Contact Us

Internet Security Report Details Hijacking of Popular Jewish Brand

Internet Security Report Details Hijacking of Popular Jewish Brand

 Email
McAfee provided a screen shot of a bogus e-mail bearing a stolen Chabad.org logo in its recent report on spam activities around the world.
McAfee provided a screen shot of a bogus e-mail bearing a stolen Chabad.org logo in its recent report on spam activities around the world.

A recently published report from Internet security company McAfee vindicated the Jewish Web site Chabad.org, revealing that unknown persons stole the site’s signature blue logo and e-mail template to style official-looking spam messages and sell unregulated prescription drugs.

According to McAfee’s “October 2009 Spam Report,” spammers have grown more sophisticated in their tactics, leading to a whopping 19 of 20 e-mail messages worldwide being generated by bogus sources. The report highlighted 10 different instances of popular brands, such as Western Union, the Monopoly board game, The Hollywood Reporter and Chabad.org, being hijacked to hawk Canadian pharmaceutical products.

Top-level IT staff at the New York offices of Chabad.org discovered the problem several weeks ago after users forwarded some of the counterfeit messages. They then reached out to technicians at major e-mail providers such as Gmail and Yahoo in an effort to prevent authentic messages from being flagged as spam in the days leading up to the High Holidays.

“There was a sense of urgency in dealing with this problem,” explained Rabbi Moshe Rosenberg, who leads the subscription department for Chabad.org, “as many people look to us for guidance in their exploration of Judaism. We owe it to our subscribers who look forward to their daily and weekly selections, and we would not want them to miss even a single issue.”

With the assistance of Brad Taylor, Google’s anti-spam “czar,” Gmail and Chabad.org were able to come up with a solution to filter out the bogus messages from the authentic Chabad.org communications. Other providers implemented similar fixes at the request of Chabad.org.

Chabad.org’s own e-mail system adheres to Internet email standards and accepted practices, and is accredited by the Institute for Social Internet Public Policy, a leading e-mail deliverability and public policy group.

Following up the report on Tuesday, David Marcus, director of security research and communications for McAfee Labs, saw in the targeting of Chabad.org “recognition of its identity as a leading Jewish website.”

“The data shows that this was a short-term attack and that spammers have now moved on.”

The report did not detail the behind-the-scenes efforts to ensure the reliability and trust of Chabad.org’s popular e-mail subscriptions – more than 350,000 subscribers receive content from more than 70 different Chabad.org products – but it concluded that spammers likely didn’t expect a high rate of success in their scheme.

Given the spiritual import of the site’s content, “those familiar with Chabad.org are likely to take the time to read farther into the e-mail,” write the report’s authors, Adam Wosotowsky and Elan Winkler.

“Although this exploitation did not reach the volume that some other examples of brand abuse have achieved, this example certainly expands the list of target audiences that the spammers are trying to reach for black-market pharmaceuticals. … For the spammers who generate 150 billion pharmacy spams a day sent from zombie computers, it’s probably worth a shot.”

“Brand abuse is a growing trend and happens [billions of] times a day to some of the world's largest companies,” added Marcus. “But the data shows us that this was a short-term attack on Chabad.org and that spammers have now moved on to other companies.”



© Copyright, all rights reserved. If you enjoyed this article, we encourage you to distribute it further, provided that you comply with Chabad.org's copyright policy.
Start a Discussion
1000 characters remaining
Connect with us
RSS
In the Media
Find A Chabad Center Near You
Chabad-Lubavitch Directory