Internet Security Report Details Hijacking of Popular Jewish Brand

A recently published report from Internet security company McAfee vindicated the Jewish Web site Chabad.org, revealing that unknown persons stole the site’s signature blue logo and e-mail template to style official-looking spam messages and sell unregulated prescription drugs.

According to McAfee’s “October 2009 Spam Report,” spammers have grown more sophisticated in their tactics, leading to a whopping 19 of 20 e-mail messages worldwide being generated by bogus sources. The report highlighted 10 different instances of popular brands, such as Western Union, the Monopoly board game, The Hollywood Reporter and Chabad.org, being hijacked to hawk Canadian pharmaceutical products.

Top-level IT staff at the New York offices of Chabad.org discovered the problem several weeks ago after users forwarded some of the counterfeit messages. They then reached out to technicians at major e-mail providers such as Gmail and Yahoo in an effort to prevent authentic messages from being flagged as spam in the days leading up to the High Holidays.

RELATED Related News Stories Vancouver Doctor Looks for Inspiration in Visit to Brooklyn Scholars Around the World Respond to Increasing Flurry of Questions Study Highlights Chabad.org as “Brand Leader” Chabad Centers Chabad Lubavitch Media Center

“There was a sense of urgency in dealing with this problem,” explained Rabbi Moshe Rosenberg, who leads the subscription department for Chabad.org, “as many people look to us for guidance in their exploration of Judaism. We owe it to our subscribers who look forward to their daily and weekly selections, and we would not want them to miss even a single issue.”

With the assistance of Brad Taylor, Google’s anti-spam “czar,” Gmail and Chabad.org were able to come up with a solution to filter out the bogus messages from the authentic Chabad.org communications. Other providers implemented similar fixes at the request of Chabad.org.

Chabad.org’s own e-mail system adheres to Internet email standards and accepted practices, and is accredited by the Institute for Social Internet Public Policy, a leading e-mail deliverability and public policy group.

Following up the report on Tuesday, David Marcus, director of security research and communications for McAfee Labs, saw in the targeting of Chabad.org “recognition of its identity as a leading Jewish website.”

The report did not detail the behind-the-scenes efforts to ensure the reliability and trust of Chabad.org’s popular e-mail subscriptions – more than 350,000 subscribers receive content from more than 70 different Chabad.org products – but it concluded that spammers likely didn’t expect a high rate of success in their scheme.

Given the spiritual import of the site’s content, “those familiar with Chabad.org are likely to take the time to read farther into the e-mail,” write the report’s authors, Adam Wosotowsky and Elan Winkler.

“Although this exploitation did not reach the volume that some other examples of brand abuse have achieved, this example certainly expands the list of target audiences that the spammers are trying to reach for black-market pharmaceuticals. … For the spammers who generate 150 billion pharmacy spams a day sent from zombie computers, it’s probably worth a shot.”

“Brand abuse is a growing trend and happens [billions of] times a day to some of the world's largest companies,” added Marcus. “But the data shows us that this was a short-term attack on Chabad.org and that spammers have now moved on to other companies.”