A small research on Exchange Server

I just get an email address from my manager. The email service is provided by Exchange Server, and I am now getting familiar with the Exchange Server. The most interested part to me, of course is the anti-spam feature of the server (Besides, anti-virus and anti-malware are also interesting to me). In the documentation of Exchange Server, it states that the server use many kinds of spam filter, and most of them are a kind of black listing mechanism.

I am now going to test how effective the email service is, so I will post my email address here to attract robots to fetch this address, and send spams to the address.

Kane@groje.com

More:
wiki – MS Exchange Server
MS Exchange Server 2007
Planning for Anti-Spam and Antivirus Features

OT:
I am looking for some virus database, because I would like to implement the basic anti-virus method — pattern matching. Should you know any virus database that is useful, please let me know.

Filed under: news, spam , email, Exchange Server, spam

Virus-like MSN block checker

Yesterday, my sister play around with a block checker site, checking which user in your MSN contact list blocked the traffic from you.

Once she type in her user name and password, and suddenly, all of the user in her list receive a meaningless message. Here what I mean is that the message is definitely not written by her. Once I got it, the first idea is that she got a virus. After AVG anti-virus took a very very very … long scanning process, it did not found any suspicious file. When I try to ask my sister what site she had visited before getting this virus-like symptom, she shown me the website.

As you may know, there are many MSN block checker over the Internet. Most of the block checker sites help you to query whether the target user is online or not, ie. if you cannot see him in your online list in MSN, but he is stated online in these checker websites, it means you have been blocked. Sounds not efficient enough, rite? So the block checker site which my sister visited is trying another approach. It asks for the email address and password the user use to login MSN, and the program in its server will contact to MSN server and fetch the contact list, then send a message to each user in the list and see if they can the message. This is what I guess how it works, did not verified yet.

However, before using these block checker application, you need to consider if they are secure and innocent enough. From mess.be, although it may be an old news, most of these websites is collecting email addresses for spam or even worse. Some other like the website my sister browsed, may collect password from the user, even though they claim they are not. So, take the risk when you are going to use it.

How dangerous the world is!

Reference:

• faq in mess.be
• http://www.get-messenger.com/ (TAKE YOUR RISK WHEN YOU TRY IT)

Filed under: news, spam, virus , block checker, msn, spam, virus

New virus ask for ransom

Do you know what is encryption? In our point of view, it should be a good stuff to protect your important documents. However, it is a double-edged sword. It really happened, the application in dark side.

RSA is a public key encryption. The encryption algorithm can be divided into two main stream, private key and public key. Private key encryption algorithm is using only one key to encrypt and decrypt the text, sometimes called single key. In opposite, public key encryption uses one key to encrypt the text and one key to decrypt. RSA is a strong encryption algorithm, the size of the key determine how robust the encryption is. Some experts believe that it needs more than a century to decrypt the message encrypted with 1024 bits key!

Back to the topic, a very strong encryption is really a double-edged sword. Why I say so? Because there is a virus Gpcode.ak, it is an improved version of Gpcode. What it does is very simple, use RSA to encrypt your documents and files with 1024 bits key. Then ask you to buy their decryptor. It is obvious a crime, a kind of kidnapping, and asking for your ransom!!

It is a very creative idea to use encryption in such a way, although it is a crime. Nothing is always staying in good side.

Reference:

• Karpersky Lab Press Releases
• New Virus Lets Attackers Hold Data for Ransom

Filed under: news, virus , encryption, virus

Spam hits highest rate in 15 months

In this month, MessageLabs released a report about spam. It states that spam is accounting 76.8 percent of all email in May 2008. Spam mail increased by 3.3% since April with 1 in 1.3 emails being spam. This is the first time I read this kind of statistic analysis, I cannot imagine that there are so many spam flowing around the Internet!

Why there is such a big jump? According to the report, the spammer trying to contain links to spam content contained in documents hosted on Google Docs, and Microsoft’s SkyDrive environment. It is because the domain names they previously bought were getting blacklisted quickly, but it is difficult to block Google and Microsoft applications because they are widely used by normal users. On the other hand, “the spammers are also taking advantage of Google Analytics to gauge their success with each spam run.” from the report.

Here is a simple example:

Click the following link and win the big money!!
http://docs.google.com/View?docid=dgmszc7x_312xstksmgn

After constructing the above example, I discovered that Google Docs has a “Report spam” link on the page above, I think it should be a quick response to this new type spam. I will give a try to SkyDrive later.

Spammers are always seeking for ways to bypass spam filters, which for the most spam filters, it is not reasonable to block links to Google Docs or Microsoft’ SkyDrive, according to the report. On the other hand, the report mentioned that spammers insert a URL in an email that leads the victim to a Google Docs-hosted page. The content of the spam contains only the link to free hosting services, but it will lead you to what the spammer want you to visit.

Besides, another things that shock me in the report is that, the most spammed country is Hong Kong with levels reaching 85.9% of all email. How many spam you received everyday?

I am thinking that if this technology (eg. Google Docs) can be used to perform CSRF or XSS by sending an email to a gmail user, saying that I have shared a document with you, but the document is going to still sensitive information from you. But the key thing is Google Docs allow you to write client-side scripting on it or at least make client-side scripting executable in the document. A quick demo in SkyDrive.

This link will execute a javascript alert function.
XSS demo in SkyDrive

Should you have any idea or comment about this stuff, please feel free to leave a comment.

Reference:

• Report: Worldwide Spam Hits Highest Rate in 15 Months
• MessageLabs Intelligence: May 2008

Filed under: news, spam , google, hong kong, microsoft, skydrive, spam