Commtouch is a proud sponsor of BizTec, an entrepreneurship competition organized by the Haifa Technion for university and college students (undergrad & graduate) from all over Israel. It is a yearlong competition for students to build startups in various areas such as SW, HW, Bio-tech, etc., designed to ultimately produce the nation’s next generation of successful ventures.  This year is the 5th annual competition, and from previous years, nine “real” start-ups were born as result of Biztec.

Earlier this week, Commtouch’s CTO Amir Lev represented Commtouch in the opening ceremony for BizTEC 2010. Commtouch executives will also be involved in mentoring the BizTEC contestants throughout the year in various business-related subjects, and in judging the competition.

The 2010 prize will be in honor of Nahum and Nava Sharfman, who died in a tragic airplane accident earlier this year; Nahum was a co-founder of Commtouch.

To register as a participant in the BizTEC competition, please visit the registration page on the BizTEC site.

Several of us recently returned from various hosting-oriented events, including Parallels EMEA Roadshow and cPanel in Texas. We talked to lots of people there that have developed their own homegrown solutions for email filtering, often based on open source; here are the top 10 reasons we heard for keeping their existing email filtering systems:

1. They love Spam about poorly written and badly spelled offers for sex, drugs, and that new PhD they wanted to get, but couldn’t be bothered to go to school for.

2. They simply can’t get enough of those cute viruses.

3. They love being interrupted during breakfast, lunch, and dinner to troubleshoot a customer’s infected computer that in the end they have to tell them to reformat anyway.

4. The happiest moment in their day is when a customer clicks on an .EXE file from someone they don’t know and then calls sounding genuinely surprised.

5. Their fingers get a great workout from the hours and hours of writing filter rules and adding people to the blacklist.

6. They still believe deep down that poor widowed Carlonia Jobabie Johnson from Nigeria will finally stop mourning the loss of her late husband/general/president/priest/doctor long enough to send the millions they helped her get.

7. Actually getting real work done is just plain boring.

8. They don’t mind spending most of your day sifting through thousands of their client’s inboxes to find that one email.

9. They have a bet with Joe in sales that this month’s server electric bill won’t be higher.

10. They get that warm and fuzzy feeling when clients call you to cancel and demand a full refund after 95% of their email is spam and/or viruses (they’re so silly what were they thinking).

And since this is not really a top ten list…NUMBER…

11. Watching the servers run above maximum, overheat, and crash helps them sleep at night.

OK OK – you want to read the top 10 reasons to SWITCH to commercial email filtering? There’s a real document you are welcome to download and share.

Unbeknownst to computer owners, malware infects millions of computers around the world. Many times, these malicious software programs create “zombies,” or “bots” where the computer is taken over by an outside party and used to send spam or perform other notorious processes. An army of zombies makes up a “botnet,” which is a network of zombies that are triggered to send spam or denial of service attacks en masse.

One extreme example of the dangers of zombies was recently reported in the Washington Post. The article examined how some people who claim innocence were convicted of involvement with child pornography after their computers were infected by a virus and used to store and sometimes distribute horrific images.

The article goes on to explain:

Pedophiles can exploit virus-infected PCs to remotely store and view their stash without fear they’ll get caught. Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites.

Whatever the motivation, you get child porn on your computer – and might not realize it until police knock at your door.

In one case, Michael Fiola was fired in 2007 after his company found child pornography stored on his work computer. He spent hundreds of thousands of dollars in legal fees while his reputation suffered…and after nearly a year, it was in fact proven that a virus had infected his computer, causing it to systematically visit pornographic Web sites while he was nowhere near the computer. In other cases, the defendants were not as successful in proving their innocence, and many of them are now serving time in prison.

There are organizations (e.g. Association of Sites Advocating Child Protection – ASACP and Internet Watch Foundation – IWF) that have banded together to try and eliminate child pornography from the Internet. The IWF manages a list of Web sites containing child abuse images, which can be incorporated into Commtouch’s anti-spam solution to screen emails containing child abuse and exploitative content and flag them as non-compliant. Many Commtouch partners have implemented the IWF material to protect their customers.

For real-time Zombie statistics and information, check out the Zombie Lab in our Online Security Center.

Halloween is always a fun holiday for cybercriminals. Spam, malware, phishing…the works. The Commtouch Labs reported on several different Halloween schemes this season.

One spam attack surfaced in  multiple languages. The subjects read like this:

• … reduzierte preise fuer halloween! programme fuer pc & mac
• … reduction des prix de l’halloween! programmes pour pc et mac
• … prezzi piu bassi per halloween! programmi per pc e mac
• … halloween sale! programs for pc & mac

Advanced mail filtering technologies (*ahem ahem*) are language-agnostic and can easily detect and block attacks like this before they hit a network.

Another Halloween attack led to some nasty malware. An email like the one pictured here has been circulating and enticing innocent users to click on a link to retrieve a Halloween greeting.

Holiday greeting schemes are not new, however. Recall the fake Hallmark holiday emails that spread Trojans and the New Year’s e-card blended threat as well.

The link inside the message leads you to the landing page seen below, which offers users to download a browser toolbar, which is actually a virus.

Guess they’re up to more tricks than treats!

We’re glowing with pride about the achievements of two Commtouch partners who recently received 4-star rating from SC Magazine, and wanted to share the news with you. Congratulations to Check Point and GateProtect, whose Unified Threat Management (UTM) devices were reviewed and rated: Check Point’s UTM-1 136 and GateProtect’s GPA 400.

Check Point’s UTM-1 136 includes firewall, IPsec VPNs, IPS, URL filtering and anti-virus plus anti-malware and anti-spam. It got a perfect 5-star rating in the “Features” and “Support” categories, and the overall 4-star rating was awarded for its excellent security features range. SC Magazine went on to say that Check Point’s “much needed anti-spam service performs very well” and the system includes “excellent reporting and monitoring tools.”

The UTM-1 136 contains Commtouch Anti-Spam which SC Magazine tested by configuring it to scan mail from live accounts and tag the spam messages.

A test client running Outlook had rules set up to place tagged and suspect messages in separate folders. After a few days on the default settings, we saw a perfect 100 per cent performance for spam identification, with only two messages incorrectly tagged as suspect.

The verdict? That the UTM-1 136 is easily customizable with a lot of useful security measures and excellent Web filtering and anti-spam performance. The full product review can be found on the SC Magazine Web site.

*****

GateProtect’s GPA 400 has an SPI firewall with an SSO solution, IPsec and SSL VPNs, IDS and traffic shaping. Optional add-ons include Commtouch anti-spam. It got a perfect 5-star rating in the “Features” and “Ease of Use” categories, and the overall 4-star rating was awarded for its eGUI, its excellent web filtering and anti-spam performance and its complete range of customizable security measures.

SC Magazine went on to say that “GateProtect’s approach to UTM appliance management is refreshing” and that “the GPA 400 delivers an impressive range of security features.”

After testing the optional anti-spam add-on, SC Magazine reported that:

The Commtouch service is extremely good as it generates a hash value for each email which it compares with its own remote servers. Commtouch works with a number of ISPs, allowing it to store hashes of known spam, making the identification process very simple.

The verdict? The GPA 400 is incredibly easy to use and offers an impressive range of customizable features. The full product review can be found on the SC Magazine Web site.

Last year, in the spirit of the holiday, Commtouch made a donation to a charitable organization on behalf of our business partners and friends. We considered many options and decided upon a very worthy organization that helps launch microbusinesses throughout the world.

In continuing with the tradition, we would like to make a similar donation this year. With the help of Charity Navigator, we have chosen four 4-star organizations and would like you, our partners and friends, to help choose the organization (or organizations) to which we will make our contribution. The organizations are: Books for Africa, Rare, The V Foundation and Vitamin Angels.

Scroll down for more information about the different organizations.

**************

**************

The organizations from which to choose are:

• Books for Africa – Books for Africa (BFA) collects, sorts, ships, and distributes books to children in Africa. Since 1988, BFA has shipped more than 20 million books to 45 African countries.
• Rare – Rare’s missionis to conserve imperiled species and ecosystems around the world by inspiring people to care for and protect nature by: training and mentoring local conservation leaders in the use of proven outreach tools; helping local leaders customize Rare’s tools and identify motivations and messages to inspire environmental protection in their own communities; building partnerships that leverage Rare’s financial and technical investments; and more.
• The V Foundation – The V Foundation has raised more than $80 million and awarded cancer research grants in 38 states and the District of Columbia. Researchers have developed their laboratories and taken their science from the labs to the clinics with the help of funds raised by The V Foundation.
• Vitamin Angels – The mission of Vitamin Angels is to mobilize and deploy private sector resources to advance availability, access and use of micronutrients, especially vitamin A, by newborns, infants and children in need, thereby working to reduce child mortality worldwide.

Earlier this month Commtouch participated in the cPanel Conference in Houston, Texas. This annual event, now in its 4th year, brings together a wide group of attendees, from Linux engineers to company executives. The three day event offers hosting providers the opportunity to meet with leading cPanel partners and industry gurus to learn how to generate more revenue, keep customers happy and lower overhead through automation.

During the conference, Commtouch’s Stoney Brooks presented a session called “Open source e-mail security may cost more than you think.” Stoney described how open source solutions have many hidden costs that hosting providers often fail to take into account when they choose open source over commercial anti-spam and anti-virus solutions.

Stoney provided some actual figures of how much hosting companies could save using Commtouch solutions. For example, he showed how a hosting company handling 25,000 email subscribers could use Commtouch IP reputation to reduce their bandwidth requirements by 80%, or Commtouch anti-spam to reduce the number of servers needed to handle spam from 9 to 1. Cost savings from reducing the bandwidth and servers, along with the associated administrative costs of manually dealing with spam could save the hosting company upwards of $35,000 annually. Stoney backed up his analysis with actual customer testimonials attesting to the reduced bandwidth, server and overhead costs.

The Commtouch team had a great time meeting with everyone and participating in the event. The picture seen here (courtesy of the Web Host Industry Review) shows our own Stoney Brooks and Ashley Schoch at the Commtouch booth.

Also check out our post: “How much is your “free” open source messaging security solution really costing you?” and our short video depicting a week in the life of a hosting operation manager dealing with the hidden costs of open source security.

Spammers excel at coming up with new tricks to bypass email filters, and in the last week or so, their latest trick was to distribute their messages via Amazon’s EC2 cloud service.  As a result, according to this article on SearchCloudComputing, the well-known global real-time block list Spamhaus blocked the entire EC2 range, which meant that all the legitimate mail being sent from EC2 was blocked by anyone who blocked mail according to Spamhaus’ SBL.  Of course Amazon’s small/medium business customers were up in arms, since they were unable to send email, or rather, they were sending email that was getting blocked by anyone who subscribed to Spamhaus’ SBL. Eventually Spamhaus moved EC2’s IP range from its SBL to PBL, which is their block list for dynamic and non-MTA IP ranges. Fewer subscribers block these IP addresses so this change had the effect of “unblocking” emails from the EC2 cloud. However anyone who blocks based on PBL or ZEN (i.e. all Spamhaus lists) will still block these addresses.

With any IP Reputation solution (including Commtouch’s) handling bad mail that comes from otherwise legitimate servers presents a knotty problem. Block it entirely (as Spamhaus did) and you create false positives. Allow it to go through and you allow false negatives. Any service like an RBL that is based on complaints about spam will tend to block IPs that send spam whenever they receive complaints about a particular IP address. This then requires a manual process in order to change the IP reputation back to allowing email through.

Commtouch’s approach has been the opposite of the RBLs; we start by tracking all IPs – both good and bad – so we automatically can tell the reputation of a source. Our decision has been not to recommend blocking IP addresses that send a combination of legitimate and non-legitimate email, because of the false positives this needlessly creates (we can recommend a tempfail scenario, but this wouldn’t always work, as in the case of EC2, since Amazon’s mail servers are legitimate and will keep retrying). There are other solutions out there (including by Commtouch ) for differentiating between good and bad email coming from the same IP address; IP reputation and RBLs are not designed for that.

This incident also highlights another crucial market need, that is, that hosted email providers should be implementing outbound spam protection, since in that way they can identify and isolate the offending spammers, in order to protect the reputation of their IP ranges. My colleague Eyal touched on the outbound spam problem in his post about open source vs. commercial email solutions for hosting providers, but outbound spam is a whole subject on its own, deserving of its own post sometime in the future.

In September, security company Symantec reported a 45% decrease in phishing attacks compared to the previous month. Several security companies rang into the debate with data both supporting and contradicting the claim. You can check out responses and similar studies from SPAMFighter, MarkMonitor and IBM.

Commtouch Labs examined phishing attack data from seven Commtouch Security Alliance members and the results indicate that the way in which data is analyzed directly determines the results. As depicted in the chart below, some companies showed spikes while others showed declines or much smaller increases.

*Click on the image to enlarge.

The chart above shows the absolute number of URLs or IP addresses that led to phishing sites, as recorded by seven different anti-phishing research organizations throughout the third quarter. There are obvious statistical differences between the results of each company, which can be attributed to two factors:

1. Companies identify threats at different times. The fact that there is a spike on a specific date from one source might mean others will see this data at some other point in time (before or after), which will even out the peak.
2. Each company has its own definition of what constitutes an attack. Based on the usage of the data, different groups analyze the attack at various granularity levels.

“You must have a common definition for a phishing attack. In particular, when fast-flux botnets host phishing, is a phishing attack counted for each bot IP address, each unique URL, or each domain name that is fluxing as part of the attack?” asked John LaCour, President of PhishLabs, a Commtouch Security Alliance partner. “What’s important is that definitions are explained, that they’re used consistently by the same reporting organization. Then you can make statements about trends as seen by that organization, but I don’t think you can make meaningful comparisons between different organizations.”

To read the rest of the Commtouch response to the phishing attack debate, or to find out more information about messaging and Web threat trends, download the Q3 2009 Internet Threat Trends Report.

Amir Lev, Commtouch CTO and president, is now blogging over at ComputerWorld. Each week, he’ll explore new and interesting messaging and Web security trends and topics including:

• Spammer tricks
• Spam legality around the world
• Cultural aspects of spam
• Cultural aspects of web filtering
• Mac OS malware
• “419″ advance-fee fraud

In his first post, Spam Culture, part I: China, Amir examines how cultural differences affect spam and how a society approaches it. In China, for example, large, well-known companies can freely send unsolicited emails to a group of people and it is not considered “spam” according to the more commonly accepted definition that spam is unsolicited email.

His second post, The Return of Image Spam, discusses the re-emergence of an old spam favorite.

Check back each week for a new post.