Malware

San Francisco, March 20, 2013 – Emphasizing the need for more cooperative cybersecurity efforts across platforms, the Messaging, Malware and Mobile Anti-Abuse Working Group will continue with a diverse leadership structure for 2013.  Alex Bobotek of AT&T and Chris Roosenraad of Time Warner Cable will continue as M³AAWG Co-Chairmen with Michael O’Reirdan of Comcast continuing as a Board member and M³AAWG Chairman Emeritus.

Michael Adkins will remain as vice chairman with M³AAWG Executive Director Jerry Upton serving as the Board secretary. Anthony Purcell was also re-elected treasurer during the February 21 Board elections held at the M³AAWG 27^th General Meeting in San Francisco. 

Last year M³AAWG expanded from its original mission of fighting spam to a broader charter that includes the urgent problems of confronting malware and fighting abuse on mobile platforms.  It works to protect end-users by sharing information across platforms, developing best practices and educating policy makers on relevant operational issues.

“Whether on a smartphone or a computer, malware can ravage users and cause extensive damage across networks.  The best way to safeguard end-users today is to cut through the operational silos that have developed in the industry and leverage our cybersecurity knowledge across platforms and among diverse areas of expertise, ” Roosenraad said.

Both Bobotek and Roosenraad served as M³AAWG co-chairmen in 2012 and as co-vice chairmen for the two previous years, providing continuity as the organization evolves with the changing industry.  Bobotek, AT&T Lead of Messaging Anti-Abuse Architecture and Strategy, will also continue as a co-chair of the Technical Committee where he has helped develop programs to fight mobile abuse for several years.  Roosenraad, Time Warner Cable Director of Systems Engineering, previously was a co-chair of the Technical Committee and of the Program Committee.

M³AAWG Senior Technical Advisors Richard Clayton, Ph.D.; Dave Crocker; David Dagon, Ph.D.; John Levine, Ph.D.; April Lorenzen; and Joe St Sauver, Ph.D. were reappointed. The advisors are experts with in depth knowledge in specific areas and assist the committees in their work.  The committees are responsible for developing best practices and other work to fight online abuse. 

The committee chairs appointed by the Board for 2013 are:

• Academic Committee, which was recently formed to bring the latest research to M³AAWG members, Co-Chairs Manos Antonakakis, Ph.D., of Damballa and Joe St Sauver
• Awards Committee co-chaired by Purcell and Neil Schwartzman, CAUCE
• Brand SIG Co-Chairs Mike Hammer, AG Interactive; and Franck Martin, LinkedIn
• Collaboration Committee Co-Chairs Christine Borgia, Return Path; Angela Knox, Cloudmark; and Sara Roper, CenturyLink
• M³AAWG meeting Open Round Tables session chair Jordan Rosenwald, Comcast
• Program Committee Co-Chairs Dennis Dayman, Eloqua; Len Shneyder, Message Bus; and Jamie Tomasello, CloudFlare
• Public Policy Committee Co-Chairs Frank Ackermann, eco–Association of the German Internet Industry; Chris Boyer, AT&T; and Rudy Brioche, Comcast
• Senders SIG Co-Chairs Andrew Barrett of iContact and Tara Natanson of Constant Contact
• Technical Committee Co-Chairs Alex Bobotek; Chris Barton, Cloudmark; Paul Ferguson, Internet Identity; and Matthew Steele, Symantec
• Training Committee Co-Chairs Kurt Andersen, LinkedIn; and Sam Masiello, CAUCE

The committees also develop educational and information-sharing sessions on emerging issues for M³AAWG meetings held three times a year.  The organization’s annual European meeting will be held in Vienna, Austria, June 3-6, and will feature training courses and three multi-track days of speakers, confidential industry dialogue, public policy reports and working committee sessions.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M³AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, 1+714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M³AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); Google; PayPal; Return Path; Symantec; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; CloudFare; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Experian CheetahMail; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); Mailchimp; McAfee Inc.; Message Bus; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; and Twitter.

A complete member list is available at /about/roster. 

San Francisco, Feb. 20, 2013 – A bot believed to have netted $14 million in illicit profits has been turned into a golden learning opportunity, yielding important insights into how the online community can best alert and assist customers with infected systems.  Georgia Tech researchers on Tuesday announced the results of a study based on the industry’s response to the DNS Changer Trojan and shared recommendations to help curb future malware outbreaks at a presentation during the M³AAWG 27^th General Meeting in San Francisco.

The DNS Changer Remediation Study identified phone calls, billing notices and redirecting users to customized Web pages among the most effective methods to notify customers that their systems were infected. Researchers Wei Meng and Ruian Duan, working under the supervision of Georgia Tech School of Computer Science Professor Wenke Lee, also found that “active” social media warnings were useful for enabling remediation. With this approach, sites such as Google directly informed users they were infected through their browser windows, a tactic that proved to be more effective in motivating users to disinfect their systems than passive warnings issued in general posts or news articles on social media platforms.

“Social media can have an important role to play in alerting users to infections in their systems and in stemming malware outbreaks.  We believe in the importance of implementing active, direct notifications earlier in the process,” Lee said.

The researchers looked at both various types of end-user alerts and network operators’ efforts to help customers disinfect their systems, including using walled gardens, DNS redirection, anti-virus software and malware removal tools. Part of the challenge facing the industry from bots is determining how to notify users their systems have been compromised in a timely and credible manner, then assisting non-technical customers in remediating those machines, according to M³AAWG Co-Chairman Michael O’Reirdan.

O’Reirdan said, “The industry’s response to the DNS Changer malware clearly showed how well competitors and vendors can work together when users’ safety is on the line. It also was an extraordinary opportunity to objectively study the different approaches companies have developed to assist customers and to understand the important role each of us plays in safeguarding the online experience. The active involvement of anti-malware and security tool vendors, social media platforms, law enforcement, operating system vendors and home networking technology vendors has been shown to be crucial. In the end, it takes the entire Internet ecosystem working together to protect end-users.”

The data used in the study to determine infection and cleanup rates was provided anonymously from major ISPs around the world through the DNS Changer Working Group (DCWG) to the research team at the Georgia Tech Information Security Center (GTISC).  To identify the different types of notification and mediation techniques used, the researchers sent questionnaires asking network operators how they had alerted customers who were infected with the DNS Changer malware and the specifics around the remediation efforts employed by each ISP to assist customers in cleaning their machines.  An ISP that did not take any action in response to the malware became the baseline for measuring the effectiveness of the other approaches, according to Lee.

From 2007 to 2011, the DNS Changer Trojan hijacked Internet searches and re-routed the Web browsers of infected computers to fraudulent sites using the rogue DNS servers operated by the Rove Digital advertising network.  However, if the rogue DNS servers had been turned off when the allegedly responsible Estonians were arrested, infected end-users would not have been able to reach the Web.  The DCWG was a group formed to assist law enforcement in dealing with the potential end-user issues arising from the law enforcement action.  The DCWG also helped operate and monitor the “clean” DNS servers that were operated legally by the Internet Systems Consortium (ISC) under a U.S court order from November 2011 to July 2012.  As a result, instead of suddenly losing access to the Internet, millions of users were notified they were infected and needed to clean up their machines.

The complete DNS Changer Remediation Study is available on the M³AAWG website at /sites/maawg/files/news/GeorgiaTech_DNSChanger_Study-2013-02-19.pdf.  

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M³AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M³AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M³AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: pr@m3aawg.org

M³AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); Google; PayPal; Return Path; Symantec; Time Warner Cable; Verizon Communications; and
Yahoo! Inc.

M³AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); Mailchimp; McAfee Inc.; Message Systems; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; and Twitter.

A complete member list is available at /about/roster.