Tales from the Trenches - The Life and Times of an Exchange Hosting Support Guy

Friday, March 12, 2010 by Jim Sigel


 

Tales from the Trenches - The Life and Times of an Exchange Hosting Support Guy

Hello folks, allow me to introduce myself - my name is Jim and I'm a support tech with AppRiver, LLC.  In addition to our Hosted Exchange services, I also support CommuniGate POP email, AppRiver's very own SecureTide spam protection,  CipherPost (our email encryption for Outlook service), MS Outlook (2003, 2007, and beyond!), Mac Mail, Entourage, inbound/outbound mail delivery issues, BlackBerry, iPhone, Droid, et. al., various DNS crises, chat console support, ticket support, global warming initiatives, ridding the world of beer one drop at a time, etc.

I guess I'm what you would call "the first line of defense", along with my fellow trench-mates for just about everything technological you could imagine.  When customers need assistance, they call us.  One customer recently phoned because she couldn't access Home Depot's website.  Hey, it happens, and so what's one to do?  After a little DNS cache flush, she was all set!  Although outside the normal scope of profession, I was happy to help. 


Some of you reading this might say, "Why on Earth would AppRiver waste time and resources on something not remotely related to its products?"  Well, it's what we do.  We go the extra mile to make sure our customers are happy.  It's what separates us from the rest. 

I'm hoping you'll stop by this blog every now and then, when you have some time.    The funny thing about Exchange Hosting is pinpointing the starting point since there are so many things to cover.  I suspect it may be hard finding a topic at first, but once the floodgates open, all things Exchange will be blogged!  

So, and in closing, a little bit about myself:  I've worked for some pretty prestigious outfits before, both private and as a government contractor.  I've supported big-shot corporate attorneys, doctors, generals, rocket scientists (honestly - you should've seen their faces when I said, "look guys this isn't rocket science"), executives, and media celebrities, among many customers.  I came aboard AppRiver in December 2008, and I'm extremely proud to be a part of what I believe is the finest organization in the industry.  I'm currently the platoon sergeant in my trench of three Appers, whom I'm proud to serve with.  One colleague jumped on a live Blackberry, saving the rest of us.  That's teamwork, folks.  Finally, I bleed Chicago Blackhawk red, and Chicago Bear blue.

Thanks for stopping by and I hope to see you here again soon for another episode of "Tales from the Trenches".


 

Vodafone Helps to Distribute Botnet(s)

Monday, March 8, 2010 by phread Touchette
Vodafone, a UK based telecommunications company has recently been discovered to be shipping their version of the new HTC Magic smart phone with off-the-shelf malware built right in. HTC phones are in direct competition with Apple's iPhone, and they run on an open source platform known as Android. It is unclear at what point the malware ended up on the phone, but it is clear how it behaves. Once the HTC Magic is connected to a computer via USB cable, an autorun.inf file begins to silently load the virus onto the newly connected host machine. The malware then opens a backdoor and begins communicating with the Mariposa botnet. This botnet has been big in the news lately as three men have been arrested by Spanish police for their involvement in running the botnet. A fourth is still being pursued and is believed to be in South America. This botnet has been involved in attacking thousands of businesses and enterprises including at least 1000 Fortune 500 companies tasked with stealing banking credentials and personal information from the infected computers. The botnet was comprised of about 12.7 million machines, one of the biggest to date. According to Panda Labs, Mariposa wasn't the only malware that was installed by the phones. They also contained a remaining strain of Conficker and a Lineage password stealing piece of malware as well. Currently it doesn't appear that Vodafone has offered any sort of press release on the matter.

Gretchen Clarke: Hail to Ol’ App U

Thursday, March 4, 2010 by Jim McClellan
Nerd herder?  No.  Geek wrangler?  Nope.  How about the “tech whisperer?”  Nah. 

Gretchen Clarke is AppRiver’s director of training and development, but she resists those half-hearted attempts to characterize what she actually does for the company.  Instead, she offers her own, more fitting description: “guidance counselor”.  She sees her role as helping Appers be all they can be, both on the job and off.

Clarke joined the AppRiver team almost two years ago, taking on a role that had not existed before – adding value to the company by making sure that its employees get the training and professional development opportunities they need to succeed.

By at least one measure, her efforts at the company have been a resounding success already.  As of now, approximately 35 percent of the employees hold some form of accredited technology certification, whereas few if any did before she arrived.

But for Clarke, the challenge is to do more than simply make sure Appers are technically competent.  She wants to create an environment where learning and growth, even beyond the technical skills, are built into the job.  For Clarke, this is the natural foundation for the “Phenomenal Customer Care” ethic that AppRiver has made its top priority.

“The training and other activities AppRiver provides helps employees feel more fulfilled at their jobs,” Clarke says.  “And happy employees lead to happy customers.”

Toward that end, Clarke and AppRiver have instituted some unique and creative programs that promote training and development, as well as incentives to keep them motivated in the process.

AppRiver University: App U doesn’t have a fight song or a football team (yet), but its four employee teams might well be mistaken for co-ed fraternities.  The “university” concept began as a way to formalize the company’s training process, both for current employees and new hires.  Its first major endeavor was a new-employee orientation program that featured a scavenger hunt to help new Appers learn who’s who and what’s where around the office.  It was so successful that it was included in a Florida Trend story and had other companies calling for tips on how to replicate it.

“The most common questions new employees have are ‘Where can I find this?’ or ‘Who do I see about that?,’” said Clarke.  “We like to help them learn in a way that’s fun and interactive.”

BrainTrain 2010: Each of App U’s four “fraternities” is engaged in an ongoing, quarterly competition in which points are awarded for internal or external training and community service activities.  Winners enjoy extra time in the company’s massage program, gift cards and other goodies.  Points are continually updated on a “leader board” in the App U classroom, so interoffice bragging rights also provide a strong incentive to participate. 

According to Clarke, adding the community service category was an eye-opener.  “I never realized just how many AppRiver employees are active and volunteer their time in the community.  Their good works are a positive reflection on our company and in the community.”

Health and Wealth:  Those Appers riding the “BrainTrain” also have opportunities to participate in free seminars about nutrition and personal finance, which might not be directly related to their jobs, but can improve their state of mind and their performance.  

To Clarke, the success of these programs is a direct reflection on the employees themselves because they are not mandatory.  Employees choose to participate or not.  However, she also credits the strong support from company founders Michael Murdoch and Joel Smith for building interest.

“AppRiver is fortunate to have selfless leaders who want to set employees up to succeed,” Clarke says.  “They have made it clear that they believe in training and that makes it easier to get everyone on board.”

In addition to providing training opportunities and the incentives to participate in them, Clarke also works with Appers one-on-one to help them determine what types of training or certification will be most beneficial – and, equally important, helping them overcome any barriers that stand in their way.

As a telling example, she discovered that there were some employees who lacked certification only because they were nervous about taking the tests.  Thus, Clarke arranged a field trip to the test site and helped them gain confidence. 

As AppRiver’s “guidance counselor,” Clarke recognizes that these individuals collectively represent AppRiver’s greatest asset – its talented team of professionals.  Taking care of the team means first looking after the people who comprise it.

“The specific needs are as diverse as the individuals,” she says.  “The bottom line is that I want to do whatever it takes to help our people reach their goals.”  

Brian Burda: Defining Phenomenal Care

Thursday, March 4, 2010 by Jim McClellan
When you have the word “phenomenal” in your job title, odds are you do something pretty special for a living.  That’s certainly true of Brian Burda, AppRiver’s director of “Phenomenal Customer Care.”  It’s his job to make sure that every customer who interacts with AppRiver comes away not only satisfied, but also willing to recommend the company to a friend.

That’s a tough standard to meet, but it’s also the highest priority of AppRiver’s founders, Michael Murdoch and Joel Smith.  For them, taking care of customers isn’t just important to the business, it is the business.

Burda attributes that commitment to the entrepreneurial experience all three men share.  “When you’re starting out with only a handful of customers, every one of them is critical to your success, and you treat them that way,” he says.  “But even if you have thousands of customers, you still need to treat every one as though they are just that important – because they are.”

Smith agrees:  “Mike and I both saw companies that grew quickly and let customers become numbers.  When we started AppRiver, we were determined not to let that happen.”

Of course, the real question is: How does a company grow larger without growing complacent?  To Burda, the answer is as simple as another word in his title – care.  To illustrate this point to company employees, he offers a picture of a parent holding a baby.  That visual image symbolizes complete accountability for ensuring that the customers’ needs are met.

Burda adds, however, that simple isn’t the same as easy.  It’s one thing to talk about taking good care of a customer, but the real test is whether a company will actively choose better customer service when it carries a cost.  Here, Burda says, is where AppRiver distinguishes itself from competitors.

“(Chief operating officer) Scott Cutler has made it abundantly clear in staff meetings that customer care is our top priority, even if it means spending longer on support calls or working later to solve a problem.  As a result, all of our employees understand the value we place on taking care of the people who use our services.”

AppRiver’s emphasis on care goes beyond company policy, however.  With Burda’s help, the company has elevated Phenomenal Customer Care to product status, on par with SecureTide™, hosted Exchange and its other offerings.  The idea is to devote to the customers’ experience the same level of commitment and innovation as AppRiver does to its products.

“Some of our competitors have made giant sacrifices in customer service in order to gain a slight advantage in price,” Burda says.  “But when their customers realize that their only “support” means an expensive call to a foreign country, many of them make the switch to AppRiver.”

Even with a customer retention rate that is the envy of most software-as-a-service (SaaS) companies, Burda says that AppRiver aims for continuous improvement.  As an example, he points to a new initiative, customer care callback phenomenal outreach, or “C3PO” as it is known internally. (Insert your own Star Wars-nerd jokes here.)

The name may be simple, but the idea behind it is serious: Double back with customers to make certain that their problems have truly been solved.  For Burda, the C3PO initiative represents an extra effort to close the loop, and that can make the difference between a merely satisfied customer and one who will recommend AppRiver to their friends.

“Some people wonder why we would make extra work for ourselves if we’ve already handled the problem,” Burda says.  “But he or she might have another problem or more questions.  We take the initiative and ask because we truly want to know – and because that’s what it means to be phenomenal.”

Spammers Exploit Free Web Hosting

Wednesday, March 3, 2010 by Troy Gill



Once again we are seeing spammers launching new campaigns that are utilizing free web hosting sites. Over the past few days we have been seeing a particular campaign that abuses webstarts[dot]com and doodlekits[dot]com. Spammers have proven time and again that they will take advantage of any obfuscation technique possible, especially when it is a free to them. The above mentioned sites (along with others) both offer free web hosting to anyone who wants it. The main problem is that the registration process is wide open to abuse.  Anyone can go their site and create a free account without so much as even a valid email address. Nor does either of these sites utilize any type of challenge-response authentication and as I said before both are a free service.

It starts with an email that contains some random text as well as a link that takes you to either of these free hosting sites. On the free hosted web pages spammers have set up redirects that will immediately take the visitor to an entirely different domain were they have the actual content that they are intending to deliver to you (Pharmacy sites in this case).

This misapplication of services benefits spammers and malware distributors in several ways. Since many spam filters use some sort of URL blocking technology, spammers are able to provide themselves with fresh and unique stream of links that will increase their effectiveness against spam filters. In this case the URL’s are provided at no cost and setting them up is not at all resource intensive.  In addition to the increased probability of making it past spam filters spammers also benefit from a reduction in resources on the backend. Spammers normally have to register, host and maintain thousands of domains in order to maintain fresh domains which ordinarily act as the “landing page” as well. In this scenario they need only a handful of domains to act as the landing page since they are hidden until the end of the process. As usual our customers are currently protected from all know variants of these messages.

A New Ransomware Invades Russia

Thursday, February 25, 2010 by phread Touchette

A new incarnation of ransomware has started to reek a bit of havoc in the former Soviet Union as of late. This form of an old classic is proving to be especially troublesome as it is targeting casual home users. Once the malware is on a host machine, it locks it down completely and instructs users to text a premium SMS number in order to receive a code to unlock it. The price of the text message is about $15 dollars. This attack is made possible by the fact that the premium SMS industry in many countries is very poorly regulated and it is completely possible for a person to register one of these numbers completely anonymously thereby thwarting what seems like an easy trackdown. The original infection can occur in a number of ways, by visiting a malicious website, or by executing a Trojan that may have been obtained through filesharing, etc. the attackers are trying not to leave any stone unturned. The telecommunications industries in countries such as the US, the UK, Australia, and New Zealand do have stronger regulations where setting up a service such as this would not be possible in an anonymous fashion, however this doesn’t prevent the attackers from using numbers set up in these poorly regulated countries in a possible domestic attack sometime in the future.

The malware doesn’t damage the system or encrypt files as some pieces of ransomware have done in the past; instead it simply locks it up. A more advanced user could possibly remove the threat in this instance; however this is beyond the scope of the average computer user thus making this ransomware run quite profitable for the attackers.


SEO Attacks Remain a Common Occurrence

Tuesday, February 23, 2010 by phread Touchette

SEO or Search Engine Optimization attacks are nothing new, but the frequency of this type of attack has increased rather rapidly. SEO poisoning usually happens when an attacker inserts common search terms in iframes along with scripts that send victims to malicious sites where they become infected. When a large event occurs in the news hackers waste no time to begin compromising related web pages with these hidden iframes. It is not uncommon most recently during peak times after a breaking story comes out for nine out of the top ten search results to be malicious web pages. The trick is to flood these malicious pages with terms that people will likely be searching for in order to raise the popularity of the pages and have them appear higher up in search results. This is a common marketing strategy whose technique has been bastardized by the bad guys. Some of the most recent real life events that have spurred these SEO Poisoning attacks have been: The earthquake in Haiti, The Olympics, and then the Olympic luger who died in practice, Mardi Gras, and most recently the disgruntled software engineer who flew his plane into the Austin Texas IRS building.


Conficker Resurfacing?

Wednesday, February 17, 2010 by phread Touchette
Well, not really, but its name is being used as a front to deliver more malware. A fake email designed to appear to come from Microsoft mimicking Microsoft's own Conficker removal tool which was released in response to the rapid spread of the worm. These emails urge effected[sic] Microsoft customers to remove the infection using an antispyware tool which they've kindly attached  -"Open.zip". This same piece of malware has been repacked many times utilizing many different themes including a Facebook "Updated Account Agreement" from yesterday that carried the attachment agreement.zip. AppRiver clients and their inboxes are spared from this threat.

Facebook Virus Activity

Friday, February 12, 2010 by Troy Gill

Malware authors are constantly reinventing themselves when it comes to social engineering tactics that will give them a greater possibility of infecting your computer.  A large part of their infections come via email-borne viruses which morph constantly. We often see old themes repeated and new techniques arise. The past 3 days has been no different with a high level of malicious spam attempting to infect millions of users. Over the past 72 hours we have blocked 2.3 million emails trying to fool unsuspecting Facebook users into infecting their own machines. These messages appear to be from the “Facebook Team”. They inform the user that there have been policy changes requiring an update account agreement to prevent user access from being restricted. The message contains a file named agreement.zip along with instructions for running the malicious code contained therein. The file attachment contains Malware that belongs to the Bredo family of Trojans. As of 10am (CST) 31 of 41 or 75.6% of major Anti-Virus providers were NOT recognizing the attachment as a virus.  Here is a look at the message:

We saw delivery attempts decline sharply over night but have started to ramp back up slightly in the past hour.

Facebook has been a common angle in the realm of social trickery in the past. While these emails are hitting spam filters around the clock, the "Koobface" virus is also spreading through Facebook directly. Koobface is spread via links in a person’s Facebook Wall or on their profile page. Once a user is infected, the link is automatically sent to everyone on that person’s friend list. While there is a variation in the distribution methods of these two threats, they both have the same goal: to steal your money. With so many threats abound it is important to take a multilayered security approach and at the very least, know what you are clicking on.

The Pay Per Install Business is Doing Well

Tuesday, February 9, 2010 by phread Touchette
I've written about a similar type of underground industry called the pay per click or PPC in the past here. This was an affiliate program where participants could host clickable links (ads) for underground pharmaceutical sales and get paid everytime someone would visit the pharma sites by way of their webpages - or their referring ads more specifically, because these ads didn't always wind up on "their" web pages per se.
This business was popular, but it was rather difficult to make a living at, instead it was likely used as supplemental income. As it would turn out the PPI business would be much easier to make money at, and wouldn't limit the affiliate to people seeking medications.  This was once a fairly legitimate service that evolved from the PPC idea where people would place various ads on their own websites that would sometimes help to support the cost of hosting. In the Pay Per Install model, affiliates get paid every time they can get someone to install a piece of software. This could be an ad driven toolbar or something much more lasivious such as backdoor programs that would turn the victim's machine into a remote controlled zombie sending spam and siphoning off account credentials.
Participants in a PPI have many methods of getting people to install these programs. Sometimes they are packaged with other free software that was offered on the internet, sometimes they are offered through torrents often disguised as something else such as a popular video or song, or sometimes they may even be attached to, or binded to a legitimate piece of software or video so that when the "real" program is run, the attached software runs too, often silently in the background. All of these means of installing count towards the affiliate's PPI counter as long as the infected computer is unique. If a victim clicks on the file more than once causing several overlapping installations, it still only counts as one.
Here is a screenshot from a popular PPI affiliate program that wants you to get people to install their "toolbar". This is the payment list for affiliates. As you can see, you get paid differently depending on the country where the computer resides that receives the infection - with the US and the UK offering the most. You may also notice that you won't get paid for any Russian computers. This is due to nationalism and the quite important idea that you should never (relieve yourself) where you eat. The payment rates are per unique infection so if you manage to achieve 160,000 unique installs in a months time, all on American or British computers at $1.45 each, you would make $232,000.
Obviously volume is the name of the game in PPI, and seeing as though you don't even start to get paid before 1000 unique installs, a lot of people that sign up don't last long. That is unless they had access to a botnet to distribute their executable, and even if they did, it often wasn't more than a thousand or so machines, which would provide income but likely not enough for the greedy. Luckily now, services such as the one below have begun to pop up.
This is an install service. You simply give them your executable and they'll use their botnets to spread it around for you! One stop shopping! Here are their costs:

For $100 a day, this service will get you 5,000 to 20,000 unique installs daily in the US. So potentially if you don't get stiffed somewhere in your sketchy business practices along the way and are able to achieve 20,000 installs daily for 30 days in the US, for a mere $3000 investment you should return $867,000 in a month's time. Here are some statistics supplied by the install service proving that they have the number of zombies available.

The forums surrounding these PPI sites are full of people sharing information and advice about how to be successful in this business. They offer tutorials on how to remain anonymous when accepting payments and they share stories over which services pay out the most and which are the most reliable. If they're not "reputable" they won't stick around long because the underground community will spread the word, there is such a thing as honor among thieves.
Even the reputable sites don't stay around too long often having to shut down and reform under a different name to avoid legal issues or reputation flaws.
As with everything in the Underground Economy, the PPI business is very shady and quite risky. Not to mention the complete lack of ethics it would require knowing that you are potentially helping to pass along and infect innocent people with software that can be used to empty bank accounts and ruin lives.

Defeating the Dark Side: A Discussion with Phread

Tuesday, February 9, 2010 by Jim McClellan
Just meeting Fred Touchette for the first time, you’d be forgiven for thinking he works for the FBI.  Or NASA.  Or Johns Hopkins.  In truth, he’s a senior security analyst for AppRiver, but his job often calls for the same skills as a detective, a rocket scientist and a medical researcher all rolled into one.

Author of the popular Digital Degenerate blog, Touchette’s words are familiar to many AppRiver customers, but it’s his work that is most fascinating.  Every day, Touchette squares off against some of the brightest criminal minds in the world: spammers from across the globe engaged in a never-ending quest to reach your inbox. 

The mission for Touchette and his team is to stop them.  The good news is that AppRiver’s sophisticated spam filters automatically catch the bulk of the unwanted messages before they ever reach your server.  The bad news is that the remainder are usually the work of highly skilled and determined spammers.  And, in many cases, they aren’t out to simply sell you a counterfeit watch or cheap cell phone.  

“We’ve seen some pretty impressive code developed by spammers,” Touchette says.  “It’s amazing the lengths people will go to for money.”

Wearing their detective hats, Touchette’s team looks for clues in each new spam campaign to better understand the origin and the targets.  They then carefully deconstruct the code to reveal the malicious content.   This allows AppRiver to write its own code, ensuring that its customers never have to deal with them.

Among the most serious issues Touchette and his team prevent are the “spear-fishing” campaigns, directed attacks against specific groups like bank customers.  Such attacks usually involve highly sophisticated code, fewer targets and more realistic messages.  They are designed specifically to steal your identity and/or drain your account.  Viruses are another problem Touchette’s team must frequently head off.  According to Touchette, catching malicious campaigns in the “zero-hour,” the first hour of its distribution, can prevent millions of infections.

So, what does Touchette expect in the months and years ahead?  “I think we’ll see the spammers get more sophisticated and probably start aiming for mobile devices,” he says.  “As long as there is a lot of money involved, there will always be people willing to do anything to get it.”

But they’ll have to get through Touchette and the AppRiver team first.

“Chuckberry” – The Smart Behind Your Smart Phone

Thursday, February 4, 2010 by Jim McClellan
The advent of the smart phone has put a whole new world of gadgets, functions and “apps” within easy reach of most Americans.  Those of us who use AppRiver’s hosted Exchange service take for granted that we can purchase any of these hi-tech hoozits and have them work seamlessly with our email, calendar, contacts and tasks lists.

One senior smart phone specialist at AppRiver who helps make this possible is Chuck Sandz.  Known throughout the company as “Chuckberry” (Chuck+Blackberry, get it?), Sandz is one man who makes sure your latest high-tech device will allow you to tweet, blog, photograph and play Tetris, all without sacrificing your hosted Exchange services.

For almost three years now, Sandz has worked to stay on top of the ever-evolving world of Blackberries, iPhones, Droids and all of the other devices hitting the market.  As you might suspect, it isn’t an easy gig.  For example, this year alone Sandz expects RIM to introduce 16 new and upgraded models to the Blackberry line-up.  The company’s competitors likely will follow suit with fresh new products of their own.  

With each of the latest offerings come new and unique issues for Sandz to resolve.  But don’t get the idea that there are special training classes or instruction manuals to guide smart-phone enthusiasts in the process.  For many smart-phone-related issues, AppRiver’s staff will be among the first people ever called on to address them.  It’s like on-the-job training – except the job hasn’t been invented yet!  For the most part, the only reference source is thousands of job tickets AppRiver has handled.  But for Sandz, the tickets are welcome since they are a stored record of solved problems that helps him avoid “re-creating the wheel.”

Sandz does bring to the job a strong background in technical support, having worked with Fortune 500 companies and other large businesses.  But that’s not his most important qualification.  “I just like to figure things out,” he says.  “It all boils down to solving a puzzle for the customer, and then moving on to the next one.”

What is the most common problem users face?  According to Sandz, it’s the users’ own data plans.  In a lot of cases, administrators will change plans in order to save money or streamline services with their carriers.  Users may not find out until they experience problems.  Sandz says Blackberry has been quick to recognize the problems this causes for Exchange hosting companies like AppRiver and has developed an easy-to-use tool for diagnosing the issue. 

Still, given the sheer number of AppRiver customers – and the ever-growing line of new products – there is an almost infinite list of potential issues that can arise at any time.  Luckily for us, there’s an “App-er” for that – and they call him Chuckberry.

AppRiver University Introduces Brain Train 2010!

Tuesday, February 2, 2010 by Gretchen Clarke
What is Brain Train 2010

Well… BT2010 is A LOT of things to A LOT of people, but mostly it is a well-balanced, interactive employee training & development initiative aimed at, well for lack of better term... learning while HAVING FUN! 

The program is comprised of both personal and professional development course offerings, “phenomenal customer care” service initiatives and contests, team-building activities, individual challenges, self-paced study projects, and introduces the "Appers Give Back" component- community service and volunteer opportunities. 

For their efforts, Appers will earn points which can “cashed in” for limited edition t-shirts, 30 minute massages (at work!), gift cards, AppStore gift certificates, catered lunches, an automobile detail, and much more!  The program has been segmented into quarters so that new items can be introduced and to keep the program fun and exciting!  As Appers build up points, a “leader board” is posted in the AppU Training Room for all to admire. :)

We kicked-off the program on January 4th and WOW... We’ve received such a positive response!  Appers have truly outdone themselves!  Training session are as full as they have ever been, more and more people are committed to “self development” - whether they are volunteering for their neighborhood watch, attending charitable events to raise money for children who are ill, finishing their studies to earn a degree and/or technology certification, or organizing a pancake breakfast fundraiser for the people of Haiti.  All very IMPRESSIVE feats! 

Until BT2010, I did not realize how involved Appers are in the community they live, work, & play, but now that I do… I could not be prouder of AppRiver family!

It's a great time to be an Apper aboard the AppU Choo Choo! :)



Visa Phishing

Monday, January 25, 2010 by phread Touchette
For the past couple of days we've been seeing more and more attempts at phishing sensitive account information from Visa card holders. These arrive as emails addressed to "Dear VISA card holder" exclaiming that their credit card had been used at an ATM in one of many likely foreign (to the card holder) countries such as Mozambique, Armenia, or Uzbekistan. The link in the email leads to the victim to a well dressed "Visa" landing page. The URL of these pages are rather busy and most prominently feature ".cforms.visa.com" to hide the actual domain which is hidden just beyond this in the URL string. All of these domains, 23 of them so far, were just registered yesterday, and several of them have already been suspended by the registrar. After the information is entered into the form and submitted, the page redirects visitors to the actual Visa site. We have seen about 15 million of these messages thus far.

Haiti Disaster Spurs Poisoned Search Results

Thursday, January 14, 2010 by Troy Gill

In addition to the influx of spam relating to the topic, web based attackers are also using a new round of SEO based malware distribution to exploit the tragedy in Haiti. Unfortunately, cybercriminals will stoop to incredible lows to serve their own interests. Many individuals jumping online today to make a donation in relief of the disaster in Haiti may find themselves getting a bit more than they bargained for. Searching the Web for terms such as “Haiti Earthquake” is returning multiple compromised websites that are serving Scareware. This has become a common occurrence lately, as cybercriminals can elevate their malicious web pages using SEO manipulation.  Here is a look at a handful of the malicious web pages showing up in top search results:

 

If you are going online to donate, please exercise extreme caution.
 

MAC Mail, Address Book and iCal connections to AppRiver Exchange 2007

Thursday, January 14, 2010 by Chris Hendricks
Happy New Years to all! The AppRiver A-Team is running full steam ahead to provide all types of solutions for you in 2010. This is a great year for the small and medium sized business! More and more enterprise grade products that normally require large capital investments have been hosted by a service provider to make it affordable for business owners to have world class software and office I.T. infrastructure. This provides competitive advantages normally reserved for fortune 500 companies to those who adopt early.

Most readers know by this time that MAC OS "X", Snow Leopard Edition, is able to connect to a Microsoft Exchange Server. This will allow a business which utilizes MAC computers 2 options to share and collobarate with other users. The first option is Entourage which is bundled together with the MAC Office release by Microsoft in the 2004 and 2008 versions. Entourage will be replaced with Outlook for the MAC in the next MAC Office release typically being one year after the Windows release of Microsoft Office. The second option for MAC users is the suite of native MAC clients: MAC Mail, Address Book and iCal.

We would like to spend a little time documenting how easy it is for these clients to connect to a Microsoft Hosted Exchange Server. One of the first requirements is the setup the Microsoft Exchange "autodiscover" record. In short this allows the automatic configuration of MAC Mail, Address Book and iCal to the Hosted Exchange Server. This is created as a CNAME Record in the domains DNS Zone File. If you don't have a clue about what i'm talking about don't worry, the AppRiver A-Team is here with Phenomenal Customer Service to make sure all the "t's" are crossed and "i's" are dotted as you migrate to AppRiver's Hosted Exchange platform. We'll help you configure your DNS and train you in using our services to prepare your users for transition Hosted Exchange.

The next change relates to your MX Records, another DNS Zone file the AppRiver A-Team will help you take care of. This points all of your mail traffic toward the AppRiver servers to host your mail.

Now its time for the good part, enough of that boring text stuff, lets see pictures!

MAC Mail Account SetupThe setup of the MAC Mail client is very user friendly. Simply click the Mail client, if no accounts are setup it will ask you to create a new account, if you have a current account visible you can simply add a new account in Mail Preferences.

The client will ask you for 3 simple things; name, email address and password.

After you have entered the requested information, MAC Mail will resolve the domain of the email address, looking for the "autodiscover" record to identify the target hosted exchange server.




The Exchange server will then respond with the configuration settings for the client and user. After which the MAC Mail client will advise you of the server account for the email address you provided. 

The great news about this is Mail will also provide you the option to also setup Address Book Contacts and iCal Calendars.

If you skipped this step in the beggining, don't worry, because you can follow these same steps in Address Book and iCal and connect to the Hosted Exchange account achieving the same result. Seamless integration with enterprise class service for your MAC computer.

At this point simply click "create" and MAC Mail will create the account in all selected clients.

The Appriver A-Team of Sales Engineers support all new clients with migration solutions, integration questions and training throughout your new relationship with AppRiver. We provide this at no additional cost to you, its a part of our Phenomenal Customer Service that is provided with all services you acquire from AppRiver!

AppRiver offers 24/7 US based technical support. If you need help or have questions, we have answers and solutions. Trial our full service platform free for 30 days. If you are not satisfied with Hosted Microsoft Exchange Service, unlimited mail box storage, World Class Securetide spam, virus and malware filtering, also having the ability to send Secure Encrypted Email. Then you are not obligated in any shape or form, as we do not lock you into any long term contracts. But I must tell you, we do have a Phenomenal Customer Service track record of maintaining 97% of all customer who trail our service. That being said what are you waiting for? 






Earthquake in Haiti Inspires Those Without Souls

Thursday, January 14, 2010 by phread Touchette
As expected, the tragedy that struck Haiti two days ago is now being used as a template for cybercrime. This morning we began to see 419 style emails hitting our filters pretending to come from singer Wyclef Jean. Originally from Haiti, Jean has been very active in raising funds for the people of his native country. In 2004 he set up Yele.org, a non-profit charity to raise money for scholarships for the children of Haiti. This charity is now being used as a staging site to collect donations for the earthquake victims. The emails this morning pretend to come from Wyclef and use quotes from the performer that he recently made in interviews. The big giveaway here is that the emails want you to transfer "donations" through Western Union to somewhere in the Phillipines. Not good. The emails also follow some creative routing on its way to inboxes, and although not perceivable without some sleuthing, the emails are also typed in an Eastern European character set. These are all additional good clues that the emails are not from who they says they're from.
We expect to see many more attempts to use Haiti to lure victims into falling for their schemes. If you want to make a donation to help the victims use a large reputable organization such as the Red Cross to donate, and go directly to them as opposed to following what may be a bad email link. You can also text "Yele" to 501501 to donate $5 through Wyclef's charity, or text "haiti" to 90999 to donate $10 through the Red Cross.

Google Threatens to Leave China

Wednesday, January 13, 2010 by phread Touchette
In an apparent response to cyber attacks against Google and Gmail users, Google has decided to pull out of China. The search giant claims in an official blog post that it has evidence that these attacks were specifically aimed at the accounts of Chinese human rights activists, and that all of the attacks themselves originated from China suggesting human rights abuse from China's government or some other very large group bent on keeping the Chinese people under thumb.
Google also claims that they were not alone, that 20 other companies were targeted as well. These companies were in the internet, finance, technology, media, and chemical sectors. Also it wasn't just accounts of Chinese individuals that were attacked, there is also proof that accounts of other advocates of human rights in China were accessed in the US and Europe as well.
Google hasn't just gotten up and left yet however, it seems as though they're willing to bargain with China's government, even though their demands seem like a long shot. For those who are unaware, China blocks a lot of material on the internet from it's Chinese netizens, often dubbed the Great Firewall of China, this was a large hurdle for Google to leap when they were originally seeking share in China's search business. In order to be allowed to offer Google services in China, Google agreed to censor search results on Google.cn. Now Google says that it can't be a part of this abuse and says that the Chinese government will allow Google to offer completely uncensored search results, or it's out. This is highly unlikely on China's part.
Some think that this is a poor business move on Google's part with China's economy now striving and online commerce booming as well. However, others say that this is a strong move, and I tend to agree, seeing that Google currently isn't even the number one search provider in China. Instead they sit second chair to a competitor by the name of Baidu. It's also a strong political stand for a US based company and that may earn some strong kudos from a government that can't bite the hand that feeds them considering China is in fact our bank. Most of all for a company that relies so heavily on cloud services, confidence needs to be in place for the users of Google's online services in order for their whole business model to work. If users begin to feel that Google would just let things like this happen in order to make a buck in another market, they'd likely begin to feel uneasy about placing their sensitive documents on Google's piece of the cloud.

AppRiver's Akamai Advantage

Wednesday, January 13, 2010 by Jim McClellan

The longest day of Scott Cutler’s life may have been the day he explained to me how AppRiver employs Akamai’s internet optimization technology to improve the company’s email delivery speeds.  As the Chief Operating Officer at AppRiver, I’m pretty sure he had better things to do.  Even so, he spent a good two hours simplifying, analogizing and diagramming to make sure I understood the basic points.  (Picture Beethoven teaching piano to a tone-deaf third-grader and you’ll have an idea of what he was up against.)  

To Scott’s enduring credit, I came away with a decent, layman’s understanding of how it works.

Apparently it’s sorcery.

Just kidding.  Only parts of it involve the dark arts.  The rest is merely incredibly complex technology.  So, instead of looking under the hood, let’s focus on the concepts that Akamai employs to improve performance.

The first concept is redundancy.  Akamai’s servers clone each packet of information into three identical messages that are then sent via different routes to the same destination.  It’s a race in which the winning packet gets to be seen by the recipient and the losers disappear into the ether.  (Life’s cheap when you’re a datum.)  In the event of a delay or outage along the pathway, messages can be re-routed and in many cases delayed.  With Akamai, however, there are two “sibling” messages still racing to your inbox – probably calling each other names as they go.

The other advantage Akamai offers is continuous monitoring.  Akamai’s servers constantly test the vast network of connections that comprise the internet, looking for problem areas and identifying the most efficient routes from point to point.  Also, any delays like the one mentioned above are recorded and that path is avoided until the problem is resolved.

The bottom line for AppRiver’s Exchange Hosting customers is the certainty that email messages are delivered quickly and reliably.  

That is especially important now that more and more of those customers are relying on wireless devices like Blackberries and iPhones.  These face a common challenge in limited bandwidth from the cell tower to the user.  However, Akamai’s optimization can radically improve the service to that point and thus improve the user’s experience.

AppRiver is in the process of documenting this improvement with an ongoing test that pits an Akamai-enabled mobile phone against a non-optimized phone to see which offers the best speed and most reliability.  The test simulates internet users logging in, connecting to an internet site and looking at a few pages.  The phones, connections and pages are exactly the same, so the only variable is the Akamai component. Appriver plans to unveil the results of that testing within the next few days, but I expect they will show that Akamai produces a significant increase in speed and reliability.

THIS JUST IN: See the test results here: http://www.appriver.com/exchange/akamai-gomez_jan2010.html

I’ll admit that Akamai’s technology is still largely beyond my grasp.  But I don’t have to be a painter to appreciate the work of Monet -- and I don’t have to be a programmer to love the performance of Akamai.

Recover Deleted Items for all folders with Microsoft Outlook 2010

Thursday, January 7, 2010 by James Dean

With so many applications to access email; mobile and installable client there is always a chance for things to go wrong. Two of the main problems I see are data duplication and data purges of calendar and contact items. Using built-in Deleted Item Retention of Microsoft Exchange you can recover those lost items with ease using a Microsoft Outlook client. Prior to Outlook 2010 you could add a registry key to your computer to enable the use of Recover Deleted Items from any folder in your mailbox, including non-mail items folders. However if your using Outlook 2010 you will not find the Recover Deleted Items button when you click on a non-mail items folder, whether you have the registry key or not. Using the instructions below you can add the Recover Deleted Items icon to the Folder section of your Ribbon for all folders regardless of the data they contain.

The Recover Deleted Items icon is in the Folder section when you are in a mail item folder.

When you are viewing a non-mail item folder (calendar, contacts, etc…) the Recover Deleted Items icon is no longer available. If the contact “Mr. John J Doe” was Shift-Deleted or purged by your mobile client (I have seen it more times than I can count) how would you get it back?

With Outlook 2010 open click the File Ribbon tab then click the Options button.

On the right-hand side add a New Group under the Folder main tab. You can rename it after it is created.



Change the “Choose commands from:” to All Commands. Scroll down and select the “Recover Deleted Items…” option then click the “Add > >” button to add this option to your newly created custom group.

You will now see your new group and the Recover Deleted Items icon in the Folder tab on all folders.

If you were to click the button you will see that you have access to any purged/shift-deleted items from that folder.

If you use the recover option you will see that your item has now been returned.


This test was done using Appriver's Hosted Exchange 2007 backend product.  There are new changes in Deleted Item Retention with Microsoft Exchange 2010 and we will document them as soon as Microsoft releases their new Hosted version of Exchange 2010.  If you have any questions/comments please let feel free to leave them in the comments section.

- James Dean
Senior Exchange Engineer, AppRiver LLC
Exchange Hosting by AppRiver