Recently, we stumbled across an existing website that seems to be part of some adware that a user can inadvertently install that changes his homepage to While this site has no relation to the AppRiver Web protection platform, SecureSurf™, it does share a similar name. The culprit is likely software or adware that changes a homepage to the malicious site. If this happens to you, a quick search online will show a few helpful guides on removing that software from your computer.

There are a few variants that seem similar to this situation. Usually, the initial problem occurs with bundled software installs. Bundled installs couple software that a user deliberately installed with software the user did not select to install. Typically, this is where it will install additional software without the user knowing, often by the user being automatically opted in to the complete install and not specifying that nothing other than the original program is to be installed.

Sometimes, this additional software can be what is known as a Potentially Unwanted Program (PUP). This type of software markets itself as being useful to users because it tracks browsing history and shows more advertisements based on searches. While maybe not breaking any rules and being valid software to the creators, PUPs are usually an opinionated class of software that generally users would never elect to install on their own. The installs could be attributed to bundles of software packages or users being tricked in to installing it.

Having a PUP on a computer can have a few consequences sometimes. They can hijack things like Web browser search results, possibly showing users links that are more likely to make the program authors money. They can sometimes inject their own advertisements in to webpages where a user otherwise may have seen a different ad or no ad at all. Some can even go as far as tracking users’ browsing habits to gather information on them.

The bottom line: Web protection like SecureSurf can help keep malware like off of your computer.

Our annual Global Security Report, which highlights email and Web-borne malware threats from the previous year, is out on shelves. Our findings indicate that botnets are making malware and spam campaigns more accessible than ever, which likely contributed to 2016’s escalation in malware activity—which clocked in at 15.5 billion malicious emails and 30.4 billion spam emails during 2016. The report also includes metrics from Web-borne threats, reporting an average of 40 million unique threats daily throughout the second quarter.

The report notes that in addition to traditional hardware like personal computers, the Internet of Things (IoT) delivers a new catalogue of devices that can be hacked for nefarious purposes. Smart watches, mobile phones, and smart assistants offer botnets millions of more devices that can be used to deliver their malware campaigns, or even to gather data on unfortunate consumers.

The report also includes predictions for 2017, including:

  • Acts of cyber aggression will become the new front lines between nation states
  • Mobile malware will become a household name
  • IoT botnets will continue to wreak havoc
  • Ransomware will continue to be the most prolific threat on the Web
  • New legislation will be passed to give more investigative powers to law enforcement

To read the full report, visit

As many of you may already know, AppRiver offers Office 365 under the Microsoft Cloud Solution Provider (CSP) program. Under a two-tier CSP, like AppRiver, partners have the ability to sell both Office 365–and the products that secure it, like spam and virus filtering, email continuity, and Web protection.

However, the most common obstacle we hear from partners is that new or potential clients are either already signed up for Office 365 through Microsoft directly, or through another Office 365 vendor/reseller. Before CSP, moving that account away from Microsoft or another Office 365 reseller required a full data migration, which was quite the undertaking.

Now through CSP, partners can move to an AppRiver tenancy without having to go through a full data migration. Partners are able to migrate the account within just a few clicks within the Partner Portal, and have the ability to use their Microsoft MPN ID so that they receive their Microsoft partner points for Office 365 accounts held with AppRiver.

In addition to easy migration tools, AppRiver’s CSP program offers the following:

  • complete ownership of the billing cycle for resellers
  • 10% commission for the life of the account for referral agents
  • tiered partner levels so that partners can have access to the resources they need to be successful
  • Office 365 Internal Use Rights licensing
  • 100% Partner Success Guarantee
  • free, on-demand partner certification training from AppRiver University
  • appMailer, a free, proprietary email marketing solution designed by AppRiver
  • dedicated channel sales team

To learn more or to get started, please contact us at


Windows shortcut files have seen a small rise in popularity lately. The shortcut files, using the .lnk file extension, are essentially small files Windows uses to point elsewhere in the file system. Normally you may think of shortcuts to other programs like your browser or a game residing on your desktop. Well this malware is essentially operating in the same way, but taking advantage of the powerful Windows shell tool…Powershell.

The “missed parcel” tactic is a pretty common theme among malware campaigns. It’s vague enough to get most users attention in to wanting to click for more detail. The same can be seen with missed fax/voicemail/jury duty, etc campaigns. This one was pretty plain with a zip attached promising more information once opened.

Inside that zip file is a shortcut (.lnk) file. The target for this shortcut file though point to Powershell. For those not in the know, Powershell is a command line based utility in Windows. Essentially it’s capable of doing anything you would normally do inside the operating system with the added ability of supporting scripting as well as a plethora of other things. It is essentially a programming language for controlling the entire Windows OS. Most average users likely won’t be using or know of Powershell, but in the hands of a malware author it can be used for their malicious purposes.


In this case, the shortcut that point to running Powershell also passes along some command line options. These are the core of what makes this file malicious. It is fed a list of url’s to try and connect to, download the payload, and execute said payload. The files seemed to each have unique uri identifiers in them in a sub web directory of /counter/ in the server dishing out the actual payload.

Ultimately the downloaded payload in this specific case is a version of the Osiris ransomware. It spins up a process labeled a1.exe based on the file it downloads form one of the url’s passed to powershell and goes to work on the system encrypting files. Once it is completed, it changes the desktop background and you get a file pop up describing what has happened to your system.


Ransomware is going to be around a while and most follow the same tactic of encrypting, notifying you, and demanding money for the files back. One of the factors in to the success of an attack campaign is how the malware is being delivered in the first place. So .lnk files are yet another file type being abused for malware delivery and a tactic we’ll likely see more of.


For many IT channel partners, the billing, support, sales, marketing, and executive departments all sit in the same office—sometimes even the same chair. Between all their other tasks, it is often hard to make time for marketing. That’s why this morning, we revealed a new email marketing tool for our partners. appMailer allows AppRiver’s partners to send pre-templated and co-branded email campaigns to their customers, quickly, easily, and best of all, at no additional cost.

appMailer is easily accessible from within AppRiver’s Partner Portal. While no automated mail service is required to send an email campaign through appMailer, it can be integrated with MailChimp, Campaign Monitor, Constant Contact, or HubSpot. Users can also create an HTML file that can be sent using Outlook.

Cobranding is as simple as uploading a company’s logo and contact information into the email template (once), and all templates are completely editable. Additionally, the email campaign will generate a URL that will be active so long as the campaign is not deleted. This URL can be used as a landing page for customers so that the partner does not have to host it.

To learn more about appMailer, please visit