There is a new spam outbreak that hit today, spam in mp3's. The filenames of the spam varies, and includes some of the following:
We've got some spam rules out there to catch these things, we'll know in the next couple of days how effective they are.
A colleague alerted me to a spamming tool available on the web at the following web URL:
http://verify-email.org
It's a page that allows someone to enter in an email address and it will tell you whether or not that email address is live. In essence, this is the non-techy spammer way of checking for a valid RCPT TO address in the SMTP command. If it comes back positive, the email address is live, and if it comes back negative, the email address is not and therefore the spammer can remove it off their list.
How do I know it's a spam tool? Well, besides thinking of almost no legitimate uses for this web tool, the WHOIS information is suspicious. The registrant lives in Moldova but has a phone number registered to a North American address. Even if he screwed up and meant Maryland, the area code resolves to no actual area code in the United States.
The site was created in July, so it's fairly new. This in itself is not the clincher but combined with everything else, I think we can be rest assured that a spammer set up this page in order for himself (and possibly other spammers, I can't imagine why) to verify his spamming lists.
Hi, my name is Mike Chan and I’m the product manager for Forefront Security for Exchange Server. I’ve been on the job for a couple of months now and after talking to many customers I’ve noticed that there is still some confusion in the marketplace regarding the naming and relationship between Microsoft’s security solutions. First off, some basics. Within Microsoft, there is an antimalware group that produces signatures and an engine, very similar to the traditional anti-malware vendors. This group provides the engine and signatures for both our consumer and small business oriented solution (Windows Live OneCare) as well as our medium and large business oriented solutions (Forefront Security). I recently read an article where the author dinged Microsoft because there was no integration between our Windows Live OneCare and Forefront Security solutions. The author's assertion was that they should integrate, but I beg to differ. They both utilize an integrated engine, but at the end of the day, the solutions are targeted at different end customers which have very distinct needs and integrating them would not benefit either customer. I liken it to saying why isn’t my Microsoft Money integrated with SAP? I would say, “why?”.
Now on to the other area where I hear there is a bit of confusion. When customers hear the words “Forefront” – most think about our security solutions for businesses, but then they also assume that we are talking about the client protection technologies. Microsoft in fact has multiple solutions with the Forefront branding. On one hand you have Forefront Client Security – which is our antimalware technology for your desktops, servers and laptops, similar to the traditional AV client, designed to protect the host computer. However, we also have a line of Forefront Server Security products – of which Forefront Security for Exchange Server (FSES) is one. The Forefront Server Security products have an additional distinction of running multiple antimalware engines – along with the Microsoft antimalware engine listed above which gives our solution the edge when it comes to protecting your email. The moral of the story? Next time someone says, “Forefront” – you can be the wiser and ask them if they’re referring to client technologies or server technologies!
Mike
The Finalists for Info Security 2008 Global Product Excellence and 2008 Outstanding Awards have been announced and Microsoft is very well represented – across our client, server, and edge security solutions. The Info Security Products Guide Awards recognize and honor excellence in all areas of information security, and winners will be announced in November. Forefront made the finals in four categories – two more than a certain other big security company.
The nominees are...
· Finalists - 2008 Global Excellence in Anti-Malware Solution - Forefront Client Security (FCS)
· Finalists - 2008 Global Excellence in Email Security Solution - Forefront Security For Exchange Server 2007
· Finalists - 2008 Global Excellence in Firewall Solution – Intelligent Application Gateway & Internet Security and Acceleration (ISA) Server 2006
· Finalists - 2008 Global Excellence in Integrated Security Solution - Internet Security and Acceleration (ISA) Server 2006
The State Palaces, Castles, and Gardens of the Free State of Saxony, a state-owned company in Germany, wanted better protection for electronic data sent over a public network. Critical information was transmitted between the palaces and a central IT center through a client-side virtual private network (VPN) over Integrated Services Digital Network lines. To improve security, the company implemented a solution based on Microsoft® Internet Security and Acceleration (ISA) Server 2006, part of the Microsoft Forefront™ line of business security products. Now, the palaces can use a VPN to transmit data more securely. Remote management tools also make administration easier, and automated deployment helps the company reduce costs. Moreover, because the flexible solution is independent from bandwidth technology, the company can easily adapt to data service connection changes.
There's lots more...