Security Web Digest: SARS Worm, Privacy Litigation, The Spammers Strike Back ... and More

Email marketers sue spam-blocking organizations... eBay and privacy policies called into question... Court rules against Verizon... and more from around the web

Download the authoritative guide: The Ultimate Guide to IT Security Vendors


A new computer worm, known as Coronex, takes advantage of public panic about the real life virus, Severe Acute Respiratory Syndrome. The mass-mailing Windows worm aims to persuade people to open an attachment offering details on the current SARS epidemic. If opened the worm forwards itself to all contacts in the Outlook address book.


A Boca Raton trade association calling itself has filed suit against spam opponents, seeking a jury trial and damages of $75,000. Named are two prominent antispam groups, a German domain registrar and nine individuals. The complaint alleges antispam groups have interfered with contracts between marketers and their Internet service providers by petitioning the ISPs to remove the marketers from their networks. The group also claims that organizations Spamhaus and the Spam Prevention Early Warning System, the two primary defendants named in the suit, "sell products which block the electronic transmission and communications of American citizens and businesses."

Officials at Junkbusters and the Electronic Privacy Information Center (EPIC) held a joint news conference Tuesday in which they discussed their decisions to file separate complaints with the Federal Trade Commission against eBay and because of privacy concerns.

Junkbusters President Jason Catlett said he has problems with eBays "two-tiered" privacy policy, which he called deceptive. Catlett said that in its privacy policys summary, eBay says it will turn over personal data to outside agencies only when absolutely necessary. However, the more detailed policy states that eBay will turn over such information at its discretion and without a warrant or subpoena, Catlett said.

Following Catletts presentation, EPIC deputy counsel Chris Hoofnagle charged that is in violation of the federal Childrens Online Privacy Protection Act (COPPA) of 1998. Hoofnagle said the toy section of constitutes a Web site designed to attract children, which would put it under jurisdiction of COPPA. EPIC charged in the complaint that children under age 13 can enter private information on the site that can then be viewed by others. He questioned an apparent lack of parental control over the information some children are providing, such as their names, addresses and ages.

Digital Music

U.S. District Court Judge John Bates ruled Thursday Verizon must reveal the names of two Internet customers the Recording Industry Association of America (RIAA) claims have illegally downloaded hundreds of copyrighted songs from the Web. Bates also issued a temporary stay to allow the U.S. Court of Appeals time to consider the issue of a stay. Invoking the subpoena clause of the DMCA, the RIAA in August asked Bates to force Verizon to reveal the name of a subscriber suspected of downloading copyrighted music. Verizon contended the subpoena related to material transmitted over Verizons network, but not stored on it, and thus fell outside the scope of the subpoena power authorized in the DMCA.

Microsoft dug its roots a little deeper into the music business Wednesday, as copy-protection company Macrovision agreed to license its Windows digital rights management technology for CDs. The pre-ripped, or "second session" Windows Media files added to music discs will allow record labels to specify exactly what can be done with the songs, such as burning a few extra CDs, making a few digital copies, or transferring them to an MP3 player. Despite the movement on the technology front, there remains no indication from the major music labels as to when they might start releasing protected titles in the United States