MA

RSHA

L TRACE REPO

RT

1

Marshal Security Threats: Spam, Phishing, MalwareBy Marshal Threat Research & Engineering Team December 2007

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

2

CONTENTS 2

INTRODUCTION 3

EXECUTIVE SUMMARY 3

FACTS & FIGURES 4 Spam Volume 4 Spam Categories 4 Spam Sources by Country 6 Spam Sources by Continent 7 Spam Message Structure 7 Spammers Experiment with Attachments 8 Spam with URLs 9 Spam Size 9 Phishing 10 Phishing by Country of Origin 10 Phishing Gangs and Targets 11

THE THREAT LANDSCAPE 12 Malware and Botnets 12 Botnets Remain the Major Problem 12 Increasingly Professional Criminal Cybereconomy 13 Spam and Malware are Increasingly Blurred 13 Malware Distribution Shifts to the Web 14

CONCLUSION 16 Predictions for 2008 16 Recommendations 17

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

3

INTRODUCTION

This report has been prepared by the Marshal Threat Research and Content Engineering Team (TRACE). It is a review of the trends and developments in spam, phishing and malware in 2007. It also comments on the malware and botnets that underpin and sustain the global spam phenomenon.

TRACE researches the areas of spam, phishing and malware. It is also responsible for the anti-malware defense and updates for Marshal’s suite of content security solutions, including MailMarshal’s SpamCensor, and Zero Day updates.

Data and analysis from TRACE is continually updated and accessible online at www.marshal.com/trace.

EXECUTIVE SUMMARY

• Totalspamvolumeincreasedbyover50%inthelatterhalfof2007,reflecting the evolution and refinement of the major spam-sending botnets.

• Spammersreactedtobetteranti-spamtechniquesbyimprovingtheirbotnets and simply sending even greater volumes of ‘ordinary’ spam.

• Stock‘pumpndump’spamdeclinedtoanalmostinsignificant1%ofspamafteritspeakofnearly50%inFebruary2007.

• Healthspam,toutingpillsandpotions,continuedtodominateasthetopspamcategory,representingnearly70%ofallspam.

• Theproportionofimagespamdeclinedfurthertounder5%,asspammersrevertedbacktoplaintextandHTMLformatsduringthelatterhalf of 2007.

• Spammersexperimentedwithnewformatsin2007,includingPDF,Excel,andMP3fileattachments,buttheseformatswereshort-lived.

• Overallphishinglevelsremainedaround0.5%asaproportionofallspam during the second-half of the year.

• Majorphishingtargetsremainedthebankinginstitutions.However,thesetargetschangedeveryfewweeksasphishersconstantlysoughtnew victims.

• Botnetsremainabigproblemastheprimedistributorsofspamandreached new heights of sophistication and capability in 2007.

• Thedistinctionbetweenspamandmalwarebecameincreasinglyblurred

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

4

asthespam-sendingbotnetssoughttoexpandtheirnetworksbyusingemail to ‘advertise’ the presence of malware on websites.

• TherewasamarkedshifttousingtheWebtodistributemalware,involvingbothhackedwebsitesandspammedforumsandblogsthatwere used to drive users to websites hosting malicious code.

FACTS & FIGURES

Spam Volume

TheTRACEteammonitorsspamvolumethroughitsSpamVolumeIndex(SVI)whichtracksthespamreceivedbyarepresentativesampleofdomains.TheSVIshowsspamvolumeincreasedmarkedlyinthesecondhalfof2007,following relatively modest growth in the first half-year. The huge increase in spam reflects the evolution and refinement of the major spam-sending botnets – notably the Storm botnet from July onwards. The sharp rise in November-December 2007 not only reflects more spam, but also the typical Christmasspamspike–aphenomenonwehaveobservedforthepastthreeyears running.

Figure1:MarshalSpamVolumeIndex(SVI)

Spam Categories

Healthspam,promotingpharmaceuticalssuchasweightlosspillsandperformance enhancing drugs, consolidated its position as the dominant spamcategory.Figure2isasnapshotofspamcategoriesinDecember2007anditshowsthehealthcategorycomprisingnearly70%ofallspam.Malesexualorganenlargementspamisespeciallyprevalentinthiscategory

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

5

and, at times, a single type of this spam comprised one third of all the spam received in the TRACE spam traps during November-December 2007. Productspam,whichpushesitemssuchasreplicawatches,andcheapsoftware,wasthesecondlargestcategoryat26%ofallspam.

Figure2:SpambyCategory,December2007

Stockspam,whichtoutspennystocksinorderforthespammerstomakeafinancial gain, has been subject to the biggest change during the year. The July-December2007periodsawstockspamdwindletoalmostnothing.Byyear-enditrepresentedlessthan1%ofallspam-amajorturnaroundwhencomparedtoitspeakofnearly50%inFebruary2007.Wecannotsaypreciselywhystockspamhasdeclinedinthisway;however,likelyreasonsinclude:

• Overuseofstockspamleadingtodecliningreturnstospammers

• Interruptionofstockspammersoperationsfromtheactionsofsecuritiesregulators and law enforcement authorities

Figure3illustratestheweeklychangesbetweenthemajorspamcategoriesandillustrateshowstockspamhasdroppedmarkedlyovertheyear.Althoughthereductioninstockspamiswelcomenews,theoverallvolumeof spam remains high - reminding us once again that spammers, as always, arequicktoadapttonewcircumstances.

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

6

Figure3:MajorSpamCategoriesJanuary-December2007

Spam Sources by Country

Wherespamcomesfromprovidesaninsightintohowspamisdistributed.About70%ofallspamoriginatesfromfifteenorsocountries.Asmost spam is sent by spam botnets, this pattern reflects the number of compromised computers, or ‘bots’, in those countries. As of December 2007, the United States was the leading source of spam. Russia was the biggestmoverinlate2007andjumpedtosecondplacewithnearly10%ofall spam. Also of interest was China and South Korea, both traditionally major sources of spam, dropping down the table.

Figure4:TopSpammingCountries,December2007

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

7

Spam Sources by Continent

Whenthespamstatisticsareanalyzedbycontinent,Europetopsthelist,with many of its countries contributing to global spam, notably Russia, Poland,ItalyandGermany.

Figure5:SpamSourcesbyContinent,December2007

Spam Message Structure

Thelatterhalfof2007markedashiftbacktomoretraditionalspamformats. Spammers moved away from image spam towards more ordinary, plaintextandHTMLspamformats.Figure6showssomeoveralltrendsinspammessagestructure,withadeclineinimagespamtojustunder5%andanoticeableincreaseintheuseofplaintextspamduringAugustandSeptember 2007.

Figure6:TrendsinSpamMessageStructure

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

8

Spammers Experiment with Attachments

Asspammersmovedawayfromimagespam,theyalsoexperimentedwithdifferent ways to send spam in attachments. During the second half of 2007,anumberofdifferenttechniquesweretried,notablytheuseofPDFattachmentscontainingthespammessage.Figure7showsthePDFspamspikeinAugust,which,attimes,peakedatover20%ofallspamreceived.

Figure7:AttachmentSpamasPercentofTotal,January–December2007

SpammersalsoexperimentedwithdeliveringtheirmessagesviaotherattachmentsincludingZIP,TextandExcelattachments1, and even “audible spam”usingMP3files.

Figure8:ExampleofMP3AttachmentSpam

1Excelandtextspam:Whatnext-http://www.marshal.com/trace/traceitem.asp?article=270

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

9

Allthesenewtechniqueswereshort-lived,suggestingalowsuccessratefromthesenewspammechanisms.Intheend,spammersrevertedbacktothe‘triedandproven’textandHTMLformats,asFigure6shows.

Spam with URLs

During 2007 there was also major turnaround in the amount of spam containingURLlinks.Figure9showsthatovertheyear,theproportionofspamwithURLlinksrosetoover90%fromitslowof55%inJanuary2007.

Oncecommoninalmostallspam,URLlinksinspamdeclinedin2006asstockspamandimagespamgainedprominence.StockspamhasnoneedforURLsbecauseitmerelytoutstheadvantagesofaparticularstock,andsomeimagespamtypeshidetheURLintheimagesothatyouhavetotypeitintoyourbrowsertoaccessthewebsite.TheresurgenceofURLlinksin2007reflectsthedeclineinbothstockandimagespam.

TheupsideofthisdevelopmentisthatURLfilteringhasonceagainbecomeaveryusefulanti-spamweapon.URLfilteringworksbyextractinganyURLsfromaspammessageandqueryingthemagainstadatabaseofknown‘spammy’URLs.Figure9showsthecorrespondingincreaseineffectivenessofURLfilteringjustwithMailMarshal’sURLCensorovertheperiod.

Figure9:ProportionofSpamwithURLs

Spam Size

InlinewiththemovebacktowardstypicalplaintextandHTMLemail,theaveragesizeofspamhasalsodeclined–nowhoveringjustunder4KBasdepictedinFigure10.

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

10

Figure10:AverageSpamMessageSize

Phishing

During the second half of 2007, phishing spam remained reasonably consistent,hoveringaround0.5%oftotalspamreceived.

Figure11:PhishingasaProportionofSpam,January–December2007

Phishing by Country of Origin

Bycountryoforigin,Spainwasthetopsourceofphishingemailat16%inDecember2007,followedcloselybyItalyatnearly15%.Duringthelastsixmonths,theUShasslippedseveralplacesandnowsitsatonly3.5%.Interestingly,thedominanceofSpainandItalyisquiteadifferentprofilefromspamasawhole,wheretheUSandRussiatopthelist(seeFigure4).

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

11

Figure12:TopPhishingCountries,December2007

Phishing Gangs and Targets

Judging by similarities among phishing messages, a handful of groups seemtodominate,suggestingphishinghasbecomeaspecializedactivity.Oneparticulargroup,theRockPhishGang,isestimatedtoberesponsiblefor over one-half of all phishing emails2. This gang’s phishing emails are distinctive and dominate the daily phishing catch.

The major phishing gangs select specific targets to build their scam around, usuallyfinancialinstitutions,althoughotherorganizationslikePayPalandeBayareconsistentlytargetedatalower,yetstillsignificant,level.Eachtargetmaybeusedforafewweeksormorebeforemovingontonewtargets.ThefollowingchartsinFigure13showtwodifferentsnapshotsofthis targeting. In both early November and early December 2007 the chief targetwasNatWestBank.Amongthesecondtier,theBankofScotlandandCitizensBankweretargetedinearlyNovemberbutnotinearlyDecember,whenHSBC,CitibankandFifthThirdbankweretargeted.

Figure13:PhishingTargetsinNovemberandDecember2007

2RockyGang:PervasivePhishers-http://www.marshal.com/trace/traceitem.asp?article=190

WeekEnding4Nov2007 WeekEnding9Dec2007

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

12

THE THREAT LANDSCAPE

Malware and Botnets

It would be incomplete to discuss spam without commenting on the malware and criminal activity that sustains it. Distributing spam and malwareisfirmlyinthedomainofprofessionalcriminalslookingforfinancialgain.Inthelastsixmonths,cyber-criminalshave,unfortunately,reached new heights of sophistication and capability. The following are somekeypointsthatemergefromourobservationsofmalwareandbotnetsoverthelastsixmonthsof2007.

Botnets Remain the Major Problem

Thevastbulkofspamissentviabotnets,andspamisincreasinglydominatedbythelargevolumecampaignsfromthemajorbotnets:

• Earlierinthisreport,wenotedthataparticulartypeofmalesexualorganenlargementspamcomprised33%ofallthespamcapturedbythe TRACE spam traps in November and December 2007.

• Anothergroup,whichwecallthe‘CelebrityGang’owingtotheirhabitof using celebrity names in the malware they spam out, was responsible forover20%ofallspaminthesameperiod3.

Notonlyhavethelargebotnetstakenoverintermsofspamvolume,theyhave also evolved to reach new levels of sophistication. During the middle of 2007, the Storm botnet grew rapidly following mass spamming of emails containinglinkstowebsiteshostingmaliciouscode.Thewebsitesnotonlyhostedexecutablefilesthatcouldbedownloadedbyusers,buttheyalsohostedmaliciouscodethatattemptedtoexploitanumberofdifferentknownbrowservulnerabilities.TheStormbotnetalsouses:

• Itsownpeer-to-peerprotocolwithmultiplecommandservers,makingitdifficult to disable

• Fast-fluxnetworkswithrapidlychangingDNSrecordstodistributeloadandreducetheeffectivenessofblacklistIPblocking4

• Proxyredirectionwhereback-endservershidebehindmanyfront-endhosts - usually compromised home computers

• Encryptedcommunicationsbetweennodes,makingithardertotrackand allowing the botnet to be segmented for renting to third parties5

3Celebrityspamgangaremajorplayers-http://www.marshal.com/trace/traceit-em.asp?article=389&thesection=trace4Cyber-criminalsuptheantewithfast-flux-http://www.marshal.com/trace/tra-ceitem.asp?article=259&thesection=trace5TheChangingStorm-http://www.secureworks.com/research/blog/index.php/2007/10/15/the-changing-storm

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

13

Thesekindsofdevelopmentselevatedbotnetsophisticationtonewlevelsin 2007 and were behind the large increases in spam, particularly in the second half of the year.

Increasingly Professional Criminal Cybereconomy

Thegroupsbehindspamandbotnetsaresophisticatedandhighlyorganized.Theyoperateinathrivingunderworldmarketplacewhereservices,softwaretools, and software development are freely bought and sold. Computer skillsarenolongernecessarytoexecutecybercrime.Malwareauthors,who may not even commit crimes themselves, simply develop and sell the tools, some of which come complete with support services6. This marketplaceisincreasinglycompetitiveandthereisevidencethatthepriceforacquiringtoolsisdecreasing7.

Botnets,forexample,havebecometoolsthatarebought,soldorrented.In one recent case a botmaster leased his botnet for as little as US$200 perweekfor6,000bots8.Withthislowoutlay,aspammercansend100million spam messages or more. The potential profit for spammers is now considerable. In one recent court case, a spammer admitted to earning US$250,000profit9. It is this sort of money that is driving ever greater volumes of spam.

Spam and Malware are Increasingly Blurred

The distinction between spam and email-borne malware is not clear-cut anymore.Botnetsareusedtodistributespamandmalwarealike.Atonemoment, a particular botnet campaign might be a garden-variety Viagra spamrun;atthenext,itcouldbeacampaignwithamaliciousfileattachedtotheemailoralinktoawebsitehostingmaliciouscode.Increasingly,spamcontainsbothanadvertisingmessageandmaliciouscode,orlinkstomaliciouscode(Figure14).Intermsofcontentfiltering,thequestiontodayis no longer “is it spam?”, rather it has become “did it come from a bot?”.

6Cyber-crimeforsale-http://pandalabs.pandasecurity.com/archive/Cybercrime_2E002E002E00_-for-sale-_2800_II_2900_.aspx7MpackClearanceSale-http://www.symantec.com/enterprise/security_response/weblog/2007/07/mpack_clearance_sale.html8Truecrime:Thebotnetbarons-http://www.infoworld.com/article/07/12/17/50FE-busted-botmen_1.html9High-earningspammersfacetoughersentences-http://www.networkworld.com/community/node/22659

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

14

Figure14:CombinedSpamandMalwareExample

Malware Distribution Shifts to the Web

In our last Security Report in June 2007, we noted that malware was increasinglybeingdistributedviatheWeb.Thereareanumberofreasonsfor this.

• TheincreasingpopularityofWebactivities,especiallyforums,blogsandsocialnetworkingsiteswiththeirrichuserinteraction

• IncreasedcapabilitiesofWebbrowserstoexecutecodeorlaunchexternalprograms

• Propensityforthesoftwareonend-usercomputerstobemanagedbadlyandseldomupdated,allowingeasyexploitation

These elements are changing the way cybercriminals are distributing malware. The second half of 2007 saw the distribution of malware via the Webonascaleneverseenbefore.Someofthetechniquesweobservedwere:

• Email mal-advertising. Wesawlargecampaignsinvolvingemail‘mal-advertising’withemailspammedoutwithaURLlinkpointingtomaliciouscodehostedonaWebserver.Thelinkcanbeassimpleasalinktoanexecutablewhichneedstheuserinputtodownloadandexecuteit.Orthewebsitemayhostmaliciouscodethatseekstoexploitknownbrowservulnerabilities.Themid-yearStormphenomenonwasagoodexampleofmal-advertisinginaction.

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

15

Figure15:StormEmail‘Mal-advertising’aWebsiteHostingMaliciousCode

• Hacking of legitimate websites. Instances of legitimate websites beinghackedcontinuetohappenatregularintervals.InNovemberwesawtheMonster.comwebsiteinfectedbyamaliciousIFramethatdirecteduserstoawebsitethatserveduparangeofexploits10.WealsosawthehackingofMySpaceprofilepages,inparticularthatofAlicia Keys, where users were diverted to a malicious website by means ofalargebackgroundimagehyperlink11.

• Mass spamming of blogs and forums. In late 2007 we saw evidenceofbotsthatpostURLlinksandkeywordstomanyonlineforumsandblogs.Thisservedtoincreasethesearchenginerankingsfortheattacker’smaliciousWebpagesthatwerecrammedfullofthosesamekeywords.Theendresultisthatuserssearchingforseeminglyinnocuous terms may end up at websites hosting malicious code12.

• Use of real Web services accounts to send spam. During the year wesawaccountsatseveralWebservices,includingHotmail,Gmailand YouTube, used to send spam. Spammers had found a way to create valid accounts en-masse and then used them to send spam via the legitimate email servers hosted by the service13.

10Monster.comhitwithanothermalwareattack-http://www.securecomputing.net.au/news/97730,monstercom-hit-with-another-malware-attack.aspx11MySpaceprofilesinstallspyware-http://www.marshal.com/trace/traceitem.asp?article=38812Malware‘Spread-by-Web’continues-http://www.marshal.com/trace/tra-ceitem.asp?article=44513YouTubeusedtosendspam-http://www.marshal.com/trace/traceitem.asp?article=331

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

16

CONCLUSION

Whileimagespamandstockspamdiedaway,theoverallvolumeofspamcontinuedtoincreasein2007.WhilesomeattemptsweremadebyspammerstousenewtechniquessuchasPDFattachments,spammerslargely reacted to better anti-spam technology by improving their botnets and simply sending a greater volume of ‘ordinary’ spam. Currently, it is not uncommonforenterprisestoreportspamaccountingforover90%oftheirinbound email.

Despitetheincreasedeffortsoflawenforcementagenciestocrackdownon spammers and their botnets, spam grew even worse in 2007. It seems that whenever a spamming gang is caught, there are others that jump up in its place. The financial motive of the cybercriminal underworld that sustains spamappearstoremainstrong.Thecostofacquiringthetoolsandservicesneededtosendspamisalsoreducing.Forthesereasons,wearenotoptimistic that spam is going to recede in 2008.

Predictions for 2008

• ThetechnicalsophisticationoftheStormbotnetisjustthebeginning.The major botnet operators will further refine their technology and other groupswillseektoemulatethem,drivingevengreatervolumesofspamin 2008.

• Theuseofspam‘mal-advertising’tolureuserstowebsiteshostingmalicious code will continue to grow strongly. More and more, these attackswilllookandfeel‘legitimate’totheenduser.

• TheshifttousingtheWebtodistributemalwarewillcontinueascybercriminalsseektoexploitthegrowinguseofWebservicessuchas forums and blogs, as well as users’ propensity not to update their software.

• ThemassivegrowthinpopularityofsocialnetworkingsiteslikeFacebook,MySpaceandLinkedIn,aswellasthesharesiteslikeYouTube, will guarantee increased attention by cybercriminals. User suspicion levels are lower when accessing such familiar sites. Information gleaned from these sites will also be used for targeted attacks,forexample,topromoteitemsofinterestlikevideosofafavorite sports team or a new music video.

• Theuseofnewertechnologies,notablyinstantmessagingandInternettelephony, to spread spam and malware will increase as cybercriminals seektoexploiteasier,unprotectedsystems.

MARSHAL SECURITY THREATS: SPAM, PHISHING, MALWARE - DECEMBER 2007

MA

RSHA

L TRACE REPO

RT

17

Recommendations

Enterprises and computer users need to continue to be vigilant as cybercriminals get ever more professional and sophisticated. Receiving emailandbrowsingtheWeb,nowinvolvesmorerisktheneverbefore.Hereareourrecommendationsfor2008:

• Goodanti-spamprotectionisimperative.Ensurethatyourspamfilteringsystems employ defense-in-depth by using multiple technologies for maximumresiliency.

• TakestepstosecureWebbrowsingatthegateway,includingtherestrictionofexecutableandothercontentthatcanbedownloadedbyusers.

• KeepWebbrowsersandotherdesktopsoftwaremeticulouslyup-to-date,asmanymaliciouswebsitesutilizeold,knownexploits.

• Educateusersaboutthenewdangersofemailandbrowsing,toensuretheyavoidfollowinglinksinunsolicitedemailandaresuspiciousofunexpecteddownloadpromptswhenbrowsing.

TRACE will continue to monitor and research spam and the wider threat landscapetoequipourcustomerswiththetoolsandknowledgetohelpprotect against the inevitable emergence of new threats in the future.

Wehopethatyouhavefoundthisreportinterestingandinformative.Ifyouhaveanyquestionsorcomments,pleaseemailusattrace@marshal.com.

EMEAMarshalLimited,Renaissance 2200, BasingView,Basingstoke,HampshireRG214EQUnited Kingdom

Phone:+44(0)1256848080Fax: +44(0)1256848060

Email:emea.sales@marshal.com

AmericasMarshal, Inc.5909Peachtree-DunwoodyRdSuite 770AtlantaGA30328USA Phone:+1404-564-5800Fax: +1404-564-5801 Email:americas.sales@marshal.com

Asia-PacificMarshalSoftware(NZ)LtdSuite1,Level1,BuildingCMillennium Centre600GreatSouthRoadGreenlane,AucklandNew Zealand

Phone:+6499845700 Fax: +6499845720 Email:apac.sales@marshal.com

CONTACT MARSHAL

©2008MarshalLimited,allrightsreserved.U.S.GovernmentRestrictedRights:Thesoftwareandthedocumentationarecommercialcomputersoftwareanddocumentationdevelopedatprivateexpense.Use,duplication,ordisclosurebytheU.S.GovernmentissubjecttothetermsoftheMarshalstandardcommerciallicenseforthesoftware,andwhereapplicable,therestrictionssetforthintheRightsinTechnicalDataandComputerSoftwareclausesandanysuccessorrulesorregulations.Marshal,MailMarshal,theMarshallogo,WebMarshal,SecurityReportingCenterandFirewallSuitearetrademarksorregisteredtrademarksofMarshalLimitedoritssubsidiariesintheUnitedKingdomandotherjurisdictions.Allothercompanyandproductnamesmentionedareusedonlyforidentificationpurposesandmaybetrademarksorregisteredtrademarksoftheirrespectivecompanies.

info@marshal.com|www.marshal.com