MailMarshal Blended Threats Module

Blended email threats are a considerable security risk to organizations. They are emails which contain embedded URL links to malicious websites hosting malware and browser vulnerability exploits.

The Blended Threats Module™ is an optional add-on module for MailMarshal SMTP. It is a unique solution that addresses the growing issue of blended threats that originate in email and infect through the Web. Blended threats are successful because they by-pass email malware scanning as there is no attachment by downloading its malicious payload through the Web when a user clicks on the embedded URL link. The malware often changes frequently to avoid detection by traditional anti-virus solutions. The Blended Threats Module goes beyond the protection offered by leading signature based malware scanners by using innovative cloud-based behavioral analysis to determine the malicious nature of any suspect URL links found within email and then feeds this intelligence into MailMarshal SMTP to pro-actively block blended threats at the email gateway.

Scale of Problem

Click to see video

They are a serious problem as most traditional anti-malware measures are ineffective against them. Blended threats circumvent normal signature-based email anti-virus solutions by avoiding attachment of the malware to the email. Instead a recipient of a blended threat is encouraged to click on a link in an email through social engineering. Common ploys include links to news headlines, online videos or holiday e-cards. The sites linked to by blended threats often appear legitimate, adding to the social engineering pretence and luring users into clicking on a download and infecting themselves with malware – typically a Botnet client.

The scale of the blended threats issue is significant. Research by Microsoft has revealed that 4% of corporate computers and 30% of home computers are infected with bot code. Blended threats are the primary means of distributing links to sites that enable Botnet infections. Furthermore, clean-up of bot code infections is typically more difficult than anti-virus. Bots are notoriously hard to detect and remove, often disabling locally installed anti-virus products and constantly morphing to avoid signature-based detection. 80% of bot infections result in the need to rebuild the computer due to the difficulties in permanently removing the malware.

The Blended Threats Module for MailMarshal SMTP 6.7 provides unique protection against blended email threats. It is an optional service which uses the M86 Security cloud-based malware behavior analysis datacenter to observe and determine the malicious nature of embedded URLs in email messages. The Blended Threats Module provides a constantly updated library of known malicious URLs to block blended email threats.

How it Works

The Blended Threats Module uses new and unique detection methods and technology to this new threat.

The service uses the combination of a local querying agent in MailMarshal SMTP with innovative cloud-based behavioral analysis to populate the Blended Threats Service, which in turn feeds into updated blended threats to the MailMarshal SMTP. The Blended Threats Module provides comprehensive protection from emerging blended threats, enhancing and augmenting anti-virus and anti-spam protection in MailMarshal. In addition, updated blended threats are also integrated into the M86 Filter List available for the R3000 Internet Filtering Appliance and WebMarshal Secure Web Gateway products.

The Blended Threats Module is a natural extension to malware scanning on your email gateway; the blended threats initiated through email have no attachment or embedded active code to scan. Relying on the reputation of the sender or the sending IP address is also limited in its ability to catch these email messages, they might look to be from people you know, or come from popular sites like Hotmail or Gmail.