they would hit upon a number of valid email addresses. As the mail server still had to deal with both valid and invalid mail, the spam spikes caused denial-of-service conditions.
"The company was spending a lot of money upgrading memory and bandwidth," said Wood. "And legitimate mail wasn't being delivered."
While Wood admitted that spammers causing denial of service would ultimately be self-defeating, because their spam was not being delivered, he said the technique was being increasingly used. Wood added that small companies who are experiencing slow mail servers should go to their ISP for traffic analysis.
Graham Cluley, senior technology analyst for anti-malware company Sophos, said that attacks against company domains would be specific to individual companies and ISPs. Cluley said Sophos has seen a real growth in the amount of spam which attempts to direct users to malicious websites, with a quarter of a million new web pages hosting malicious code per month. According to Cluley, of those web pages, 70 percent are legitimate sites that have been hacked to contain malware.
