Planet Antispam

The other day on Hacker News a user posted an anonymous comment. Regular Hacker News participant jacquesm wanted to unmask the writer and posted a challenge to unmask the user.He also emailed me because he thought I might be the anonymous user. I agreed to help him with a little bit of text mining. Jacques had a nice database of all Hacker News submissions and comments and gave me a 250Mb SQL

March 19, 2010 11:42 AM

Back in 2004 I was living in New York and commuting between New York and Washington, DC on the Acela. I was working in a fairly rural part of Virginia and was lucky enough to accidentally experience a once in 17 years event: the emergence of Magicicada Brood X.(Picture from Wikipedia)Now I realize that most people probably don't think that being in a place where millions of large winged insects

March 19, 2010 10:08 AM

Big news from California:

Court Holds Recipients of Unlawful “Spam” Are Entitled to $1,000 Per Email

Last week, Superior Court judge Marie Weiner ruled that Dan Balsam was entitled to $7000 damages plus attorneys' fees and costs from Trancos Inc., of Redwood City.

This is huge news for two reasons: First, it's the first time an anti-spam case has been won by an individual instead of a major ISP.

But more importantly, the judge has ruled that the CAN-SPAM act does not pre-empt the California anti-spam law, California Business & Professions Code § 17529.5.

The judge ruled that the use of generic words in the From: line such as "Paid Survey" and "Your Business" were deceptive, along with their use of multiple domain names, the use of unregistered fictitious business names, and a box at the UPS store were intentionally misleading.

Full details at http://www.DanHatesSpam.com/trancos.html (pdf).

More coverage can be found at the San Francisco Chronicle: SF lawyer awarded $7,000 from email spammer, and SlashDot: 1st Trial Under California Spam Law Slams Spammer.

March 19, 2010 12:04 AM

BBC News: Spammers survive botnet shutdowns:

“Early 2010 has seen four such networks, or botnets, tackled via arrests, net access cutoffs and by infiltrating command systems.

The successes have not inconvenienced hi-tech criminals who found other routes to send spam, say experts.

And, they add, despite falling response rates, spam remains too lucrative for criminals to abandon.”

March 18, 2010 08:48 PM

AP: SF Attorney Awarded $7K In Spam Suit:

“A San Mateo County Superior Court judge ruled last week the seven e-mails Daniel Balsam received from Redwood City-based Trancos Inc. in 2007 were misleading and violated California’s 2004 anti-spam law.”

March 18, 2010 07:48 PM

The Sydney Morning Herald reports that Virgin Mobile was found to have been sending email messages to recipients who had previously opted-out of email advertisements from the mobile carrier. "'To make sure you're still certain about this choice, we just wanted to quickly show you some examples of recent offers that we've sent to customers,' the text of the message read."

Yikes. C'mon, what kind of master marketer thought up this? "Let's take the opt-outs and send them a reminder about all the fabulous offers they're missing out on." Do you think that guy got a promotion? People who unsubscribe don't want any more email from you. Duh.

(Hat tip: The Delicious Box of Meat)

March 18, 2010 06:14 PM

Sydney Morning Herald: Virgin Mobile punished for sending spam:

“An organisation must respect a person’s desire not to receive commercial electronic messages, even if it is just to ask if they have changed their mind.”

March 18, 2010 03:21 PM

I was originally going to post excerpts from this and add my comments, but I have decided to post the whole thing.  Jeff Williams is part of Microsoft’s Malware Protection Center, and posted this on the MMPC blog.  I am reprinting it in its entirety.

---

Recently, following an investigation to which various members of the MMPC contributed, Microsoft’s Digital Crimes Unit initiated a takedown of the Waledac botnet in an action known as Operation b49, an ongoing operation to disrupt the botnet for the long term. The takedown also marked a new phase of exploration in combating botnets, which we call Project MARS (short for Microsoft Active Response for Security). While it is still too early to know the entire scope of this particular takedown's impact, early returns show that Operation b49 has been delivering on the disruption of Waledac and helping to map new territory in the fight against botnets. I wanted to update you on what we know and what we are still learning regarding the impact of that fight.

To effectively counter a botnet like Waledac, we knew a multi-layered approach was needed – one that included peer-to-peer communication disruption through technical countermeasures, domain-level takedowns to disrupt the ‘phone home’ communications between zombie PCs and the command and control servers for Waledac, and traditional server takedowns to sever the back-end command and control mechanisms most directly under the control of the bot master(s).

With the caveats that there are rarely, if ever, any absolutes regarding botnets and that we are still analyzing and investigating the impact of this action, early data from Microsoft and other researchers indicate that our actions have effectively decimated communications within the Waledac bot network. For example, researchers from the Shadowserver Foundation, the Technical University in Vienna, University of Mannheim, University of Bonn and University of Washington have analyzed honeypot data on Waledac and have observed an effective cessation of commands to Waledac 'zombies.' That’s good news because it indicates that Operation b49 effectively severed between 70,000 and 90,000 computers from this botnet, meaning that those customers are less likely to see rogue security software pop-ups, malware downloads, outgoing spam and ID and password theft associated with the Waledac botnet infection.

We’ve also been tracking Operation b49’s impact on the symptoms of Waledac infection – symptoms that include malware downloads, identity theft and spam attacks from infected computers to other victims. Researchers at Sudosecure who track new Waledac infections have data showing a dramatic decline in new IP addresses appearing within the Waledac network, meaning that Waledac is no longer spreading its infection to other computers. While there will likely always be some fluctuations as long as the underlying malware exists and we must and will continue to work with the security community to stay on top of Waledac over time, the 'zero new infections' number reported by Sudosecure as of February 27 is a great indicator of the success of these efforts so far.

As for spam, the trends we’ve been seeing since the takedown provide valuable insight into the nature of infections on zombie computers. Waledac itself is just one of many sources of spam on the Internet and we never intended Operation b49 to appreciably shrink worldwide spam volumes. The goal, rather, was to disrupt the bot and to learn from that disruption for future actions.

As we knew going in, the computers within the Waledac botnet are still infected with the original malware that gave herders control of them in the first place. What we’ve learned since the takedown from our initial data is that many of them are likely infected by other malware that may still be directing them to conduct attacks outside of Waledac’s control structure. We base this hypothesis on the evidence that honeypot computers infected only with Waledac are not sending spam nor getting commands to execute any other attacks. However, Hotmail data and our examination of the behavior of all the known IP addresses for the previously infected Waledac computers show that about half of the computers once under the control of Waledac are still trying to send spam – and are in fact doing so at higher levels today than they were in our December analysis. Since spam campaigns have spikes and lulls, it’s difficult to make direct comparisons of spamming behavior over time, but this data also seems to align with what we’re hearing from others in the industry.

We’ve also learned from this experience that our legal action has been successful in helping to sever to the command and control communications for Waledac at the domain level thus far. In fact, since the original takedown occurred, we have worked with two affected domain owners (Stephen Paluck and eNom) to successfully address the problems with their respective domains and we have amended our legal filings to reflect that we are pursuing no further injunctive relief from the court on those domains. (See www.noticeofpleadings.com for all legal documentation and presented evidence in this case as it proceeds.) Other registered domain owners named in the legal filings have not yet exercised their due process rights by responding to the court, but the case is still ongoing. Our goal with this lawsuit is to help promote a safer, more secure Internet, and we will continue to work toward that aim as we move forward in the case.

These and other findings demonstrate what, for us, is perhaps the most critical outcome of this case: proof of concept. As we forge ahead with Project MARS, we’ll be looking to the lessons of Operation b49 as successful signposts along the road in this uncharted territory. While no one action will wipe out every threat, any strong action to disable a botnet is significant progress and each action will inform the next. For example, we’ve also recently seen Spanish authorities take down another notorious botnet – Mariposa – with great success and we commend them for their valuable work. These actions demonstrate how critical the incredible cooperation of stakeholders and experts all around the world is to success. Look for more efforts like these as we work together to take a stand against botnets and make the internet safer and more secure for everyone.

Anyone concerned that their computer may be infected by malware should follow the "protect your PC" guidance available at http://www.microsoft.com/protect. Windows customers can also visit http://www.microsoft.com/security/malwareremove/default.aspx to find Microsoft's Malicious Software Removal Tool, which removes Waledac and other malware.

So, stay tuned. The fight goes on.

--Jeff Williams

March 18, 2010 02:27 PM

Summer tends to be moving time here in Montreal, as it is elsewhere. This year, I have decided to move, and thought it would be an opportune time to share a warning about some scams that are related to this seemingly harmless activity.

First off is the 'Too good to be true' Craigslist posting (or Kijiji, or any other public listings site!). Last time I moved, I went searching on CL for a new place, as so many do. I found a nice listing, and emailed the purported landlord. I got an email back from someone claiming to be on missionary work in Africa, and if I would just send him or her some money, the place was mine; I could pick up the key when the cheque cleared.

I researched a bit further, and found that what the scammers had done was re-post a previous listing on CL from a few weeks past, dropping the price enough to make the offer seem great, but yet remain credible. A call to the landlord and an email to Craigslist Abuse had the listing and a few others taken down.

Scam two: Advance Fee Fraud - I am now subletting my place, and today, a very nice lady ostensibly in Benin is offering to send me money to reserve my flat, sight unseen. No doubt, it will be a cheque, which I would deposit. Then, complications will arise, she will ask for her money back, less a fee for the hassle. The cheque would take some time to clear, but by then, the money would be safely in the hands of the scammers.

Bottom line: Never rent an apartment or house from someone who isn't present to show you around, and pay with a cheque noting the address, and the date of the first month of rental. Here in Quebec, we have government issued lease forms available everywhere, always use them, and make sure the person renting has the authority to do so. Otherwise, come moving day, you may find yourself without a place to live.

Never pay out money from cheques you receive before your bank has had time to clear the payment, and are 100% willing to state the transaction is legitimate. Otherwise, you will find yourself on the hook for the money.

As always, the old saw 'if it seems too good to be true, it probably is' applies. Remain skeptical, especially in your online dealings.

Neil Schwartzman
Executive Director, CAUCE

March 18, 2010 11:15 AM

Just heading this one off before it gets too much further…

A couple of weeks ago, a researcher found a bug in the spamass-milter project, an open-source milter to integrate SpamAssassin filtering into an MTA. Here’s the exploit details.

This H-Online story covered it:

Security vulnerability in SpamAssassin filter module

The SpamAssassin Milter plug-in which plugs in to Milter and calls SpamAssassin, contains a security vulnerability which can be exploited by attackers using a crafted email to inject and execute code on a mail server. The SpamAssassin Milter plug-in is frequently used to run SpamAssassin on Postfix servers.

(I think this is the source article on Heise.de.)

That was more-or-less accurate — but the problem is the “chinese whispers” effect, where a news story on another site builds on misreadings of another news article. eSecurityPlanet:

Security Flaw Found in SpamAssassin Plug-in

The SpamAssassin Milter plug-in has been found to contain a security vulnerability. [...]

sigh.

To clarify: spamass-milter is not a part of SpamAssassin. it’s a third-party product which allows sendmail/postfix users to integrate spamassassin into their message flows as a milter.

March 18, 2010 10:55 AM

Today we have seen a surge in emails pretending to be from the social networking site Facebook.

The message suggests that Facebook has modified the user’s password to enhance user safety and that the new password is in a attached document. The message looks like this:

Hey XXXXXXX ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team.

------------5GHH3B84G384ABF1
Content-Type: application/zip; name="Facebook_details_345.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Facebook_details_345.zip"

UEsDBBQAAAAIAPSxcTxpN05+ldoAAAD4AAAYAAAARmFjZWJvb2tfZGV0YWls
c18zNDUuZXhllPZjsDBczC0IHp/zHNu2bdu2bdu2bdu2bdu2bc57vzvdNVM9
VdOdqlSSnbXXTvInW0YzHgAcAAAA5D/9+wMAMFMAAIiuBQDgB/j/L/7/KTtc
ZXFhnhANTySV9AyBsrmFE769o52Zo4ENvpGBra2dM76hCb6jiy2+hS2+sJwS
vo2dsQktDAwk8f+bQ14EAEAaEBgAdPJS9P/g3QeAA4QCRAD+zwEAwP9P6QEB

The attachment is called “Facebook_details_<some number>.zip”. This attachment is malicious and should not be opened.

Sophos detected this file as Troj/BredoZp-AD and the executable inside the zip file as Troj/Bredo-BN.

March 18, 2010 05:07 AM

MediaCommons: Cultivated Play: Farmville:

“The secret to Farmville’s popularity is neither gameplay nor aesthetics. Farmville is popular because in entangles users in a web of social obligations. When users log into Facebook, they are reminded that their neighbors have sent them gifts, posted bonuses on their walls, and helped with each others’ farms. In turn, they are obligated to return the courtesies.”

March 17, 2010 09:10 PM

San Jose Mercury News: Ads for an audience of one:

Using technology from top Silicon Valley companies, advertisers are creating digital signs that can change messages depending on a viewer’s age and gender…the signs could revolutionize the retailing industry, but their intrusiveness has led to criticism from privacy advocates and nervousness from some in the marketing industry. …A survey of 1,000 adults last year by UC Berkeley and University of Pennsylvania researchers found that 66 percent opposed such pitches.”

March 17, 2010 07:49 PM

Krebs on Security: Researchers Map Multi-Network Cybercrime Infrastructure:

“Last week, security experts launched a sneak attack to disconnect Troyak, an Internet service provider in Eastern Europe that served as a global gateway to a nest of cyber crime activity. For the past seven days, unnamed members of the security community reportedly have been playing Whac-a-Mole with Troyak, which has bounced from one legitimate ISP to the next in a bid to reconnect to the wider Internet.”

March 17, 2010 04:06 PM

This is the very last post (maybe) highlighting an open email/deliverability/anti-spam position. Maybe.

AOL is looking to hire an Anti-Spam Senior Systems Programmer. From the posting: "The successful candidate will initially be expected to provide programming support for AOL's proprietary anti-spam tools suite, specifically our spam complaint, and Internet and member reputation systems. Additional duties will include analysis, implementation and maintenance of existing state of the art filtering systems used to combat spam, and development of new processes and programs to improve our anti-spam arsenal. Other responsibilities may include, but are not limited to: developing scripts and programs in support of more global Anti-Abuse objectives and interfacing with the global anti-spam community on common interests. Candidates should have extensive experience with systems and database programming in an enterprise-level environment. Specific skills required: perl, java, python, sybase and mysql programming, and familiarity with IT Security and anti-abuse initiatives and general best practices. "

For more information, visit the AOL Jobs website, click on "search openings," select "Communications - Mail" under "Brand," and hit submit. The "Sr. Systems Programmer" job should be the first position returned.

March 17, 2010 04:35 PM

Globe and Mail: Privacy is still a social norm:

“…there is little evidence to change our view that privacy remains a social norm. Privacy relates to freedom of choice and control in the sphere of one’s personal information – choices regarding what information you wish to share and, perhaps more important, what you do not want shared with others. What has changed, however, is the means by which personal information is now readily exchanged, at the speed of light.”

March 17, 2010 03:04 PM

On another corner of the Internet, ThreatPost reports that Microsoft’s Waledac take down a couple of weeks ago did, in fact, have far reaching impact.  While some on the Internet were claiming that Microsoft’s actions had little to no effect, it turns out that others are saying that Waledac appears to be crippled, if not dead:

After Microsoft's actions to take down the Waledac botnet last month, there was some question about whether the operation was much more than a grab for headlines that would have little effect on actual spam levels or malware infections. But more than three weeks after the takedown, researchers say that Waledac has essentially ceased communications and its spam operations have dropped to near zero.

One researcher said that Waledac now seems to be abandoned. "It looks crippled, if not dead," said Jose Nazario, a senior security researcher at Arbor Networks.

An analysis of the effects of the Waledac takedown, known internally at Microsoft as Operation b49, by the company and other researchers has shown that Microsoft's efforts, combined with those of other researchers from universities in Europe, have rendered Waledac toothless.

...early data from Microsoft and other researchers indicate that our actions have effectively decimated communications within the Waledac bot network. For example, researchers from the Shadowserver Foundation, the Technical University in Vienna, University of Mannheim, University of Bonn and University of Washington have analyzed honeypot data on Waledac and have observed an effective cessation of commands to Waledac 'zombies.' That’s good news because it indicates that Operation b49 effectively severed between 70,000 and 90,000 computers from this botnet, meaning that those customers are less likely to see rogue security software pop-ups, malware downloads, outgoing spam and ID and password theft associated with the Waledac botnet infection.

…

Another key indicator of the botnet's demise is the lack of newly infected PCs.

"Researchers at Sudosecure who track new Waledac infections have data showing a dramatic decline in new IP addresses appearing within the Waledac network, meaning that Waledac is no longer spreading its infection to other computers. While there will likely always be some fluctuations as long as the underlying malware exists and we must and will continue to work with the security community to stay on top of Waledac over time, the 'zero new infections' number reported by Sudosecure as of February 27 is a great indicator of the success of these efforts so far," Microsoft's Jeff Williams wrote.

So rather than stopping the spam, the drones are unable to communicate with its central command points, or rather, new commands are no longer being issued.  Indeed, here are some snapshots from Sudosecure’s page:

 

You can see that on Feb 23, the amount of new IPs drops dramatically.  So, rather than stopping the flow of spam coming out of Waledac, this action by Microsoft may have interrupted Waledac’s ability to refresh itself.  If that’s the case, then it means that the stoppage of Waledac’s spam will slow down over time since the current zombies will finish spewing what they are spewing but will not be issued new commands.

March 17, 2010 02:47 PM

Next: Foreign cybercrime experts to partner with [Nigerian] lawmakers:

“…Nigeria’s case is disturbing because there are no laws to protect agencies, corporate institutions and the federal government from falling victims to online crimes.

Mr. Etim said that the process of enacting enabling laws in Nigeria to regulate the operations of the cyber environment has been quite slow, but noted that this would be a more meticulous way of ensuring that the laws, if put in place, would be strong enough to serve their purpose.”

March 17, 2010 02:03 PM

In this week's Security Levity, I want to talk about spam again -- not email spam, but spam sent via SMS. Also known as text message spam. I want to get to the bottom of whether SMS spam is as a big a problem as email spam -- and if not, why not?

read more

March 17, 2010 12:08 PM

Late last year I blogged about Troj/JSRedir-AK and how it was very prevalent ~40% of web-based malware. Earlier this year I mentioned it had changed and late last month I saw that it had changed again into Troj/JSRedir-AU.

The infection numbers of Troj/JSRedir-AR and Troj/JSRedir-AU haven’t been quite as impressive as those of Troj/JSRedir-AK, but the sites compromised have included several high profile victims. For instance this morning I was alerted to an infection on a major European newspaper by one of our Sophos web security appliances and earlier in the week Sophos notified a Dutch menswear outfitter of an infection on one of their sites.

The outfitter after being notified did not want ‘our help’ and three days latter hasn’t cleaned up their website.

As you can see this is another case of an old website with a redirect to the new site with extra malware on the side.

The malicious code like previous examples, Troj/JSRedir-AK and Troj/JSRedir-AR, has two distinct forms:

• injected into HTML files as a malicious <SCRIPT> tag
• the other appended to JavaScript files

You can see in the above code snippet:

var Y=F(’89910918991021′,”129″)

The code has a function F which uses the second string to perform a substitution on the first string. In Perl code:

        while (<>){
	        if (/F\('([a-zA-Z0-9]+)'\s*,\s*"([a-zA-Z0-9]+)"/) {
		        my $one = $1;
		        my $two = $2;
		        $one =~ s/[$two]/g;
		        print $one . "\n";
	        }
         }

The other variable w in the image is that of the malicious site the code redirects to.

When infected website owners have talked to us we have been able to diagnose the infection source via compromised FTP credentials.

March 17, 2010 12:00 PM

The internet is rife with free tools from anything to everything (almost) - from free HTML web editors to free applications to free games and so on.

We’ve been in this situation before. Sometimes out of curiosity or “affluenza” (also known as “I-GOTTA-HAVE-IT-NOW-NO-MATTER-WHAT”), we are tempted to install some of these free tools and applications from the web.

The unfortunate problem with freebies is that unless you know the source of where you download the tools from and whether the software author who created the application is credible, you are literally at the whim and mercy of the author should you choose to download and install the application.

To make matters worse, some download websites don’t even bother to check and verify every piece of software application that was uploaded to their website. Some do not even bother to perform any kind of anti-virus scanning of the uploaded software.

Take a look at this piece of software that was touted as a web tool obtained from a download website.

This tool was supposed to be a HTML editor but upon running, clearly something was wrong. No trace of the software was visible after running the application. This should signal a giant red flag that something is horribly amiss. To make matters worse, unless you happen to know what to look for, you’d be hard pressed to find what kind of activity or system changes has been made on your computer (click on the picture below to see a clearer image of the registry entry made by this Trojan).

In this case, this backdoor Trojan (Troj/Bifrose-ZI) manifested itself as a file on your Windows System folder and created a registry entry to run itself upon the next startup (notice how notoriously difficult it is to know what and where to look for?). You now have a backdoor Trojan active on your computer which a remote intruder can use to gain access to your computer. The type of malicious activity that can then take place on your computer can range from using your computer to download more malware, to turning your computer into a botnet zombie to stealing confidential information etc. etc. - you get the idea.

If you’re an avid internet user who loves downloading freebies, then this article should scare you and rightly so. Not everything that glitters is gold, as they say.

Great. So how do we protect ourselves against such scams and malware?

For one, I have always believed in the KISS (Keep It Simple Stupid) principle.

Before you download any application, pause and think whether it’s really necessary to have that software or whether it’s going to do nothing but put more “bloat” on your computer (you know a particular software is “bloatware” when you have not touched it in the last 6 months). If you’re uncertain, just go away from the computer for a few moments to think it over. Never ever download free software at a moment’s whim.

Last but not least when you’re browsing the web, always check that your anti-virus software is running, your firewall is enabled and ensure that all these software security solutions are updated regularly.

March 17, 2010 05:02 AM

There is a new Western Union money transfer scam spam making the rounds. It thanks you for "using Western Union Money Transfer", and gives you a fake confirmation receipt transaction number ("control number") - in our case the Money Transfer Control number used was 1629752260. The spam includes ...

March 16, 2010 11:11 PM

AP: Break the law and your new 'friend' may be the FBI:

“U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information….”

March 16, 2010 09:53 PM

If you're being plagued by cell text message spam (cell phone spam or mobile phone spam) like this one we received from 702-541-4047 - "Do you have $20,000+ in CREDIT CARD DEBT? Our national program REDUCES it by HALF! Reply "DEBT" to see if you qualify! (cuturdebts.com-optout,reply:out)" - you're not ...

March 16, 2010 09:41 PM

In my previous post, I called attention to a story where a bank employee in Switzerland stole information from HSBC’s list of clients and gave (or more probably, sold) it to the French government.  The government intended to use the data to go after tax evaders.

I put my own spin on things and suggested that not only do banks have to worry about losing data due to phishers and hackers stealing data, they also have to worry about their own employees stealing it.  The question that naturally arises: which is the bigger worry?  Electronic theft?  Or employee theft?

Microsoft’s Security and Intelligence Report actually addresses this, and it’s not even close. 

Although security breaches are often linked in the popular consciousness with hacking incidents involving malicious parties defeating technical security measures to gain unlawful access to sensitive data, more than four-fifths of all breaches tracked in the DataLossDB result from something that the OSF database does not classify as a hack, including 87.7 percent of reported 1H09 breaches. Stolen equipment is the largest single category and accounts for twice as many incidents as intrusion, possibly because equipment theft is easily detected and reported. A number of the incident reports reviewed for this analysis mentioned that intrusions or accidental exposure of information on the Web had been going on for quite a while before they were detected.

So in reality, it’s not so much that banks need to be aware of employee theft being another attack vector in addition to hacking or phishing, it’s actually the other way around.  In addition to employee theft, banks need to be aware of hacking or phishing. 

I am less clear on how to prevent data loss from these supposedly low-tech mechanisms for information loss.  A company needs employees in order to function, yet these employees are the weakest link in a company’s security chain.  An employer can take great steps like background checks and security policies to ensure that its personnel are not malicious, but ultimately, as a company grows larger the probability of a miscreant obtaining access to its information becomes greater and greater. 

Technology can solve some of the problems we have when it comes to security, but it does not address all of the human problems. 

[A recent picture of me in Geneva, Switzerland]

March 16, 2010 04:21 PM

Jart Armin in Internet Evolution: Lies, Damned Lies & Cybercrime Statistics:

“You may be forgiven if you’re confused over the plethora of conflicting reports and contrasting figures out there. …To the cynically minded it could seem that some of the statistics produced are meant to be attention-grabbing, even though such tactics often prove to be counterproductive. Even more worrying, however, is a sense that some statistics are leveled at lobbying for government funding, corporate gain, or media hype rather than having any base in reality.”

March 16, 2010 04:05 PM

Another triumph in the "yes, you can fight spam" category: Kaspersky lab's Thread Post newsletter is reporting that the Waledac botnet has been knocked nearly completely off line and is sending almost zero spam.

I briefly mentioned the Waledac botnet in an earlier post in which I reported that Microsoft had significantly damaged the botnet's command-and-control servers via court order.

More details can be found on Microsoft's security blog in the article What we know (and learned) from the Waledac takedown.

March 16, 2010 04:51 PM

InformationWeek: Developers Vs. Cybercriminals:

“For operators of online games…hackers threaten not only revenue and user trust, but user experience and the intellectual property — game source code — upon which the business is built.”

March 16, 2010 03:03 PM

This past weekend the London Transport Museum held an open weekend at its Acton Depot where they keep a collection of trams, trolley cards, buses and underground trains, plus all the associated equipment. They only open the depot twice a year so this was a chance to see some things that are rarely open to the public.I didn't include this museum in The Geek Atlas but after a visit it's likely a

March 16, 2010 03:18 PM

TechFlash: Classmates to pay up to $9.5m to settle suit over phantom friends:

“Seattle-based Classmates.com has agreed to pay up to $9.5 million to its users to settle a lawsuit that accused the social network of sending emails that made people believe their old friends from high school were reaching out to connect — only to discover, after paying for a membership, that their long-lost buddies were nowhere to be found.”

March 16, 2010 02:03 PM