Malware, spam: Bad, getting worse

Talking numbers with Mark Harris won't cheer you up. He's the global director of Sophos Labs for Sophos Inc., a Burlington, Mass.-based security vendor.

According to Harris, there's a new spam-related landing page put online every 20 seconds, about 8,330 per day. If that weren't unnerving enough, he says, there's the "insanely high" number of legitimate Web site pages that become compromised with malware every day: 16,000. Oh, and despite way more than one billion active e-mail accounts across the globe generating billions of legitimate messages daily to friends, family and business partners, Harris estimates 96.5% of all e-mail today is spam.

Imagine: more than a billion people can barely snag a 3.5% market share against a handful of spammers. Sadly amazing.

To combat part of this onslaught on our online security, today Sophos is unveiling its "sender genotype" no-charge upgrade to its software and appliances.

Margit McGrath, director of product management, says sender genotype improves site reputation filtering by being able to determine whether the source IP address is the type ISPs assign to commercial or consumer customers. She says, if sender genotype determines it's the latter but acting like the former, the software will block the incoming message at the gateway because it's a sure bet the message is from a compromised machine that's part of a spamming botnet.

Harris has more bad news. Malware incidents are cropping up as often on open source-based Web sites as with ones using Windows. And malware writers have even begun to take an interest in the Mac.

What can be done? Keeping your infrastructure rigorously up to date with security patches and being vigilant is your best defense, he concludes.