Malware

Paris, France Oct. 25, 2016 – The lead architect of both a comprehensive report that demystifies online threats for the general public and an important Canadian law that has appreciably reduced spam has received the M3AAWG 2016 JD Falk Award for his contributions to a safer online world.  André Leduc was recognized for spearheading the global Operation Safety-Net best practices report and for his role in developing the Canadian Anti-spam Legislation that requires marketers to obtain users' permission before sending commercial email.

The award was announced Oct. 25 during the four-day M3AAWG 38th General Meeting in Paris. The Messaging, Malware and Mobile Anti-Abuse Working group presents the award annually to recognize an "unsung hero" working behind the scenes to protect the internet and end-users.

"Both of these accomplishments have been widely embraced by the anti-abuse community as valuable tools in fighting spam and other cybercrime. Operation Safety-Net makes cybersecurity accessible to mainstream, non-technical users by cutting through the complicated techno-jargon about keeping our devices safe, and the anti-spam law known as CASL has dramatically reduced junk mail in Canada and beyond. Neither of these projects would have come to fruition without Andre's meticulous attention to detail, his dedicated effort that went well beyond expectations, and his persistent leadership," said Michael Adkins, M3AAWG Chairman of the Board. 

Leduc is the acting director of business, intelligence and analysis, and digital security policy, at the Canadian Department of Innovation, Science and Economic Development. He also served as a voluntary secretariat co-lead for the London Action Plan/Unsolicited Communications Enforcement Network and facilitated the cooperative work between M3AAWG and LAP/UCENet that resulted in the jointly published report. A video with Leduc explaining the motivation behind these two projects is available on the M3AAWG YouTube channel at www.youtube.com/maawg.

Operation Safety Net for Business, Government and End-Users

Operation Safety Net – Best Practices to Address Online, Mobile, and Telephony Threats is a 76-page report written by security experts from around the world that describes current cyber issues facing business, government and end-users with the proven techniques to protect against them. Leduc spearheaded the project, which was originally requested by the Organisation for Economic Co-operation and Development, and compiled the submitted material into a coherent report.

Leduc said, "Translating our technical and engineering way of talking into plain language was probably the most important part of this work. We wanted to create a report that a security officer or an engineer could give to colleagues and management to help them understand cyber attacks and why their organizations might be targeted. We also wanted to make it easy for government policy makers in both the developed and developing countries, where they may not have much technical experience, to take action."

The original report was published in 2012 then updated in 2015. The latest version covers malware and botnets; phishing and social engineering; internet protocol and domain name system (DNS) exploits; and mobile, voice over IP (VOIP) and telephony threats.  Originally published in English, it has been translated into French and Spanish, reaching much of the world's population. The report is available in these languages at www.m3aawg.org under Best Practices.

CASL Effective Beyond Canada

Leduc also was the lead architect developing the policy and legal frameworks for the Canadian Anti-spam Legislation that set a new standard for sending marketing messages when it went into effect in 2014.  The law applies to commercial or promotional information sent through email, SMS, instant messaging or social media. It also covers software installations and mobile apps. 

CASL requires marketers to obtain a user's permission to receive a commercial message before it is sent, a process known as "opt-in" that is more effective in fighting abuse and spam. For example, under the law, users need to voluntarily sign up for a mailing list or have an existing business relationship with an organization before marketers can send them related emails. Since CASL applies to all messages sent to users in Canada, including those originating from other countries, it has encouraged the voluntary adoption of opt-in practices internationally.

"The volume of spam on Canadian networks has decreased by more than a third since CASL went into effect. We have also seen a high level of compliance from senders in the countries to our south, throughout Europe, and even in Asia. Many international senders are now getting consent prior to sending commercial electronic messages to our users," Leduc said.

Leduc began work on establishing the concepts and language for CASL in 2009.  He has specialized in cybersecurity since 2004 when he led OECD ecommerce business working groups and then became part of an expert subgroup on high-tech crimes in 2004. He has represented Industry Canada (now Innovation Science and Economic Development Canada) at the OECD, the G7 and G8 summits, and the Wassenaar Arrangement.

The M3AAWG 38th General Meeting is the organization's annual European meeting and has brought together more than 350 security experts from 30 countries.  The working meeting features more than 50 sessions with network operators, social networking companies, hosting and cloud services providers, email service providers, academic researchers and public policy advisors sharing information on the latest cyber threats. The next meeting will be February 20-23, 2017 in San Francisco.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Pr@m3aawg.org

M3AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Facebook; Google; LinkedIn; Message Systems; Mailchimp; Microsoft Corp.; Orange (NYSE and Euronext: ORA); Return Path; SendGrid, Inc.; Charter Communications; Vade Secure; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Dyn; Exact Target, Inc.; IBM, iContact; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Liberty Global; Listrak; Litmus; MAPP; McAfee Inc.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Rackspace; Spamhaus; Sprint; and Symantec.

A complete member list is available at /about/roster.

San Francisco, May 4, 2016 – Global Cyber Alliance – an organization founded by the New York County District Attorney's Office, the City of London Police and the Center for Internet Security – will be collaborating with M3AAWG to push the security community to more quickly adopt concrete, quantifiable practices that can reduce online threats. The non-profit GCA has joined the Messaging, Malware and Mobile Anti-Abuse Working Group, which develops anti-abuse best practices based on the proven experience of its members, and M3AAWG has become a GCA partner for the technology sector.

“Global Cyber Alliance is pleased to partner with M3AAWG, an organization that has worked for many years on operational issues of Internet abuse.  Both of us want to make a measurable difference in minimizing cyber risk, and we are confident that we can do so,” said Philip Reitinger, GCA President and CEO.

Launched in September 2015, Global Cyber Alliance's mission is to confront, address and prevent malicious cyber activity and improve the security of the connected world. It identifies and prioritizes areas of systemic cyber risk concentrating on measurable achievements, and has established Cyber Security Strategic Action Centres (CSAC) in New York and London.

In a recent announcement, GCA revealed that its first strategic area of concentration will be phishing with a focus on two solutions shown to be effective at combatting it: implementation of DMARC to limit spoofing of email and secure DNS practices to minimize the effect of phishing and other attacks.

M3AAWG has actively supported DMARC since its inception. It has also developed materials to help the industry fight phishing, including a video on using DNS "response policy zones” to protect against illegitimate websites, anti-phishing best practices for mailbox providers, and best practices to avoid potential problems for "parked" domains where email is not enabled. 

GCA will also participate in ongoing M3AAWG work and the two M3AAWG North American general meetings and its annual European meeting. The M3AAWG 37th General Meeting will be June 13-16 in Philadelphia, Pa., U.S.A., with over 50 sessions including the co-located i2Coalition annual meeting.

M3AAWG Chairman of the Board Michael Adkins said, "The most effective best practices won't amount to much if the industry neglects them. At M3AAWG, we're able to tap into our members' experience to identify what processes are working against cyber threats around the world. Even so, it can be challenging to achieve the widespread implementation of these practices to protect the ecosystem. GCA's focus on cross-sector implementation and measurement will address some of the confusion and apathy in the industry, and will help mitigate cyber risks."

About Global Cyber Alliance

Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measureable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s motto “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks.

GCA, a 501(c)3, was founded in September 2015 by the New York County District Attorney's Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Pr@m3aawg.org

M3AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Cox Communications; Facebook; Google; LinkedIn (NYSE: LNKD); Mailchimp; Message Systems; Orange (NYSE: ORAN) and (Euronext: ORA); Rackspace; Return Path; SendGrid; Time Warner Cable; Vade Retro - OpenIO; Verizon Communications; and Yahoo Inc.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Bluehost-Endurance; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Constant Contact (NASDAQ: CTCT); dotmailer; Dyn; ExactTarget, Inc.; IBM; iContact; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Liberty Global; Listrak; Litmus; McAfee Inc.; Microsoft Corp.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; and Symantec.

A complete member list is available at /about/roster.

San Francisco, March 16, 2016 – The Internet Infrastructure Coalition, i2Coalition, has joined the Messaging, Malware and Mobile Anti-Abuse Working Group to continue work on developing best practices for hosting and cloud service companies and to share other information that will protect end-users. Members of the i2Coalition's new Internet Safety Working Group and its Abuse Reporting Discussion List will be participating in M3AAWG meetings and committee work as the two organizations collaborate on threats aimed at the Internet's infrastructure.

To encourage an exchange between the anti-abuse experts in M3AAWG and the hosting companies in the i2Coalition, M3AAWG will co-host a formal i2Coalition member meeting at its M3AAWG 37th General Meeting in Philadelphia on June 13-16, 2016. The meeting will include both joint sessions with speakers on vital issues related to hosting abuse along with separate sessions focused on topics specific to each organization, according to Jerry Upton, M3AAWG executive director.  

The i2Coalition works to encourage an open, safe and free Internet that drives innovation, economic growth and enhances the lives of people globally. It represents companies from the Internet infrastructure industry from around the world. Counted among the i2Coalition’s members are hosting, domain name and cloud computing companies, among others.

“We are joining M3AAWG because spam, malware and other online threats can be significantly reduced by hosting companies following common hygiene and security guidelines,” said Christian Dawson, i2Coalition executive director and founder.

"Hosting companies can implement some simple steps to protect end-users that do not require added resources or burden staff as outlined in the best practices our organizations jointly published last year. Because these processes can reduce exploits against end-users, they also can help reduce costly abuse desk and customer service operations. We will be working within M3AAWG to identify new online threats targeted to hosting and cloud service providers as they develop and to share this knowledge with our hosting operator members," Dawson continued. 

The i2Coalition will work with the Hosting Committee and other groups within M3AAWG.  The two organizations will expand on the 2015 M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers along with other projects.

M3AAWG is also the first technical partner to join the i2Coalition. Aside from its membership option, the i2Coalition has created this program for formal technical partnerships to foster cooperative work with organizations that can jointly develop best practices or technical standards and to generate work that will safeguard or advance Internet infrastructure technology.

The four-day M3AAWG general meeting in Philadelphia will include anti-abuse training and about 50 sessions on email and mobile abuse, voice and telephony abuse, the latest malware threats, hosting abuse and public policy issues.  Sessions on cybersecurity related to emerging technologies such as the Internet of Things and social messaging will also be offered.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Pr@m3aawg.org

M3AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Cox Communications; Facebook; Google; LinkedIn (NYSE: LNKD); Mailchimp; Message Systems; Orange (NYSE: ORAN) and (Euronext: ORA); Rackspace; Return Path; SendGrid; Time Warner Cable; Vade Retro - OpenIO; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Bluehost-Endurance; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Constant Contact (NASDAQ: CTCT); dotmailer; Dyn; ExactTarget, Inc.; IBM; iContact; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Level 3; Liberty Global; Listrak; Litmus; McAfee Inc.; Microsoft Corp.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; and Symantec.

A complete member list is available at /about/roster

San Francisco, November 17, 2015 – Looking to share its advanced research on bot behavior, emerging infections and mitigation processes with the security community, Georgia Institute of Technology is the first academic institution to join the Messaging, Malware and Mobile Anti-Abuse Working Group.  The university sees the closed, vetted structure within M3AAWG as a rare opportunity to disseminate its findings on the latest threats directly to network operators and public policy advisors while also obtaining feedback from these industry professionals, according to Dr. Manos Antonakakis, computer systems and software assistant professor at Georgia Tech, School of Electrical and Computer Engineering, and M3AAWG Academic Committee co-chair.

"M3AAWG bridges the gap between academia and industry.  As researchers, we often identify new strategies to understand and disable complex illicit infrastructures, such as botnets and malware, and objectively measure other aspects of Internet abuse, for example, spam and ad fraud.  We want to share this information with the security community as quickly as possible and M3AAWG is an active channel for disseminating this data.  On the other hand, in order to commercialize this work, we need input from security professionals who are dealing with these challenges every day.  M3AAWG closes this loophole by providing the operational feedback that helps us turn our research into products industry can use to solve specific threats," Antonakakis said.

M3AAWG is recruiting university cybersecurity research programs to join its anti-abuse work so it can provide its members access to the experimental processes and academic studies that help improve end-user security.  The in-depth research at these institutions is especially important in a world where criminals can change a bot's coding to avoid detection in just minutes and new threats are always emerging.  In addition, universities also can participate in other projects.  For example, Dr. Mustaque Ahamad, professor at Georgia Tech’s School of Computer Science, is co-chair of the M3AAWG Voice and Telephony Abuse Special Interest Group, according to Michael Adkins, M3AAWG chairman.

Adkins said, "Georgia Tech has developed one of the leading computer science programs in the world and has a strong understanding of anti-abuse issues.  They have presented groundbreaking research at our meetings in the past, including early research on the effectiveness of bot mitigation notifications with its study of the DNS Charger program in 2013, data on new malware infections and updates on known threats.  We look forward to strengthening our relationship with their researchers, bringing the latest threat findings to our members, and providing input on new research and processes."

The recently established Institute for Information Security and Privacy (IISP) at Georgia Tech will significantly grow these research programs and related curricula to make fundamental advances in cybersecurity. U.S. News and World Report ranked its computer engineering program among the top ten in the nation.  

About Georgia Tech

The Georgia Institute of Technology (http://www.gatech.edu/), also known as Georgia Tech, is one of the nation’s leading research universities, providing a focused, technologically based education to more than 25,000 undergraduate and graduate students. Georgia Tech has many nationally recognized programs, all top-ranked by peers and publications alike, and is ranked in the nation’s top 10 public universities by U.S. News and World Report. It offers degrees through the Colleges of Architecture, Computing, Engineering, Sciences, the Scheller College of Business, and the Ivan Allen College of Liberal Arts. As a leading technological university, Georgia Tech has more than 100 centers focused on interdisciplinary research that consistently contribute vital research and innovation to American government, industry and business.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Facebook; Google; LinkedIn; Mailchimp; Orange (NYSE: ORAN) and (Euronext: ORA); Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; dotmailer; Dyn; ExactTarget, Inc.; IBM; iContact; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Listrak; Litmus; McAfee Inc.; Microsoft Corp.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Rackspace; Spamhaus; Sprint; Symantec and Twitter.

A complete member list is available at /about/roster.

M³AAWG 34^th General Meeting, Dublin, Ireland, June 10, 2015 – A thoughtful provocateur ready to take on difficult challenges for the good of the Internet and an influential cybersecurity advocate, Rodney Joffe has worked to protect end-users since the 1990s when he fought to contain spam as the first email marketing campaigns were taking hold.  In the ensuing years, he has single-handedly crippled text spam, has developed a sophisticated system to protect DNS, and has helped manage the worldwide response to major botnets infecting millions of users.  At the M³AAWG 34^th General Meeting in Dublin, Ireland, Joffe received the 2016 M³AAWG Mary Litynski Award for his lifetime achievements in protecting the Internet and end-users.

“Rodney is the kind of person who embraces the Internet with all its possibilities and quietly works behind the scene to fight abuse. Today’s industry leaders know he’s the person to go to when you need to get something done, especially if it involves protecting the general online public who might not be in a position to take action.  When he sees a problem, Rodney jumps in with whatever talent and resources are needed and his accomplishments over the last twenty years have made us all safer,” said Michael Adkins, M³AAWG Chairman of the Board.  

Joffe’s most recent focus has been on combatting botnets, nefarious networks of malicious code designed to steal personal information, hijack a user’s machine or engage in other harmful activities. Chairing the Conficker Working Group starting in 2008, Joffe managed the efforts of thousands of technologists in 115 countries working to mitigate the botnet.  He also served as an envoy for the group, pressuring the U.S. government to pay attention to the problem and testifying at U.S. congressional cybersecurity hearings in 2009.  In 2013, he received the U.S. FBI Director’s Award for helping organize the industry’s response to the Mariposa botnet, another major infection that affected users globally. He has also participated as a core threat designer in cybersecurity exercises operated by the U.S. Department of Homeland Security, the White House and the U.S. National Security Council.

Advocating for better global cooperation against online abuse, Joffe said, “The criminals that we are fighting have the same or better skillsets as us but they don’t have the moral compass we do.  So it’s not a level playing field and, right now, all we’re really able to do is contain the problem.  Until we can get to the point where law enforcement around the globe, as a group, are prepared to go after the bad guys and put them in jail so there aren’t outposts where they can hide, we’re not going to be able to completely win this battle.”    

Developed UltraDNS and Other Widely Used Network Security

Joffe’s interest in protecting networks grew out of his work at Genuity, a major Internet Service Provider he founded in 1995 and one of the first Internet hosting companies.  Three years later, Joffe created Anycast for DNS as a faster, more robust, and less expensive Internet addressing and routing system. In 1999, this evolved into the creation of UltraDNS, a Domain Name Service lookup and traffic management service that is widely used today to protect against Distributed Denial of Service attacks. Criminals use DDoS attacks to direct massive volumes of traffic to a targeted domain name, trying to flood the website’s servers and knock the organization offline.  The technologies Joffe implemented known as DNS Shield provide additional, protected Internet routing to safeguard Web and email services for government and business enterprises. UltraDNS is now offered as a Neustar product, where Joffe serves as senior vice president, senior technologist and a fellow.

Fighting Both Messaging and SMS Spam

Joffe outlined much of the industry’s history in fighting spam and online abuse in a video shown at the M³AAWG meeting (https://youtu.be/J-e3aO7rc0E).  His efforts began in 1998 when marketers were just beginning to discover email.  As the operator of a postal direct mail service bureau at the time who also understood the Internet, he was asked by the online community to help educate marketers about the industry’s best practices.  In the process, he developed SafeEPS, a global opt-out service that within the first few days of its availability signed up more than 50 million email addresses that did not want to receive unsolicited mail. Although somewhat controversial, the service was embraced by the major Internet service providers and helped shape aspects of the U.S. CAN-SPAM law.

As marketing technologies developed, Joffe decided to go after companies sending junk faxes and became an expert in the U.S. Telephone Consumer Protection Act of 1991 (TCPA), which eventually led him to apply the law to a class-action suit against text-messaging spammers. The Joffe v Acacia National Mortgage case set a legal precedent and has been used against text spammers since the 2001 ruling in his favor.  

Joffe also has quietly mentored and supported many of today’s Internet trailblazers.  Although he no longer owns Genuity, which was acquired by GTE and is now Verizon, he still maintains a private ISP dedicated to providing pro bono bandwidth and other services to nonprofits and researchers working to protect the Internet.

The M3AAWG Mary Litynski Award is presented each year to recognize a person who has worked behind the scenes for many years to help protect online users.  Information and the submission form for the 2017 award are at /awards#LitynskiAward.  
 
More than 370 security experts and public policy advisors from 29 countries are participating in the M³AAWG 34^th General Meeting, June 8-11 in Dublin where M³AAWG is also hosting the London Action Plan (LAP). The meeting features over 55 sessions tackling various aspects of online abuse. M³AAWG will hold its next meeting October 19-22, 2015 in Atlanta, Georgia.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M³AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Facebook; Google; LinkedIn; Listrak; Mailchimp; Message Systems; Orange (NYSE and Euronext: ORA); OVH; PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Dyn; iContact/Vocus; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Litmus; McAfee Inc.; Microsoft Corp.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; Proofpoint; Rackspace; Spamhaus; Sprint; Symantec and Twitter.

A complete member list is available at /about/roster.

M³AAWG 34th General Meeting - Dublin, Ireland, June 9, 2015 – Operation Safety-Net, available today, is a cooperative global effort by industry and government experts outlining the online threats currently facing the world along with the proven best practices to mitigate them. The report was jointly developed by the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) and the London Action Plan (LAP), and describes the latest recommendations to protect users and networks from illicit Internet, mobile and telephony attacks.

“This tool doesn’t just describe today’s threats.  It also provides straightforward recommended best practices for governments, businesses, educators and other members of the Internet and mobile industry to join in the fight against these threats. The report, an easy-to-read synopsis of the current risk environment, was a global collaborative effort from the front line community that fights spam, malware, phishing, hacking and related hazards,” said Manon Bombardier, a LAP secretariat member and Chief Compliance and Enforcement Officer at the Canadian Radio-television and Telecommunications Commission (www.crtc.gc.ca).

The international community collaboratively developed the report in a public-private partnership led by Andre Leduc, Industry Canada manager of the National Anti-spam Coordinating Body.  Industry experts from M3AAWG, LAP and other organizations, such as CAUCE (Coalition Against Unsolicited Commercial Email) and the APWG (Anti-Phishing Working Group), also contributed.

Written in plain language, Operation Safety-Net focuses on five areas and their related best practices.  Some examples of the proven industry practices to combat these threats include:

1.    Malware and Botnets

• Among the most serious threats to the Internet economy, malware and bots can alter their characteristics so that even anti-abuse experts are not able to detect them.  
• Following industry best practices, the report encourages Internet Service Providers to notify customers of bots on their systems and also recommends the blocking of port 25.

2.    Phishing and Social Engineering

• Phishing schemes are going after increasingly more valuable data and high-value targets.
• Among the industry best practices to curtain fraud from phishing, the report recommends prompt breach reporting.

3.    Internet Protocol and Domain Name System (DNS) Exploits

• The worse DNS exploits involve bad actors redirecting Internet traffic to fake versions of popular websites.
• The report supports the worldwide deployment of DNSSEC (DNS Security) and recommends keeping DNS software updated.

4.    Mobile, Voice over IP (VoIP) and Telephony Threats

• Robocall scams are becoming more severe and new technology is also contributing to a growing number of Telephony Denial of Service (TDoS) attacks.
• The report recommends the development of international threat information exchanges and developing facilities to report these newly emerging schemes.

5.    Hosting and Cloud Threats

• Online and mobile threats exploiting hosting and cloud services include spam, spamvertising, phishing, hacked websites, DDoS (Distributed Denial of Service) and other attacks.
• The report suggests possibly implementing hardware-based intrusion detection systems (IDS) and software-based security scans and firewalls.

M³AAWG Chairman Michael Adkins said, “Operation Safety-Net isn’t just for network or operational professionals.  It aggregates the anti-abuse industry’s global experience in identifying and curtailing current threats to help non-technical executives understand and manage online risk in their organizations.”     

Operation Safety-Net updates the initial “Best Practices to Address Online and Mobile Threats” report issued jointly by M³AAWG and LAP in 2012 to the OECD (The Organisation for Economic Co-operation and Development).  The new report released today has been rewritten to provide more depth on threats resulting from converging technologies, the development of new mobile attack vectors, and rapidly mutating malware.  For example, Operation Safety-Net addresses nefarious activities such as hijacked cloud and hosting services, VoIP “swatting” attacks that can disable emergency services switchboards, and new techniques for inserting spyware onto computers and mobile devices.

John Levine, president of CAUCE, said,  “We are particularly delighted to see that the groundbreaking work accomplished in the 2012 version of this report has not been allowed to languish, given the worldwide and positive acceptance of the initial document. The global anti-abuse community coming together and creating an opportunity to review, refresh and renew this important toolkit is a remarkable milestone.”

Operation Safety-Net is available on the websites of several organizations including in the Best Practices section of the M3AAWG website at /Operation_Safety-Net and on the LAP website at http://www.londonactionplan.org/reports-stats.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)
 
The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.m3aawg.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

About the London Action Plan (LAP)

The LAP (www.londonactionplan.org) is a 45-member organization drawn from governments, law enforcement agencies, academia and industry, and includes participants from Asia, Africa, North America and Europe that focus on fighting spam and online threats to consumers. The LAP promotes international enforcement cooperation and addresses spam related problems, such as online fraud and deception, phishing, and dissemination of viruses and has expanded its mandate to include additional threats, including malware, SMS spam and Do-Not-Call. The LAP coordinates joint enforcement activities, and enhances the technical skills of its members through regular teleconferences and an annual meeting.

Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M³AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Facebook; Google; LinkedIn; Listrak; Mailchimp; Message Systems; Orange (NYSE and Euronext: ORA);  OVH; PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Dyn; iContact/Vocus; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Litmus; McAfee Inc.; Microsoft Corp.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; Proofpoint; Rackspace; Spamhaus; Sprint; Symantec and Twitter.

A complete member list is available at /about/roster.