Malware

M3AAWG San Francisco Meeting Addresses Latest Messaging Security Ranging from Mobile Malware to DDoS Attacks

San Francisco, Jan. 30, 2013 – With the variety of devices in use today and the pervasive connectivity available to users, malware could easily get the upper hand on many networks without corrective measures.  The Feb. 19-21 M3AAWG 27th General Meeting in San Francisco will focus on helping the industry develop the necessary strategies to protect end-users from the latest messaging abuses, whatever the abuse vector or device that is targeted. 

The Messaging, Malware and Mobile Anti-Abuse Working Group meeting will offer six sessions focusing specifically on emerging mobile malware and security issues along with presentations on computer bot research, international cybersecurity efforts, social media issues and other topics.  There will also be three tracks of security-related training on Feb. 18.

Recognizing the need for cross-industry cooperation within the messaging industry, M3AAWG works to foster an environment where experts from all areas of cybersecurity can share their experience and learn from each other. Sessions at the meeting will explore the challenge of protecting online advertising, present a DNS Changer Working Group study, offer practical spam trap tips, and provide an open dialogue between email service providers that send third party messages and ISPs, along with other topics. Among the mobile sessions, noted industry experts will discuss current Android viruses, abuse of mobile payment systems, and the evolution of mobile malware. 

“The malware on an end-user’s system might have been delivered through email, an SMS with a link to a drive-by website, a tainted mobile app or another vector.  But however it got there, it can be dangerous and costly to the user, and it can have devastating and far-reaching effects on other networks and users.  To effectively tackle malware, we need to share information, both across areas of expertise and across international borders,” said Alex Bobotek, M3AAWG Co-Chairman.

AllThingsD.com Co-Executive Editor Kara Swisher will keynote the meeting, sharing her perspective on how the Internet has changed since she began covering technology for both The Washington Post and The Wall Street Journal and where she sees the industry going in the near future.  The Electronic Frontier Foundation’s International Freedom of Expression Coordinator Eva Galprin will also offer a keynote presentation on the status of Syrian malware.

Emphasizing the international aspect of fighting abuse, Dr. Victoria Baines, strategic advisor on cybercrime at the European Police Office (EUROPOL) in The Hague, will elaborate on Project 2020, a range of activities to enhance online security including common threat reporting, strategic foresight exercises, policy guidance and capacity building. In another session, a panel will discuss the state of spam and industry outreach efforts to share best practices in the BRIC countries (Brazil, Russia, India and China).

The Monday training sessions (/activities/training) will cover machine learning, analysis of anti-abuse data, encryption, and an end-to-end process for sharing data within the security community.  Speakers at the meeting will also address methods to defend against DDoS attacks, the social media spam marketplace, URL redirection and issues of online bullying, along with working sessions to develop best practices.

The San Francisco meeting is the only Silicon Valley event M3AAWG will host this year.  Its European meeting will be in Vienna, Austria in June and its October East Coast meeting in Montreal, Canada.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, 1+714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); Google; Message Bus; PayPal; Return Path; Symantec; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); Mailchimp; McAfee Inc.; Message Systems; Mimecast; Nominum, Inc.; Proofpoint; Scality; Spamhaus; Sprint; and Twitter.

A complete member list is available at /about/roster.

New Online and Mobile Best Practices Clarify Business and Governmental Security Tactics

Baltimore, Oct. 24, 2012 – A cooperative international report available today outlines Internet and mobile best practices aimed at curtailing malware, phishing, spyware, bots and other Internet threats, and provides a thorough review of current and emerging threats.  “Best Practices to Address Online and Mobile Threats” is a comprehensive assessment of Internet security as it stands today and explains in non-technical language the proactive steps that can help mitigate risks, according to the report’s two major contributors, the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and the London Action Plan (LAP).

The report is also one of the first global efforts to encourage governments to deploy best practices, which are more often associated with businesses.  It focuses on four major areas of concern: malware and botnets, social engineering and phishing, IP and DNS exploits, and mobile threats.  To encourage government participation, it has been presented to the 34-member country OECD (Organisation for Economic Cooperation and Development) for review.

Best Practices to Address Online and Mobile Threats” draws on the tactics that have proven effective over the past decade to reduce online risks, then augments these with forward-thinking recommendations for emerging vulnerabilities, such as mobile text spam and Web abuse.  The comprehensive report is available on the websites of several organizations including at /sites/maawg/files/news/M3AAWG_LAP_Best_Practices_to_Address_Online_and_Mobile_Threats.pdf, http://www.londonactionplan.com/files/reports/Best_Practices_to_Address_Online_and_Mobile_Threats_(Oct_2012).pdf and http://www.cauce.org/2012/10/best-practices-report.html

“As a globally cooperative effort, the report brought together an unprecedented team of experts who outlined safe computing tactics in uncomplicated, accessible language for end-users, large and small businesses, and governments.  This is also one of the first efforts to update industry recommendations recognizing that public agencies are important online enterprises, and just as companies need to implement best practices, so do governments,” Alex Bobotek, M3AAWG co-chairman said. 

The international community collaboratively stepped up to generate the report in a public-private partnership led by Andre Leduc, manager, national anti-spam coordinating body at the Department of Industry Canada.  Industry experts from M3AAWG, LAP and other organizations, such as CAUCE (Coalition Against Unsolicited Commercial Email), contributed to it.

Online threats are evolving as Internet and mobile technologies play a more vital role in many business models, attracting cybercriminals who target users on popular platforms such as laptops, tablets, smartphones and other handheld devices.  As the Internet economy grows, implementing the best practices detailed in the report will help reduce illegal activities such as spam, phishing, malware and spyware distribution, botnet deployment, the redirection of Internet traffic to malicious websites and denial of service attacks.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is an open forum driven by market needs and supported by major network operators and messaging providers.

About the London Action Plan (LAP)

The LAP is a 45-member organization of law enforcement agencies and industry participants focused on fighting spam and other online threats. The LAP conducts regular teleconferences and an annual meeting.  Its most recent meeting, held in London, England, in October 2012 included participants from Europe, Asia, North America and Europe.

Media Contact: Linda Marcus, APR, +1-714-974-6356, LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); La Caixa; Message Bus; PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Experian CheetahMail; Genius; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); McAfee Inc.; Message Systems; Mimecast; Nominum, Inc., Proofpoint; Scality; Spamhaus; Sprint; Symantec; Trend Micro, Inc.; and Twitter.

A complete member list is available at /about/roster.

M3AAWG Conduct Policy

Conduct Policy Updated and Approved by the M3AAWG Board of Directors June 6, 2024. Original policy Approved by the M3AAWG Board of Directors 1-11-2019

1. Overall Policy

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is dedicated to making our meetings and business open to all members and guests and to making it a safe place for all. We do not tolerate harassment of any kind. We insist that all participants, attendees and meeting staff always adhere to a civil demeanor. This includes refraining from inappropriate language, comments and behavior, in person or by electronic communications and/or public or semi-public social media.  In accordance with applicable law, M3AAWG prohibits sexual harassment and harassment because of race, color, gender, age, religion, disability, sexual orientation or any other basis protected by federal, state or local law.

Participants, attendees and staff who are being harassed, intimidated, or are dealing with otherwise improper behavior are encouraged to report it immediately to the M3AAWG Executive Director or other designated Board of Directors officer without fear of repercussion. It is the collective responsibility of everyone to speak up if you witness improper behavior and to report it immediately. You are empowered to politely engage when you or others are treated less than respectful and professional by colleagues.

2. How to get help addressing a violation

   a. Scenario: You feel unsafe

VenueExamples (but not limited to)Action
  • M3AAWG night out
  • Meeting hotel(s)
  • Meeting space
  • M3AAWG related social events
  • Touching or physical contact of any kind that is unwanted
  • Physical or verbal threats of any kind

 
 

  1. Contact local Law Enforcement: In the U.S. dial 911. Outside the U.S. see./health-and-safety
  2. Once you are safe, contact the M3AAWG Executive Director or designated Board Officer to report a Conduct Policy Violation
  3. During the night out, go to the designated Staff table for immediate assistance

   b.  Scenario: You experience or see a Conduct Policy violation that does not require immediate local Law Enforcement assistance

VenueExamples (but not limited to)Action
  • M3AAWG night out
  • Meeting hotel(s)
  • Meeting space
  • M3AAWG related social events
  • M3AAWG calls
  • Electronic communications or social media
  • Sexual harassment or harassment because of race, color, gender, age, religion, disability, sexual orientation
  • Inappropriate language, offensive, insulting or derogatory slurs, comments, remarks or behavior
  • Verbally aggressive, abusive or profane comments
  • Displaying or the electronic transmission of derogatory, lewd, offensive and unwelcomed materials or information

 
 
 

  1. Contact the M3AAWG Executive Director or designated Board Officer to report a Conduct Policy Violation
  2. During the night out, go to the designated Staff table for immediate assistance

 
 
 

3. How to Report a M3AAWG Code of Conduct Policy Violation

   a. Timing: Violation occurs during a M3AAWG meeting

ContactInformation to includeExpectations
  • Names and contact information are provided on the back of the meeting badges and at the registration desk for each meeting. 
  • Call or text Executive Director or designated Board Officer (24x7)
  • Email Executive Director

 
 

  • Name and Company of the violator, if known
  • Date, time and location of the violation
  • What was the violation
  • Other people involved in the incident
  • Any witnesses who would be willing to give a report, if needed
  • Any violations should be reported as soon as possible
  • The Executive Director or Board Officer will speak with you privately or together as appropriate
  • Refrain from discussing the incident with other members while it is under review
  • Violations will be addressed promptly and will include a post incident communication

 
 

    b. Timing: Violation occurs outside one of the three in-person M3AAWG meetings

ContactInformation to includeExpectations
  • Call or text the Executive Director or Designated Board Officer during normal business week / hours (M-F, 9:00 am - 5:00 pm CST)

 
 

  • Name and Company of the violator, if known
  • Date, time and location of the violation
  • What was the violation
  • Other people involved in the incident
  • Any witnesses who would be willing to give a report, if needed
  • Any violations should be reported as soon as possible
  • The Executive Director or designated Board Officer will speak with you privately or together as appropriate
  • Refrain from discussing the incident with other members while it is under review
  • Violations will be addressed promptly and will include a post incident communication

4. Enforcement

Anyone who is found to be in violation of this policy may be  subject to any one or more of  the following remedial actions, depending on the offense:

  • Warning
  • Immediate Removal
  • Meeting Suspension
  • Expulsion
  • Contacting of employer and/or legal authorities

Actions stronger than a warning or immediate removal will be taken at the discretion of the M3AAWG Board of Directors.

M3AAWG reserves the right to remove any participant or attendee at any time for any reason.

5. Social Events

The Conduct Policy also extends outside of the meeting rooms to include all areas of the meeting hotel and social gatherings sponsored by M3AAWG or M3AAWG member organizations.

Member organizations are expected to make sure all their employees and third-party event personnel who attend a social event are aware of and understand our Conduct Policy. All social events should have a designated safe area or designated safe people for addressing violations.  All violations reported at Social Events must be reported to M3AAWG.

Note: You can download this file below.

Nominations Open at M3AAWG for New J.D. Falk Award Honoring Inventive Cyber Security Work

San Francisco, July 18, 2012 Seeking to throw a little light on those making the Internet a safer experience for all, the Messaging, Malware and Mobile Anti-Abuse Working Group is now accepting nominations for the first annual J.D. Falk Award, named after the dedicated industry advocate who was instrumental in the growth of M3AAWG and other technical organizations.  The award, developed in conjunction with his employer Return Path, Inc. and his family, celebrates J.D. Falk’s life by honoring a specific achievement that enhances the Internet experience, protects end-users, and embodies his spirit of volunteerism and community building.

Nominees can be individuals or teams in an academic or company environment who have developed a service, created a specification or security mechanism, generated notable research, or produced other work reducing online abuse and improving the Internet.  The award comes with an honorarium provided by Return Path and M3AAWG will sponsor the winning candidate's attendance at the upcoming 26th M3AAWG General Meeting in Baltimore, Md., Oct. 23-25, where the award will be presented.  

“J.D. was a passionate leader and a creative technician who had an ardent sense of humor that came into play when he was facing down obstacles. He had a gift for bringing people together to accomplish difficult tasks. We believe it’s important to instill these qualities in the future of the Internet and are looking to recognize professionals who embody these values,” said Chris Roosenraad, M3AAWG co-chairman for messaging.

Falk chaired several M3AAWG committees, served on its Board of Directors, and was the organization’s document editor. He also was responsible for the feedback loop RFC 6449 and other IETF documents, was a founding director of the Coalition Against Unsolicited Commercial Email (CAUCE) and active in other organizations.  At Return Path, a company that provides email data intelligence to reduce spam, Falk was the director of Internet standards and governance.

“The integrity and insight that J.D. brought to Return Path continues to shape our culture and guide our mission. It’s an honor to be able to celebrate his legacy and support progress toward his vision of a more secure online world,” said Matt Blumberg, CEO and chairman of Return Path.

Nominations for the J.D. Falk Award must be submitted by Sept. 6, 2012 at /events/jd-falk-award or from the award link in the Program tab on the M3AAWG site.  While the J.D. Falk Award recognizes a specific accomplishment, the M3AAWG Mary Litynsky Award – also presented annually by the organization – honors lifetime achievement. 

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is an open forum driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, +1-714-974-6356, LMarcus@astra.cc, Astra Communications

M3AAWG Board of Directors: AT&T (NYSE: T); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Eloqua; Facebook; France Telecom (NYSE and Euronext: FTE); La Caixa; Message Bus; PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adaptive Mobile Security LTD; Adobe Systems Inc.; AOL; BAE Systems Detica; Cisco Systems, Inc.; Dynamic Network Services Inc.; Email Sender and Provider Coalition; Experian CheetahMail; Genius.com; iContact; Internet Initiative Japan (IIJ NASDAQ: IIJI); MailUp; McAfee Inc.; Message Systems; Mimecast; Proofpoint (everyone.net); Scality; Spamhaus; Sprint; Symantec; and Trend Micro, Inc.

A complete member list is available at /about/roster.