Sometimes spam, viruses, and other malware filtering at your email gateway isn’t enough. It’s important to keep your host anti-virus signatures up to date, and if you don’t have anti-virus protection at your firewall or on your network at the Internet gateway you should seriously consider it.

Here’s why these items are critical. Some recent malware attacks have used malware embedded in video and audio streams as a transfer. They can gain an initial foothold, so to speak, by managing to get a link to your users in a spam email. If your spam filter doesn’t block the message, a link in the email appears to be a video or audio link, but in fact the destination contains a trojan that is embedded in the content stream.

This method of attack isn’t exactly new. For example, the ZLOB Trojan began making rounds in 2005, and began gaining traction in 2006. Some attacks with it simply involved downloading other viruses or malware. Using a video link, however, for users that have their ActiveX controls set to download codecs automatically means that those users with poor virus protection would automatically download the virus and become infected.

Continue reading Malware Threats from Unexpected Sources: Trojans Embedded in Streaming Video Links

Despite the generally excellent performance of most modern, well-tuned anti-spam engines, some spam is going to get through. We may be lulled into a false sense of superiority when for a period of time our anti-spam tools and techniques have borne fruit, and we see that we have more-than-just-excellent results; we have no spam in our inboxes for an entire day, week, whatever. Then, it returns. We’ve all seen it happen. Some strangely formatted message that you or I can surely tell is garbage, a bizarre attempt to sneak through your heuristics that has surprisingly succeeded.

Lately it has been some rather clever nonsense. I’ve been getting these spam emails with a particularly peculiar twist. Many of them have what appear to be at first glance meaningful, but “non-spam” sentences. On closer look, the sentences are strange, and not quite sensible. For some reason they consistently were getting through the spam filtering. What was strangest to me was the lack of any marketing content or attempt to sell whatsoever. They did have a link in the message, and the link was not ever to the same web destination or even clearly directed to an obvious undesirable site. This may have been one of the reasons this set of spam got by; to the filters, it looked really no different than a sentence or two sent by a friend describing some link they thought I would be interested in.

Continue reading The Latest Spam Getting Through Your Filtering – and What to Do About It

In a somewhat peculiar case, e360Insight LLC – the one-man mass mailing company which sued Spamhaus for besmirching its *cough* good name with accusations of spamming and which is now itself being sued for spamming – is suing data aggregation company ChoicePoint for CAN SPAM violations and breach of contract.

BackGround: e360Insight bought millions of email addresses from ChoicePoint. Some of the addresses were marked with an “O” to indicate that they could not be used for email marketing, while others were marked with an “I” to indicate that they could be used for email marketing. e360 proceeded to send emails to all addresses, regardless of whether they were marked with an “O” or an “I” – and that resulted in them being sued by some peeved recipients. Now here’s where it gets interesting: CAN SPAM prohibits the selling of email addresses belonging to people who have opted out of mailings. Consequently, e360 are claiming that ChoicePoint breached both contract and CAN SPAM provisions by selling opt-out addresses, even though those addresses were clearly marked as such:

If Ms. Sidewater’s assertion is true, this assertion constitutes an admission of violation of the CAN-SPAM Act of 2003, which provides that if a recipient requests not to receive commercial email, then it is unlawful for the sender to release, sell, or transfer such person’s email address to a third party. Thus, ChoicePoint admits that it breached 12(a)(ii) of the Agreement. But for this breach, e360 would not have sent any emails to the complainants and would not have been sued.

Hmmm. Gotta say, I don’t have much sympathy – in fact, make that I have no sympathy at all – for either side in this dispute. Who’d you prefer to see win? A(n) spammer alleged spammer? Or a company which sells your email address to a(n) spammer alleged spammer?

Tough choice!

Should you be interested in reading more, the documents are available over at SpamSuite.

The Swiss Security Blog (SSB) published results of research performed from honeypots implemented on their network. This is a small example of the benefits of honeypots, while exposing the potential damage new Trojans accomplish everyday.  Security Honeypots are closely monitored network decoys serving several purposes:

- distract adversaries from more valuable machines on a network

- act as an early warning system for new attack and exploitation trends

- allow in-depth examination of adversaries during and after the exploitation of a honeypot.

Continue reading 15 Countries most affected by security honeypots

When a Michigan State student fired off an email to nearly 400 faculty members protesting the school’s plans to shorten the 2009 fall semester, she probably didn’t expect to be labeled a spammer, but that’s exactly what happened. One of the people who got the email, a biology professor, promptly filed a complaint with the university’s administrators and now the student is facing a disciplinary hearing. None of the other faculty who got the email had a problem with it.

  Continue reading Michigan State Reprimands Student Over Email Flap

We do pay a lot of attention to filtering out spam, and rightly so. The vast majority of all email traffic is spam, and while some of it is merely annoying, some also contains dangerous malware in the form of attachments, or links to malicious web sites. It drains bandwidth and saps productivity. Constant vigilance and strong protection is called for.

At the same time though, email has become a vital part of business, and a vital part of marketing and customer relations. Where does spam stop and valid email-based marketing begin? It’s not as clear as one might think. Some take the position that anything whatsoever related to a commercial product is spam, which is actually a bit shortsighted. Companies whose products you use, for example, may create a periodic email newsletter, to keep you and other customers informed of changes, updates, and industry information.

Continue reading The flipside of spam protection: Keeping your business out of blacklists