Cloudmark has been monitoring a new virus attack which started around 8:30AM Pacific time on Monday, November 16, 2009. With subject lines saying “payment request from” and mentioning a random, very large company, they’re attention-getting and coming in huge quantities. As of 3PM Thursday, November 19, almost 2.5 million attempts have been made to deliver copies of this to customers protected by Cloudmark Desktop.

Some sample subject lines:

Subject: payment request from "DuPont"
Subject: payment request from "Converse"
Subject: payment request from "Mars Incorporated"
Subject: payment request from "Morgan Stanley"
Subject: payment request from "Big Lots"

The payloads for these messages have nothing to do with any of the companies mentioned, of course. Those companies are just innocent victims whose familiar names are called out to trick you into opening the email message. Instead, the attached ZIP files are intended to bring your computer under the control of someone else. Kaspersky is identifying the attachments as Trojan.Win32.Sasfis.vbw; Trend Micro calls them TROJ_AGENTT.WTRA.

Safe computing practices can protect you from being infected. Make sure your anti-virus and anti-malware programs, your operating system, and your other programs are up to date and take care to only open attachments from trusted correspondents (only AFTER verifying that they intended to send you the attachment).

Affiliate marketing, where a company provides compensation for affiliates driving traffic (and potentially sales) to their sites, may have adverse ramifications if not properly managed. Over the past week, affiliate-driven spam has once again migrated to the top of our radar. It is unclear whether legitimate brands have decided not to police their rogue affiliates, or they do not fully understand the negative effects of an unmanaged affiliate program.

In one example this week, messages advertising the products and services of a major brand were sent out containing rotating, disposable domains and hashbuster text from multiple netblocks of IP addresses, a practice commonly known as “snowshoe.” The affiliate is sending unsolicited bulk email and engaging in practices to evade spam filters and IP reputation services.

Ultimately, turning a blind eye to the action of affiliates can lead to a decrease in engagement and an increase in spam reports from recipients due to increased frequency, damage to a brand’s reputation, and possibly, litigation.  CAN-SPAM requires companies to be responsible for their affiliate programs. According to the Institute for Social Internet Public Policy, “if the affiliate is dishonest, and hides their true identity, then the affiliate program for the product featured in the email (which will be the product being sold under the affiliate program) becomes responsible. In other words, if you are advertised in the affiliate’s email, and the affiliate cloaks who they are, you become responsible.”

Before CAN-SPAM, AOL successfully sued Cyber Entertainment Network “based on the principle of negligent enablement and negligent hiring and retention. The lawsuit said that they had retained affiliates they either knew or should have known were engaged in spam to advertise their Web sites.”

Hopefully, these brands will realize the potential long-term fallout outweighs the short-term gains and make changes to prevent further misuse of their affiliate programs.