The internet is a wonderful place - just perfect for picking up a PDF infection.

PDF Flaw Exposes All to Botnet Attempts

Adobe revealed that a flaw exists even in fully up-to-date versions of Adobe Reader 8.1.2 that 'could potentially allow an attacker to take control of the affected system' This is similar to other bugs that have been utilized recently by the "Bot Herders" to take over Millions of PC's to add to their herds to later be used to send spam to you and your friends.

---

Adobe's bulletin and service patch:

http://www.adobe.com/support/security/bulletins/apsb08-15.html

SANS Internet Storm Center (ISC) recommends that you update sooner rather than later.

http://isc.sans.org/diary.html?storyid=4616

---

While the SANS article mentions that the vulnerability will soon appear on a malware spreading website we at CudaMail expect the "Bot Herders" to start sending millions of messages with links to these malware sites and to use 'social engineering' to get you to interested enough to click on this unsolicited link.

So what can you do to protect yourself?

Update all your programs on a regular basis. Make sure you have a tested backup of all your important information for when - not if - you get infected and have to format and re-install your operating system (the only way to be 100% sure that you don't have a nasty infection) and don't click on links you are unsure about the origins of.

What else can we do as an anti-spam service to protect you?

While we do watch for outbreaks like this closely and will be blocking any messages that have links to known infected sites we always have to be careful to not step over the line and start blocking legitimate links. We could easily write a rule that blocks any PDF file or even any link to any PDF file but this format is used by billions of people to send all sorts of legitimate information every day and so we can't do that except in the case of a major outbreak and then for only a very short while.

So here is a question to you, our dear readers:

Would you prefer to have 100% protection from a new malware outbreak like we expect even if some legitimate messages may be blocked or would you like all your legitimate e-mail's to come through even if a few malware links also come through?

At CudaMail we have a third option - the per-user quarantine - where we can send every messages with a PDF attachment or a link to a PDF into your personal quarantine area. This would require that you take the effort to check this quarantine area and deliberately release the wanted PDF's. Is that a viable option for you?

We want to hear from you!

- Shaun

Disaster Planning - Exchange and ISP Wworking Together For Business Continuity

With email being such a significant part of most business peoples day having a backup plan in place should something happen to your mail server is time well spent.

A customer named Harold I was recently working with on his CudaMail filtering setup was explaining to me a very interesting way to do a form of Disaster Planning for Exchange Server, specifically the version included in Small Business Server (SBS).

While this method doesn't help Exchange be more robust it does keep the company working should there be a problem with the Exchange server and gives Harold time to work on his server without significant e-mail down time.

What he does is have his e-mail hosted at an ISP and uses the POP3 connector in Exchange to pull off the e-mail on a regular basis. Now this is not new as the POP3 connector has been available since SBS 2003 as far as I know but his setup is unique.

While most people would use the POP3 connector as a temporary solution when migrating to the Exchange SMTP service, Harold is leaving it in place and looking for a replacement with additional features.

(any experience with good and or free replacements?)

Should his Exchange server go "belly up" then the ISP’s mail servers would continue to accept and deliver e-mail to the mailboxes they have on their mail server.

This is where Harold’s advanced planning comes into play. He has made sure that the users know that they can use the webmail feature from the ISP to check on and reply to messages while the Exchange server is off-line. This keeps the Company alive and working and gives Harold time to do his repairs or restore from backup.

There are some pro’s and con’s to this setup that I think need to be addressed.

1. Delay in getting e-mail. Because the POP3 Connector does a scheduled check of the ISP mailbox there will be a delay of up to 15 minutes in getting e-mail. The response goes out from Exchange immediately but in this age of "instant everything" people want e-mail to be instant too. The average delay is going to be 7 ½ minutes so this is not a big issue unless there is a deadline your trying to meet.
   
   
2. History. As far as I know the POP3 connector does not have the setting to leave x number of day’s worth of messages in the mailbox so the end users will have to use both the local copy of e-mail on their desktop and also remember to BCC themselves on any sent e-mail so they can maintain an accurate history of what is said via e-mail.
   
   
3. Encryption. The POP3 connector in Exchange cannot encrypt the messages being pulled down via POP3. This is why Harold is looking for a better POP3 connector. Does anyone have any experience, good or bad, with the third party POP3 connectors?
   
   
4. Passwords. The users need to keep track of the passwords used for e-mail at the ISP. How good are your users at remembering passwords?
   
   
5. Training and reminders. The old adage ‘use it or lose it’ comes to mind. Will the users remember how to use the Webmail in a time of crisis? With e-mail down how will you be able to remind them they have this option?
   
   
6. What happens to his e-mail if the ISP has a problem? How can he modify his setup to get the best of both worlds?
   

Can you think of any other issues or gotcha’s with this setup? Would an IMAP connector be a better option? Is there such a beast for Exchange?

- Shaun

Where Does All the Spam Come From?

Source: Technology Review

The above is a wonderful chart shows that China, Brazil and Turkey lead in generating the most unwanted messages. The graph generated by data from Team Cymru is a lot easier to read than their default Hilbert Curve graph.




Source: Team Cymru

But they also have some nice graphs as well.

www.team-cymru.org/Monitoring/Graphs/

(Warning – the above graphs are Flash based.)

How can we use this information?

Well, if you are based in one country and only expect to get e-mail from only a handful of other countries then you can use a region to IP address list to block all e-mail from the countries you don’t plan on getting any e-mail from. You should, however, have an alternate method of contact like a web form so that people from these blocked regions can still reach you.

One great region based IP list can be found at http://countries.nerd.dk/ in a format suitable to use as a real time black list (RBL) via most mail server software.

- Shaun