TMCnet News
Commtouch Warns: Consumer & Business Wireless Networks Are Set to Become Spammers' Heaven, Can Undermine SenderID Initiative MOUNTAIN VIEW, Calif. --(Business Wire)-- July 8, 2004 -- Commtouch (Nasdaq:CTCHC)---- Consumer and businesses wireless networks offer an easier and legal way to spam the Internet than 'zombies' -- Wireless routers vendors can block spammers from hijacking wireless networks by setting a default encrypted communication between the wireless clients and the wireless hub -- SenderID initiative will likely be rendered ineffective if spammers use unprotected corporate wireless networks which will provide them access to corporate mail servers and domains Commtouch(R) (Nasdaq:CTCHC), the innovator of anti-spam solutions featuring Recurrent Pattern Detection (RPD)(TM) technology, today warned the IT, telecommunications and mobile communications communities that the extensively deployed insecure wireless infrastructure in homes and businesses across the globe is set to become the new infrastructure that spammers will use to distribute their messages, unless wireless routers vendors take action. Additionally, Commtouch today noted that SenderID authentication introduced by Microsoft and SPF (Sender Policy Framework) -- which can be successful preventing spam coming from zombies -- can not stop spammers who utilize unsecured business wireless networks, because it gives spammers an open door to hijack business domains and mail servers. Commtouch's Spam Detection Center has observed that the majority of spam is sent via 'zombies', which essentially allow a spammer to send messages remotely via personal computers unbeknownst to the personal computer's owner. With that noted, businesses and home wireless networks introduce for spammers an easier way than zombies to massively spam the Internet. "Wireless networks allow people to browse the Internet and send email wirelessly using the Internet connection provided to them by their service provider," explained Commtouch Executive Vice President Avner Amram. "The majority of those people are using broadband connectivity which is ideal for spammer to send large volume of email in a short period of time. Without proper security not only can the owner of the wireless router and members of his or her household use the Internet, but others outside of the household who are equipped with a wireless interface can send their messages via the Internet as well." Amram explained that the default security which comes with wireless routers enables the usage of the router by others, including spammers, within a close distance to the wireless router. In every spot in every downtown in the United States and many countries in Asia and Europe many unsecured wireless networks can be found and used simply by using a wireless network adapter on a laptop or PC. "Wireless routers manufacturers can help and should prevent this problem from becoming epidemic, by enforcing by default an encrypted communication between the wireless clients and the wireless hub," said Amram. "This way, only authorized users will be able to use the router. We also recommend for all IT departments of businesses utilizing a wireless network to check their security practices and prevent external usage of their wireless network." Industry analyst firm Gartner has noted that by the end of 2004, hot-spot users for wireless communications are poised to rise to 30 million, up from 9.3 million last year, and more than half of notebook PCs used by businesses will have Wi-Fi capabilities. Furthermore, according to a variety of industry analyst firms, about 20 percent of homes with broadband Internet have WLANS utilizing wireless routers, and this number is set to increase. Amram noted that the tactic of exploiting wireless routers in home computers will allow spammers to shift from the somewhat challenging and illegal tactic of using zombies and open proxies. Zombies and open proxies require the spammers to distribute them via viruses and worms, which are illegal and can be used to spam only once they infect a personal computer. Since anti-virus software can clean those viruses, employing open proxies can be challenging to a spammer, thus making vulnerable wireless networks a spammer's preferred superhighway. "The wireless routers are easier to exploit than using zombies," explained Amram. "Wireless routers require no software on the home user PC, no usage of the PC resources, therefore the 'exploited home' can not identify that their network is being hijacked." (Editor's note: To obtain more information about wireless routers use by spammers, send an inquiry to [email protected].) Anatomy of a Spammer's Hijacking With a wireless network adapter on a PC (wireless client), a person can locate wireless networks in his/her surroundings (wireless router/hub). Once wireless networks are located, the adapter software indicates whether the wireless networks are secured or not. The individual can push the connect button to connect to one of the unsecured wireless networks and from this moment is connected to the Internet, and can use the wireless network as one's own. Most of the wireless networks are deployed at homes which utilize broadband connection which is connected 24/7. In every city downtown many unsecured wireless networks are available and ready to be exploited. Commtouch's Amram noted that a key advantage to the spammer exploiting the vulnerable wireless router is that the spammer can utilize another person's computer or their MLM (multi level marketing) network while exploiting the bandwidth of the router. On the other hand, he added, the disadvantage to the spammer is that the spammer's physical location has to be close enough to a wireless router location. "That conceivably could be helpful to law enforcement," said Amram. While Commtouch's Amram noted that wireless spam is already in epidemic levels in the Far East, enterprises that are employing Commtouch RPD detect and block spam minutes from a spam outbreak regardless of the spam content, language and method of distribution. Said Amram, "Commtouch RPD blocks all types of spam, automatically, from the first moment regardless of the method and tricks the spammer uses to distribute their messages. RPD detects spam in all email message formats, in all languages without looking at the email content. Across the board, RPD technology is an equally effective solution against spam in traditional email, wireless email and SMS." IDC recently wrote about RPD as a unique and potent approach to fighting spam in the firm's white paper titled, "Choosing the Best Technology to Fight Spam." (http://www.commtouch.com/documents/040429_IDC_Choosing%20_the%20_Best %20_AS_Technology.pdf) (Due to the length of this URL, it may be necessary to copy and paste this hyperlink into your Internet browser's URL address field.) Amram said that for those who do not employ Commtouch RPD, it would be beneficial for them if a default encrypted communication between the wireless clients and the wireless hub is set. About Commtouch Commtouch Software Ltd. is a global developer and provider of proprietary anti-spam solutions featuring Recurrent Pattern Detection (RPD) (TM) technology. Its mission is to protect and preserve the integrity of the world's most important communications tool -- email. The company's core technologies reflect its 13 years of experience as a leading vendor of email software applications and provider of global messaging services. Commtouch's patent-pending technologies are employed in solutions that are sold through channels and resellers. In addition, Commtouch anti-spam technologies are incorporated in software applications of security and messaging OEMs. Commtouch is headquartered in Netanya, Israel and its subsidiary, Commtouch Inc., is based in Mountain View, CA. The company was founded in 1991 and has been publicly traded since 1999 (Nasdaq: ctchc). To learn more about Commtouch visit www.commtouch.com. This press release contains forward-looking statements, including projections about our business, within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. For example, statements in the future tense, and statements including words such as "expect", "plan", "estimate", anticipate", or "believe" are forward-looking statements. These statements are based on information available to us at the time of the release; we assume no obligation to update any of them. The statements in this release are not guarantees of future performance and actual results could differ materially from our current expectations as a result of numerous factors, including business conditions and growth or deterioration in the Internet market, commerce and the general economy both domestic as well as international; fewer than expected new-partner relationships; competitive factors including pricing pressures; technological developments, and products offered by competitors; availability of qualified staff for expansion; and technological difficulties and resource constraints encountered in developing new products as well as those risks described in the company's Annual Reports on Form 20-F and reports on Form 6-K, which are available through www.sec.gov. Recurrent Pattern Detection is a trademark and Commtouch is a registered trademark of Commtouch Software Ltd. |
