Spam Filters & SSL: What Should I Do?


We got a great question in Ye Olde Mailbag today from Jean-Claude in Montreal, Canada.

He asks,

I installed Vipre. Their SPAM FILTERING does not support SSL connections.

"Here is a note from their text:

"NOTE: Spam filtering will only function for POP3 configurations set to port 110, by default, for incoming email. SSL connections are not supported and will cause mail to stop flowing.

"Is it a big thing?


Here was my reply:

It’s definitely a trade off.

The reason why it can’t support SSL is because the SSL encrypts the messages as they traverse the wire between your PC’s email client (i.e. Outlook) and your email provider’s mail servers.

Thus, VIPRE would be looking at gobbletygook nonsense and couldn’t do its job.

This is what the transit path looks like for an email:

[ Outlook ] <===> [ VIPRE ] <===> [ Internet ] <===> [ Mail Servers ]

The problem is the encryption happens like this:

[ Outlook ] <======================================> [ Mail Servers ]

Thus, VIPRE is blind to what Outlook and the mail servers are doing when SSL is enabled.

So, the question is this:

Do you have a spam problem or does your ISP provide reasonably good spam prevention / filtering?

If you do have a spam problem, spam filters like the one in VIPRE (which is very effective) are a reasonable choice, but they do come at the cost of having an SSL encrypted connection.

If you don't, I’d suggest you leave the SSL enabled and disable the spam filter.

Here’s why: with SSL disabled your email sent in clear text to the mail servers, and, more importantly, so are your username and password.

You should always act as if your emails are plain to see anyway, but there’s no reason not to protect your email username and password if you can.

Oh, and be sure you’re using a COMPLETELY different password for each of your email account[s] than you do anywhere else, especially onilne banks, credit cards, etc.


Ask the Experts: Do I Need Antivirus Software?

Martha tapped a note out to us today that asked,
I'm 73 years old. My grand kids have been getting after me a lot lately. They want to me to put some of that antivirus software on my computer. I don't know a thing about this stuff. I don't understand why I even need it. I use my computer for email and reading the news.
Here's my reply: (with a little extra added here for clarification)

Thanks for writing, Martha.

I'm glad to hear your grandkids have been after you to get antivirus software. They're wise beyond their years. :-)

The first question here is:

Do I need antivirus software?

Since there are so many different ways a computer can get a virus, the question to ask to decide if you need antivirus software is:

What would happen if your PC got a virus?

The main risks of viruses are that they tend to be:
  1. destructive
  2. personally invasive
  3. resource thieves
The first thing is easy to understand. Viruses can delete your files.

If you have nothing of value on your PC, there's no risk here other than the time and cost for a PC shop to restore your PC and get it back into a working state.

On the other hand, if you do have things of value (real or sentimental) on your PC, maybe photos, music, emails, or the like, what would be involved in restoring those files, assuming it's possible?

As for viruses being personally invasive, it means viruses can steal your files, your data, and under the right circumstances even your identity.

Ditto here. If there's nothing of value on your PC, the risks are the time and cost of repair. If you use your computer for things like online banking, doing your taxes, or medical-related stuff, what's the risk of this information falling into the wrong hands?

The last one, resource theft, means viruses can burrow their way onto your PC and can make your computer a part of a "botnet".

Botnets are often used for sending spam, so if your PC gets sucked into a virus botnet, it's pretty likely someone would start using it to send their spams, probably without you even knowing it.

Even if there's truly no risk of data loss or theft (which isn't really the case, but assuming it is), if your computer is in a botnet, it's definitely being used for malicious purposes, something most folks don't want.

As to how you get a virus, there are a lot of ways computers get viruses. These days, the bad guys are resorting to taking over legitimate websites and using clever tricks to confuse people--or their computers--to installing their viruses.

How you get a virus is actually less important than what would happen if you got one, which is the real question to ask yourself if you're trying to figure out if you need antivirus software.


$250,000 Reward for Information about the Rustock Botnet

Microsoft made an announcement in their blog today: $250,000 for Rustock botnet information
This reward offer stems from Microsoft’s recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it.

"While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.
Why has Microsoft put so much effort into this particular botnet?

In part because of the serious damage it has done. By Microsoft's estimation, the botnet had capacity for sending 30 billion spams. A day.

Bear in mind, too, that this is after Rustock was taken down through a huge international effort that marshaled industry and academic researchers, legal teams, and governments to do so.

So, what does all this mean?

My own take is that they may never capture the folks responsible, and a lot of infected machines are still out there, mostly unbeknownst to their owners, no doubt, so there's still a lot of work to be done.

My belief is that the botnet will take many years to die completely, because most of the people who're running infected machines aren't running antivirus software, and if they haven't noticed their machines are infected by now, they probably never will.

Thus, they're unlikely to install some and remove the botnet from their PC.

In which case, it'll only die when the infected PCs themselves go to the scrapyard.

In the mean time, at least the technological solutions in place should make it very hard for the infected machines to come back to life and spew more spam.

More information on the $250,000 Rustock award.


Epsilon Email Break-In... Updated List of Affected Companies

It comes as no surprise that a lot of people and businesses have been affected by the Epsilon break-in.

What may be a surprise to some is the breadth of the affected industries. In our previous blog on the Epsilon break-in, I said,

It's just about every type of business imaginable, and chances are very, very, very high you've dealt with at least one of these companies.

Given the growing size of the list, that looks more true than ever.  Take a look at the list below.

If you have an account with one of these banks or have shopped with one of these retailers/e-tailers, you're more susceptible to a highly targeted spear-phishing attack.

They know your name and email address, and they know the banks, credit card companies, and other financial institutions you deal with. They know where you've shopped.

You, like me, are a prime target for someone looking to contact you by email and trick you into giving up your highly confidential information or steal from you. It's a fact. Because they know more about you, it's much, much easier to gain your trust.

Today, I came across this updated list of companies affected by the Epsilon Breach at CAUSE.org (The Coalition Against Unsolicited Commercial Email). [Thanks to CAUSE.org for doing the tremendous leg work to put this list together.]


Banks/Financial Institutions
  • Ameriprise
  • American Express
  • Barclay's L.L. Bean Visa card
  • Barclays Bank of Delaware
  • Best Buy Canada Reward Zone
  • BJ's Visa
  • Capital One
  • Catherine's card
  • Citi
  • Express card
  • ExxonMobil card
  • Home Depot card
  • JPMorgan Chase
  • MoneyGram
  • MyPoints Reward Visa
  • NTB card
  • Scottrade
  • Smile Generation Financial
  • Stonebridge Life Insurance
  • TD Ameritrade
  • US Bank
  • Victoria's Secret card
  • Visa
  • World Financial Network National Bank

    Retailers / e-Tailers
  • 1-800-FLOWERS
  • Abe Books
  • Abercrombie & Fitch
  • AIR MILES Reward Program (Canada)
  • Ameriprise
  • Ann Taylor
  • AshleyStewart
  • Avenue
  • Beachbody
  • bebe
  • Benefit Cosmetics
  • Best Buy
  • Borders
  • Brookstone
  • Chadwick's
  • Charter Communications
  • City Market
  • College Board
  • Crate & Barrel
  • Crucial
  • David's Bridal
  • Dell Australia
  • Dillons
  • Disney Destinations (The Walt Disney Travel Company)
  • Domestications
  • Dressbarn
  • Eddie Bauer Friends
  • Eileen Fisher
  • Ethan Allen
  • Eurosport Soccer
  • Fashion Bug
  • Food 4 Less
  • Fred Meyer
  • Fry's
  • Gander Mountain
  • Giant Eagle
  • Giant Eagle Fuelperks
  • GlaxoSmithKline Consumer Healthcare
  • Hilton Honors
  • Home Shoppers Network (HSN)
  • J.Crew
  • J.Jill
  • Jay C
  • Jessica London
  • Justice
  • King Soopers
  • KingSize Direct
  • Kroger
  • Lacoste
  • Lane Bryant
  • Marks & Spencer
  • Marriott Rewards
  • Maurice's
  • McKinsey Quarterly
  • New York & Company
  • OneStopPlus
  • PacSun
  • Palais Royal
  • Polo Ralph Lauren
  • PotterBarnKids
  • PotteryBarn
  • QFC / Quality Food Centers
  • QualityHealth
  • Radio Shack
  • Ralphs
  • Red Roof Inn
  • Reeds Jewelers
  • Ritz-Carlton Rewards
  • Robert Half International
  • Sears
  • Shell
  • Smith Brands
  • Sportsman's Guide
  • Stage
  • Target
  • Tastefully Simple
  • The Limited
  • The Place
  • TiVo
  • Trek
  • TripAdvisor.com
  • United Retail Group
  • Value City Furniture
  • Verizon
  • Viking River Cruises
  • Walgreens
  • Woman Within

  • For the companies involved, there's no shame in my opinion. They put their trust in a company with, at that point, an excellent record for systems and information security. 

    It just so happens that even with that, someone (or more likely a group) broke into their systems and stole the data Epsilon had been recording, storing, and using on their customers' behalves.

    Is Epsilon to blame, definitely, but I don't feel the companies are. Outsourcing to what you believe is a competent third party is often not just a good but actually the best business decision.

    It really doesn't make sense for most companies to spend the time and resources to devote to something as mundane as email address collection and marketing. It really doesn't.

    No matter how good each individual company's staff gets, because of the scale of Epsilon's operations, they see more, and so they're more likely to make the right decisions about security.

    What this really boils down to is a question of personal responsibility. Each of us, as individual consumers and businesses, need to be smart about what we do with our information and what to do when we're contacted.

    That means thinking before you click. Thinking before you type. And thinking before you hit "submit" on a form.

    And it also means keeping your PC patched and your antivirus software up to date, too. Together, being smart about what you do online and keeping your PC secure can be just the difference between being safe and being someone's identity theft prey.


    Microsoft Working to Take Down Win32/Rustock Botnet

    Microsoft's Jeff Williams gives an update on Microsoft's part in continued action to eradicate the Win32/Rustock botnet.

    Over a year ago Microsoft marshalled a unique botnet-fighting team. Made up of others in industry and some folks in academia, they used a combination of legal and technical means to  take control of the Win32/Waledac botnet as the first milestone action in project MARS (Microsoft Active Response for Security.)

    A similar action in the past couple of days has had its legal seal opened that allowed Microsoft to talk more openly about the Win32/Rustock botnet.

    Sure, Waledac was a simpler and smaller botnet than Rustock, but because of lessons learned with it, Microsoft was able to take on the much larger Rustock botnet.

    Rustock is estimated to've infected over a million computers and was spewing out millions of spams daily

    In fact, some statistics have suggested that at its peak, Rustock accounted for a staggering 80% of all spam traffic in volume and were sending at a rate of over 2,000 messages per second.

    What was so impressive in the botnet takedown was the scope of things: the seizure of command and control servers was under court order from the U.S. District Court for the Western District of Washington; the order was carried out by the U.S. Marshals Service and by authorities in the Netherlands.

    That alone would be a fairly big deal, but here's the kicker: investigators are now going through evidence seized from five hosting centers in seven locations to learn more about those responsible and their activities.

    This was a collaboration with others such as Pfizer (whose brands were infringed on from fake-pharma spam coming from Rustock), FireEye, and the University of Washington.

    All three gave valuable statements to the court on the behaviors of Rustock and also the specific dangers to public health which is in addition to those effecting the Internet.

    On Microsoft's side, the efforts are represented by a partnership between Microsoft's Digital Crimes Unit, the Microsoft Malware Protection Center, and Microsoft Trustworthy Computing.

    We applaud Microsoft and its partners for pulling this off. Their continued work with CERT and ISPs around the world is the only way to reach those whose computers are infected and help defeat and remove these viruses.


    51 Month Prison Sentence for Spammer Ralsky

    Few things get the ire of computer folks more than spammers. Even spammers hate getting spam.

    What's even worse than spam though is when nefarious techniques including using zobmie PCs (those computers whose security has been compromised by a trojan, worm, or virus to do their bidding, typically without the owners knowledge) to send the spam.

    According to the latest conviction, that's what spam "Godfather" Alan M. Ralsky did though.

    Washington Post's Security Focus Blog brings us news of the Spam Godfather's Sentence saying,

    "Ralsky, 64, of West Bloomfield, Mich., joined two co-conspirators in earning stiff prison sentences for long careers of blasting junk e-mail.

    "Following more than four years in prison, Ralsky will be subject to five years of supervised release and will forfeit $250,000 the government seized from him in December 2007, the Justice Department said."

    While it's great news for anyone in PC security when someone like finally gets caught, it's especially good news when the dragnet also ensnares cohorts as this one did, naming a total of 10 co-conspirators in the original federal grand jury indictment, including Ralsky and 10 others from China, Canada, Hong Kong and Russia in a 41-count indictment for wire fraud, mail fraud, money laundering and violations of the CAN-SPAM Act.

    The three things that make the way they were spamming (at least the way they were spamming according to Spamhaus.org), especially egregious were,

      What they did... Why it was especially egregious...
    1. Sent spam. Lots and lots and lots. And lots of spam. Does anyone like spam?
    2. Used "zombie" PCs to send spam.
    1. Computer users had their resources, quite literally, stolen from them.
    2. While you're wondering why your PC has slowed down, Ralsky et al were using your PCs power and your Internet connection to send spam and make them millions.

      If your drive crashed or network card or modem died because of the extra use and had to be replaced, it's your expense to do so. It cost the group nothing for your trouble.
    3. Innocent PC users got in "trouble" with their ISPs because their PCs were then the sources of the spam coming from Ralsky's group
    4. Those same users then had to take steps to remove the viruses and get back in their ISP's good graces
    3. Sent stock "pump-and-dump" spams. According to the government, Ralsky was a top promoter of so-called pump-and-dump scams...

    "schemes in which fraudsters buy up a bunch of low-priced microcap stock, blast out millions of spam e-mails touting it as a hot buy and then dump their shares as soon as the share price ticks up from all of the spam respondents buying into the scam.

    Now, we all should know better than to open spam to begin with, but for those many people who did and who bought any of the stocks touted by the group, many of these victims had very real financial losses.

    It's anyone's guess as to how much.

    It's because of groups like these that we all need antispam software and antivirus software to begin with.

    We're glad to see yet another spam group get ensnared, making PC security--and the spam in our inboxes--a bit better for us all, and while it took a while, we're glad they finally got their just desserts.


    Stopping Malware: ISPs Cutting Off Internet Access to Malware Infected Computers

    Malware in all its forms, viruses, worm, trojans, keyloggers, botnets, spyware, and even adware, is for most individuals and businesses unpleasant at best and a nightmare at worst.

    Once your PC has been infected, cleaning up the mess the malware leads behind can be easier said than done.

    For better or worse, realizing your computer has been compromised is often difficult if not impossible. It can't be said too often that preventing the malware/virus infection in the first place should be your first priority in computer security:

    1. Be smart about what you do online.
    2. Keep your PC updated with Windows Update
    3. Install (and run!) antivirus software or an Internet security suite

    In an effort to deal with those computers that have been infected, Australia's Internet Industry Association (IIA)

    "has drafted a new code of conduct that suggests Internet Service Providers (ISPs) contact, and in some cases, disconnect customers that have malware-infected computers."
    1. Identify compromised/infected computers
    2. Contact customer with infected computer(s)
    3. Provide information/advice on how to fix infected computer(s)
    4. Report / alert about serious large-scale threats (including ones that make effect national security)

    Some believe this shifts the onus onto the ISPs to ensure their customers PCs are malware free; however, given that the IIA is also calling for unresponsive customers (or ones involved in large-scale threats) to have their Internet access suspended, it really puts it onto the consumer, where I believe it really belongs. Here's why:

    If your machine does have a virus, worm, or other malware, you may lose your Internet access 'til you get it cleaned up.

    Given how cheap even the best antivirus firewall software is, risking your Internet access to save a few bucks on Internet security software doesn't make sense--especially given that you'd need Internet access to download software to clean up an infected PC.

    No matter how you slice it, the ISPs realize what a threat viruses and other malware are and are going to take whatever steps they can to protect themselves, their customers, and their infrastructure. Seems like smart business to me.


    Major Spam / Scam Source Killed

    Good news in the world of anti-spam and anti-virus today: the Washington Post's security blog, the aptly named "Security Fix," announced today that thanks to their data gathering spree, what appears to be a major spam / scam ring hosted by www.McColo.com has been shut down!

    Just how much spam was this? A third party security firm, the blog says, estimates McColo was responsible for 75% of the spam today.

    Wow. Even if that estimate is off by a factor of 10, even killing 7.5% is impressive.

    After presenting the evidence to Hurricane Electric and Global Crossing, two of McColo's major Internet Service Providers, McColo's connections were yanked.

    Turns out, according to the Washington Post piece, the fine folks at McColo seem to've been hosting a, "... client list experts say includes some of the most disreputable cyber-criminal gangs in business today."

    According to Benny Ng with Hurricane Electric, one of McColo's ISPs,

    "We looked into it a bit, saw the size and scope of the problem you were reporting and said 'Holy cow! Within the hour we had terminated all of our connections to them."

    Nice work, one and all. 

    For full details, check out the original post about their efforts at stopping spam.