beautypg.com

Phishing attacks, Botnet attacks, Early detection filtering – Google Message Security for Google Apps Administration Guide User Manual

Page 180

background image

180

Message Security for Google Apps Administration Guide

Phishing Attacks

Spam Filtering also provides protection against phishing attacks.

A phishing attack is a type of spam disguised as valid email that is designed to
trick recipients into providing information or visiting a hostile web site. For
instance, a common type of phishing attack is a message, supposedly from a
bank, claiming that a credit card and password are needed. A URL is provided to
a site at which users can enter credit card information. That information is then
used illegally.

Because phishing attacks are sent in mass, they are normally detected and
stopped as spam. If you see a number of phishing attacks getting through, you
can work to stop them with the following:

Troubleshoot why the phishing attack got through. See “Troubleshoot Spam
that Gets Through” on page 182.

If the attacks always contain a key phrase, you may be able to use Content
Manager to block the messages. See “Create or Edit a Content Manager
Filter” on page 209.

Botnet Attacks

A botnet is a particularly dangerous spamming technique that is rising in
popularity. In a botnet, a spammer exploits a virus or system vulnerability to take
control of many machines at once, then sends spam or viruses through them all.
Because a botnet spam attack comes from many different IP addresses, many
conventional filters do not work.

The message security service uses special techniques to identify and stop botnet
attacks. Our botnet-detection engines track a huge body of email to detect
messages launched by botnets immediately after they begin.

These filters are automatic. You don’t need to take any steps to enable them.

Early Detection Filtering

Early Detection Filtering works only when you have Spam Filtering turned on,
which is the default setting.

You can turn on Early Detection Filtering from the Virus Settings page (see
“Configure Virus Settings for an Organization” on page 192).

Your message security service checks for new antivirus-definition file updates
every minute, but there is always some delay between the discovery of a virus
and its inclusion in a definition file. Live viruses that have not been included in
definition files are referred to as zero-hour threats.

When a message is not immediately identifiable as virus infected, but has an
executable file attached, that message is sequestered in the Early-Detection
Quarantine.

See also other documents in the category Google Software: