Google updates Postini spam engine to stop new JavaScript attacks

By , Network World |  Security, Google, JavaScript

Google's e-mail security team has updated the Postini engine to stop a new type of JavaScript attack that helped fuel a rise in spam volume in recent months.

Google Apps vs. Microsoft Office

Google says it has seen a surge in obfuscated JavaScript attacks, describing them as a hybrid between virus and spam messages. The e-mails are designed to look like legitimate messages, specifically Non Delivery Report messages, but contain hidden JavaScript.

"In some cases, the message may have forwarded the user's browser to a pharma site or tried to download something unexpected," Google said in its official blog. "Since the messages contained classic JavaScript which generates code, the messages could change themselves and take multiple forms, making them challenging to identify."

"Fortunately, our spam traps were receiving these messages early, providing our engineers with advanced warning, which allowed us to write manual filters and escalate to our anti-virus partners quickly," Google continued. "In addition to this, we updated our Postini Anti-Spam Engine (PASE) to recognize the obfuscated JavaScript and capture the messages based on the underlying code to ensure accuracy."

Spam volume increased 16% between the first and second quarter of 2010, according to Google, which tracks 3 billion e-mail messages per day with its Postini e-mail security and archiving services. But spam levels have declined year-over-year, dropping 15% between Q2 2009 and Q2 2010.

There's a much different story on the virus front. Virus traffic in Q2 2010 was more than two and a half times greater than it was in the second quarter of last year, but has remained steady since the first quarter of 2010, increasing only 3%.

"Spam and virus volumes this year have continued their upward trend," Google says. "These trends tell us that the spammers are still extremely active, and their botnets produce high levels of spam and virus traffic."In addition to the obfuscated JavaScript attacks, Google says spammers are relying on "the classics," such as false social networking messages, e-mails related to current events, and shipping scams.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question