Experts say this is due to several factors including our advanced internet infrastructure, amount of computers per capita, and the fact we just have a lot of people willing to click on anything and everything. Due to the fact that nearly everyone here has at least one computer, botnet herders have a vast amount of zombies at their disposal, ready to pump out spam.

It’s rather sad that a highly developed and educated country like the U.S. still has so many people that open spam, click on links, and even buy the shady products that spam sells. They, along with those who still aren’t using anti-spam and/or anti-virus software, are likely to be the reason the U.S. has earned such a dubious honor.

A recent report revealed that over half of all small businesses don’t use anti-virus or anti-spam software and many that do don’t keep it updated. It’s crucial that this changes and that all businesses protect themselves, because these days spam is more dangerous than ever. Recent attacks have disrupted corporate networks and some were even targeted toward our military. We’ve got to start protecting ourselves before spam goes from being little more than a nuisance to something much more dangerous.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

U.S. Named The World’s Biggest Spammer

October is National CyberSecurity Awareness month in the United States, and today’s blog post works right into that…by raising users’ awareness of how their actions contribute to systems security, you are also helping your users help you to reduce SPAM. While not all SPAM originates with user actions, a significant portion of it does. By educating our users on the actions that they take which can lead to spam, and by providing them with alternatives where appropriate, we can have a positive impact on our mail servers (and those hosting their personal mailboxes,) and everyone wins. Well, everyone except those darned spammers.

And since this is National CyberSecurity Awareness Month, we’re going to cover these activities while keeping the geek speak to a minimum, so that you can copy most of the content from this post and paste it into an email you can send to your end users.

1. Using corporate email for personal use
   Have a policy that clearly defines whether or not users may use their corporate email account for personal use. If you are going to allow this, make it clear what is permissible and what is not, and consider limiting this to a ‘receive only’ policy so that there is no chance an external party could confuse personal communications for corporate communications. Do not allow users to use their corporate email to subscribe to distribution lists or other high volume sources. Many times, a user will subscribe to a school or sporting group’s emails, only to have that group CC the many dozen or even hundreds of subscribers, which then places their address in everyone else’s inbox where a virus can harvest it.
2. Posting email address on web pages
   Ensure that any email addresses placed on corporate webpages are shielded from harvesting by automatic processes using JavaScript or other obfuscation methods.
3. Sending email to several external recipients
   Never CC a large number of users unless they all work for the same company or are working together on the same project and should be replying to all regularly. Use blind carbon copies or create a distribution list to protect recipients’ privacy.
4. Mailing lists
   Often, sports teams, school clubs, church groups, or other activities like to email their memberships. Help these organisations out by introducing them to the free mailing lists available from Google Groups, Yahoo Groups, and others. These distribution lists are opt-in, provide anti-spam and anti-virus scanning, and protect their users’ privacy by using BCC.
5. Do not automatically download images unless you trust the sender
   Configure your email client so that it will not automatically download pictures in HTML messages. Many spammers use these images as Web beacons to identify ‘live’ email addresses.
6. Turn off read and delivery receipts and automatic processing of meeting requests    
   Delivery and read receipts and automatically accepting meeting requests are all ways that spammers can determine if an address is ‘live.’ Systems admins will control delivery receipts, but users can set the way their email clients process read requests and meeting requests.
7. Be careful where you post your e-mail address
   Public web sites, newsgroups, chat rooms, and support forums are all good sources for spammers to harvest email addresses. Since this is often an automated process, add something to your email address or format it so that a person can figure out how to email you, without posting your exact address. For example, you can use yournameREMOVE@example.com or yourname[at]example[dot]com to render an address that a human can follow but a bot can’t harvest.
8. Review privacy policies of all sites you use
   Look for a link to the privacy policy of any site you might register on, and ensure they have a clear statement about what they do and don’t do with your personal information. If they do not have a privacy policy, don’t register. Also keep a close eye on checkboxes that are checked by default to ensure that you are not automatically registering for more unwanted email, or agreeing to things you wouldn’t want to.
9. Never reply to spam
   Never reply to an e-mail message unless you know and trust the sender. Replying to a spammer asking them to stop just confirms to them your email address is live.
10. Never forward chain e-mail messages
    Forwarding these messages also forwards all the email addresses of anyone who received it before you. Eventually that email will land in the inbox of someone who’s computer is infected with malware that will harvest all of these addresses.
11. Use antivirus software
    Make sure to install keep your anti-virus software up to date. Many malware infections scan the inbox of mail clients for email addresses to send spam or propagate the virus.

Links to obfuscation sources

A good one for admins and end users…and my personal favourite.
http://www.addressmunger.com/

One even and end user can follow
http://www.fingerlakesbmw.org/main/flobfuscate.php

A good source for webmasters
http://www.alistapart.com/articles/gracefulemailobfuscation/

Links to free distribution groups

Google Groups
http://groups.google.com

Yahoo Groups
http://groups.yahoo.com

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

11 Ways End Users can Help Reduce Spam

Although in many cases spam and viruses go hand in hand, there are still some viruses that have no spam-like characteristics and therefore must be defended by genuine antivirus measures.  I recently worked with a customer who was surprised that their server-level antivirus was finding viruses in emails that had already passed through an external hosted filtering service.

Aside from email-borne viruses there are also non-email vectors for viruses and malware to attack an Exchange server.  Once the malware is on a server or computer on the network it can be used to attack other devices or even send out spam itself.

So with all of that in mind here are some strategies for protecting your Exchange environment from virus infection.

Hosted or Gateway Filtering

The best place to stop an email-borne virus is before it reaches your Exchange servers.  To do this requires either an externally hosted service that all of your email is routed through, or a server that sits in front of the Exchange servers (for example in the DMZ or as an edge/gateway device) to check all mail as it arrives.

A benefit of filtering email before it arrives on the Exchange server is that the resource-intensive virus scanning can occur on a dedicated device without impacting the performance of Exchange.

There are also a much larger range of products and services available for this type of protection, as compared to the number of products that can be installed on an Exchange server in an integrated manner.

Transport Layer Filtering

When an email enters the Exchange Organization it is first received by either an Edge Transport or Hub Transport server.  The Edge Transport role is a dedicated role, while the Hub Transport role can co-exist with Mailbox Servers.  But the modular nature of Exchange server roles means that for the sake of this part of the discussion you can just consider them separate.

An email has to traverse at least one Transport server before it reaches mailboxes.  In larger organizations it will traverse several.  Transport servers typically have lower general workloads than other server roles, and so this makes the Transport layer another ideal place to perform antivirus scanning of email.

Database Layer Filtering

Once an email has arrived in a mailbox it is subject to database level filtering.  This level of filtering tends to be the most costly in terms of server resources, because the Mailbox server typically has a higher workload on it than other server roles.

However an advantage of scanning for viruses at the database level is that scheduled scans can be run over the database to check for any viruses that may have passed through other protection layers before the antivirus signatures were updated to detect them.

Server Filtering

Although some administrators will disagree I tend to prefer installing antivirus agents on the Exchange server to protect from virus threats.

Because the server is subject to the security of other devices on the network there is always the risk that another infected machine could try to exploit an operating system vulnerability on the Exchange server and spread the infection.

Whenever you are installing antivirus software on Exchange servers you simply need to be aware of the exclusions that are recommended by Microsoft to prevent any performance issues with Exchange itself.

Client Filtering

The last piece of the overall solution is client-level filtering.  Similar to server filtering this involves the installation of antivirus agents on the client computers in the network.  However it can also include additional add-ons and plugins that integrate with the email client to prevent viruses from infecting the computer or being spread via the email application.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Antivirus Protection for Exchange Server 2010

          “Hey man… Remember all those long distance phone calls we made. Well I got my telephone bill and WOW. Please help me and look at the bill see which calls where yours ok…”

The “bill” is attached to the email as “PhoneCalls.pdf” and if clicked on, takes advantage of vulnerability in Adobe Reader in order to download the Sality virus. This virus, which appears to have originated in Russia, is extremely dangerous. It takes over the autorun feature, installs a peer to peer connection to a botnet, downloads additional malware, looks for and disables any anti-virus software it finds, looks for and infects any local, remote, and removable drives, alters the Windows registry to infect any .exe file set to load on startup, and worst of all, damages every file it infects beyond repair. It is one of the nastiest viruses out there today. Its botnet contains over 100,000 computers.

Adobe says they have released an update that repairs the vulnerability and if your IT department hasn’t installed it they should ASAP, but neither that nor having the most recent version of the program are guarantees against getting infected. Sality has been around since 2003 and has grown more and more complex and sophisticated with no end in sight. It’s important to have an anti-virus solution that can block zero-day attacks and threats.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

PDF Spam Returns With a Malicious Twist

A hosted email security provider offers antivirus and antispam protection for their customers using servers hosted off the customer’s premises.  This delivery model carries many benefits to the customers.

Equipment Costs – by choosing a hosted service the customer is not required to purchase their own server hardware to run the security product on their own premises.

Support Costs – support is included in the monthly fee to the hosted provider, so the customer is not required to hire and retain staff to manage an on-premise solution.  The hosted provider is responsible for all maintenance and upgrades to keep the service running smoothly.

License Costs – because the customer is not running their own server they also save on software licensing costs.  Furthermore they are simply paying a per-user license cost to the hosted provider.

Bandwidth – because any virus or spam emails are filtered by the hosted provider that traffic never reaches the customer’s network, saving their bandwidth which is both a cost and a performance benefit.

Scalability – the customer benefits by only having to pay per-user, and then having the flexibility to scale up as necessary by buying more licenses.  For on-premises solutions this may eventually lead to outgrowing an existing server, whereas with hosted services the provider manages their overall capacity needs for all of their customers and is responsible for scaling up as necessary to meet demand.

Features – end user control and comprehensive reporting are two features common to hosted services.  Some on-premises solutions lack these important features.

Simplicity – for large businesses with multiple network entry points a hosted service offers a single point of entry for email rather than having to manage multiple points of entry each with their own security product installed.

Flexibility – if a hosted service is not performing well or meeting expectations the customer can simply switch to another service without wasting expenditure.  For on-premises solutions switching to a new product can be costly because the existing product has already been paid for.

Compatibility – hosted services operate independent to their customer’s normal choice of server operating system or email platform.  For on-premises solutions a customer is often constrained by which products will be compatible with their other systems.

The benefits of hosted email security solutions are quite clear and for many businesses a hosted service will be a much more cost effective option than on-premises solutions.  Certainly all businesses should carefully consider hosted offerings when they are evaluating antispam solutions for themselves.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

9 Benefits of Hosted Antispam Services

At face value these points may be valid (a detailed cost/benefit analysis is still ongoing) however one item that did come up in the technical analysis is the impact it would have on the choice of email security product being used.  Basically it would remove the choice entirely, as the providers being considered offer a single solution for email anti-virus and anti-spam protection.

Although most email security products have similar features, not all of them are created equal.  Features can be included or excluded from product to product, and even features that are common between products can have very different levels of quality and performance.Customers or the consultants advising them must considering each of the features they do and don’t need in an email security solution.  Effectively this means a new email security product evaluation must be undertaken.

In the case of our customer we had to evaluate the important features they had come to rely on.

Bayesian Filtering – a Bayesian filter can take some effort to implement and train but once it is in full operation it improves the false positive rate considerably.  Migrating email to a new environment means all of that Bayesian filter learning will be lost and will need to start over again.  In some cases Bayesian filtering is not a feature of hosted email providers.

End User Controls – to reduce administrative overhead the client originally chose a product that offered end users a self-service feature for managing their quarantined items, personal safe lists and block lists.  Again by moving to a new platform all of these personal customizations are lost.  End user quarantine is available in some hosted email services however single sign-on becomes a new problem to deal with, because the hosted environment is not integrated into the same Active Directory as the end users.

Reporting – a common feature in hosted email providers is a reporting interface for generating views of the performance of the email system and its security features.  Although all of the providers being considered do offer reporting interfaces the range of available reports varies from provider to provider.  Some provide no customization of reports at all, and none of them allow direct reporting database access so that reports can be generated using other applications.

Email Routing – for the client in question there are some complex email routing rules in place for particular domains and email addresses.  Not all emails are routed to Exchange mailboxes, some are routed off to other mail-enabled systems where they are parsed by special applications as part of a business workflow.  Once again the support for this sort of flexibility varied from provider to provider.

Overall there was not one hosted provider that offered a complete feature-to-feature parity so that the migration would be as painless as possible.  If the decision is ultimately made to move to an externally hosted email provider some compromises in the features and flexibility of the email security solution will have to be accepted.

For all the excitement about the new wave of cloud computing sometimes these sorts of issues are not fully considered.  Compared with the broad choice of on-premises solutions available for email anti-virus and anti-spam it is a bit of a disappointment to be faced with such limitations.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Do Hosted Email Providers Mean Lack of Choice?

The discussion raged on sites such as Slashdot and on forums across the internet. Symantec fanned the flames when they started deleting questions about PIFTS which had been posted to their web forum without explanation. What did they have to hide? To make matters worse, users searching for information on PIFTS found that they were being directed to malicious websites. Brian Krebs of the Washington Post noted:

          Some of the top searches (currently the 3rd and 4th result in a Google search) are Web sites that try to install malicious software when you visit them. Both results take you to sites that use Javascript attacks to try and foist rogue antivirus products (ah, the irony).

Symantec finally issued a statement which confirmed what had happened:

          Symantec released a diagnostic patch “PIFTS.exe” targeting Norton Internet Security and Norton Antivirus 2006 & 2007 users on March 9, 2009. This patch was released for approximately 3 hours (4:30 – 7:40 PM March 9, 2009 Pacific Time). In a case of human error, the patch was released by Symantec “unsigned”, which caused the firewall user prompt for this file to access the Internet. The firewall alert for the patch caused understandable concern for users and began to be reported back to Symantec. Releasing a patch unsigned is an extremely rare occurrence that does not pose any security issues to our users. The patch reached a limited number of Norton customers and has subsequently been pulled from further distribution. Norton users are fully protected and do not need to take any action as a result of this issue.

What about the deleted posts? Symantec explained that too:

          There has been activity in the Norton User Forum related to PIFTS.exe which has generated additional concern and media speculation.  At approximately 10:30pmET Monday March 9, Symantec detected that our User Forum boards were being abused by an individual or individuals. One individual created a new user account and posted about the name of the patch executable, PIFTS.exe. Within minutes, several dozen user accounts were created commenting on the initial thread, and/or creating new threads on the topic. Over the next few hours, over 200 user accounts were created. Within the first hour there were 600 new posts on this subject alone. While the intent of the spammer(s) remains unclear, there were no malicious links and it simply resulted in a widespread communications challenge for Symantec. Below are some examples of the forum spam we received from these new user accounts. These forum posts contained no text in the body of the message, simply a subject:

O LAWD IM CHOKIN ON PIFTS PLZ HALP
OH GOD YOU GOT CHOCOLATE IN MY PIFTS
If you wanna be my NORTON/ you gotta deal with my P ! F T S . E X E
IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?
PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE
I LOVE MY PIFTS.EXE

Symantec strictly adheres to its Norton Community Terms of Service and does not delete postings unless they are in violation of these guidelines. Upon determining that our User Forums were being abused, Symantec began removing the spam posts.

So, it seems that it was all due to human error; an innocent mistake. PFTS did not perform any malicious activity and the web forum posts were not deleted as part of a corporate cover-up. But, boy, could Symantec have handled this any more badly? Why didn’t they issue a statement sooner? Had they done so, they could have been spared a considerable amount of bad publicity – and spared their users from being lured to malicious websites in a hunt for information which should have been made available by Symantec. And will users really be comforted to know that PFTS could have phoned-home without their knowledge had the executable been signed? Hmmm …

What’s also noteworthy about this incident is the speed with which the malicious websites appeared. If only Symantec had been as fast to respond as the bad guys!

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

The PIFTS.exe Conspiracy

This new kind of scam brings the average cybercriminal over $10 million a month. Researchers have found a definite relationship between the economy and cybercrime. Stock market declines and other economic crisis almost always result in a surge in scams and spam. That’s bad news for all of us if the current economic forecast continues to worsen. Already new campaigns exploiting Citizen’s Bank, the 2012 Olympics and the Better Business Bureau have been detected, and despite the recent suit filed against the makers of the infamous and much hated “Antivirus XP” malware, similar rogue programs continue to be distributed via spam and popups. Researchers and security experts expect this trend to continue for the foreseeable future.

Liked this post? Get more anti-spam related news from AllSpammedUp.com!

Even Scammers Are Affected By Credit Crisis