SAN FRANCISCO, October 3 /PRNewswire/ --

Taking aim at the bot and zombie malware that turns unsuspecting users'
computers into dangerous spam and identity theft networks, MAAWG has issued
the first best practices developed cooperatively by major Internet and email
service providers for managing infected subscribers. The "MAAWG Best
Practices for the Use of a Walled Garden" provides recommendations for
directing customers to a safe online environment where downloadable
self-remediation tools can help users remove the malicious code installed on
their computers.

(Logo: http://www.newscom.com/cgi-bin/prnh/20070124/CLW180LOGO)

"The industry needs to define best practices to address this problem just
as a public health department would define quarantine procedures for a
biological infection that is affecting its citizens. These best practices are
the first effort at unifying and educating ISPs and service providers on how
to effectively confront this rapidly spreading malware," said Scott Chasin,
editor of the MAAWG walled garden recommendations and MX Logic, Inc. chief
technology officer.

Wall gardens are closed online environments created by service providers
where subscribers can safely disinfect their systems. When subscribers with
infected computers try to access the Web, their browsers are automatically
redirected to a protected environment provided by the ISP where the malicious
code can be securely purged. The MAAWG best practices recommend these walled
garden sites include downloadable tools that allow users to remove the
malware themselves and that once the malicious code has been deleted
subscribers' Web access be easily restored. According to the best practices,
end-user education should be a priority.

"Infected subscribers are facing a real menace but have no idea they have
been compromised unless they notice their computers are running a little slow
or the malware shows up in an anti-virus scan," said Chasin.

Addresses Significant Source of Spam and Fraud

Currently, a large percentage of spam is sent through these ill-gotten
networks. According to Richard Cox, the Chief Information Officer at the
Spamhaus Project, a nonprofit that tracks malicious online activity and whose
representative serves as a MAAWG senior advisor, "Every day -- day in, day
out -- we see between 750,000 and 1.2 million new IP addresses, proxies and
botnet zombies attempting to send spam. This does not mean they are all new
infections, as infected PCs tend to move around the Internet IP address space
of the users' ISP."

In a botnet, malware from various sources, such as a contaminated email
or malicious code downloaded from a malignant Web site, is unknowingly
installed on users' computers. Once deployed, the "bot" or "zombie" machine
is controlled by commands from a "bot master," a person who uses the infected
network to send spam or carry out fraudulent activities. The malicious code
is often designed to run in background mode, so subscribers with polluted
machines are usually unaware their systems are sending large quantities of
spam.

The surreptitious networks can range from a thousand infected computers
to hundreds of thousands and also can be used to launch Distributed Denial of
Service (DDoS) attacks that prevent legitimate users from accessing a
targeted Web site. Among other threats, the malware might also include a "key
logger" to record users' keystrokes and capture passwords or sensitive
financial information that is forwarded to identity thieves.

Chasin said, "This is the first step and we'll continue to drive
peer-to-peer discussions on this issue. Service providers are becoming more
sophisticated in their approach to botnets, and they realize the benefit to
both themselves and the broader online community as they educate
subscribers."

The "MAAWG Best Practices for the Use of a Walled Garden" outlines
criteria for entering and exiting closed safe environments, recommendations
for convenient end-user self-remediation, and practices to make end-user
education a primary focus. The document is available on the MAAWG Web site at
www.MAAWG.org.

About the Messaging Anti-Abuse Working Group (MAAWG)

The Messaging Anti-Abuse Working Group (MAAWG) is where the messaging
industry comes together to work against spam, viruses, denial-of-service
attacks and other online exploitation. MAAWG (www.MAAWG.org) is the only
organization addressing messaging abuse holistically by systematically
engaging all aspects of the problem, including technology, industry
collaboration and public policy. It leverages the depth and experience of its
global membership to tackle abuse on existing networks and new emerging
services. Headquartered in San Francisco, Calif., MAAWG is an open forum
driven by market needs and supported by major network operators and messaging
providers.

Media Contact: Linda Marcus, APR, +1-714-974-6356, lmarcus@astra.cc, 
Astra Communications

MAAWG Sponsors (Board of Directors): AOL; AT&T; Bell Canada; Charter
Communications (NASDAQ: CHTR); Cloudmark; Comcast (NASDAQ: CMCSA); Cox
Communications (NYSE: COX); EarthLink (NASDAQ: ELNK); France Telecom (NYSE
and Euronext: FTE); Goodmail Systems; Google Inc.; Microsoft Corp. (NASDAQ:
MSFT); Openwave Systems (NASDAQ: OPWV); Time Warner Cable; Verizon
Communications; and Yahoo! Inc.

MAAWG Full Members: 1&1 Internet AG; AG Interactive; Bizanga LTD;
Internet Initiative Japan, (IIJ NASDAQ: IIJI); IronPort Systems; McAfee Inc.;
MX Logic; Outblaze LTD; Return Path, Inc.; Sprint; Sun Microsystems, Inc.;
Symantec; Telefonica SA; Telus; and Trend Micro, Inc.

MAAWG Supporter Members: AcquireWeb, Inc.; Acxiom Digital; Adaptive
Mobile Security LTD; Adknowledge, Inc.; Aladdin Knowledge Systems; Alt-N
Technologies, Ltd.; Bandmail Solutions; BigHip; Bluehornet Networks, Inc.;
BoxSentry PTE Ltd.; CheetahMail, an Experian Co.; Cincinnati Bell; Click
Tactics; ColdSpark, Inc.; Commtouch Software LTD; CommuniGate Systems;
Constant Contact; Critical Path, Inc.; Datran Media; eBay, Inc.; eCircle AG;
ECO; e-Dialog; eleven GmbH; Emma, Inc.; Entidad Publica Empresarial RED.ES;
Epsilon; Everyone.net, Inc.; ExactTarget, Inc.; Facultas/Lyris UK; Fishbowl
Marketing; F-Secure Corp.; GetResponse, an Implix Company; Habeas Inc.;
iContact; Informz; Insender Technologies Inc.; Insight Midwest, L.P.; Ipsos
Interactive Services; Kerio Technologies, Inc.; Lyris Solutions;
Mail-Filters; Mansell Group, Inc.; Merkle/Quris; Message Level, LLC; Message
Systems; Messagelabs; Messaging Architects; Mirapoint Inc.; MTS Allstream
Inc.; Netsuite, Inc.; Nextel Communications; Perftech, Inc.; Pivotal
Veracity; Premiere Global Services; Responsys, Inc.; Rockliffe Systems;
Rogers Cable; RPost; RSA Security Inc.; S.C. Softwin SRL; Salesforce.com;
Sana Security; Sandvine Incorp.; Sendmail, Inc.; SMobile Systems; Sophos
Plc.; Splio; St. Bernard Software; StreamShield Networks; StrongMail Systems,
Inc.; Synacor, Inc.; TDC; TDS Telecom; Team Cymru; ThinData; TMN Group;
Travelocity.com LP; TRUSTe; Tucows Inc.; UPC Broadband Operations BV;
Verisign Inc.; Webmail.us; Word To The Wise; Yesmail; and ZDirect, Inc.

Web site: http://www.MAAWG.org