Google Mistakes Own Blog For Spam, Deletes It (via Yahoo News) – Google thought one of its own blogs was a spam blog so turned it over to someone else. Oops. Google does usually send a notification but they say the bloggers “overlooked” it.

The Storm Worm has been spreading to alarming levels according to several articles around the net. The jist of the article that the botnet (Storm installs bots on it’s targets) has grown so big there’s probably plans to change it from use as a spam sender (which is a common use). Some speculate it may be rented out to launch denial of service (Dos) attacks. The story made it to the Slashdot from page.

Slashdot also has a posting about a popup that can’t be stopped. It circumvents popup blockers, they can be sized to fill the entire screen, and cannot be closed by the user. Oh joy.

Techdirt has the story of a guy who sued a spammer being told to pay the legal fees of the company he sued. The CAN-SPAM act limited who could sue spammers to ISPs. So some people found a loophole (they thought) to become ISPs and they sued. The judge ruled the business was set up for the sole purpose of suing. Part of me is happy he has to pay because he did manipulate things to sue. On the other hand he probably *should* be able to sue but that’s the fault of our Congress which defined legal spam in the CAN SPAM law and gave spammers legal cover.

Security Fix is reporting about scam tax rebate sites. They’re popping up even though it’s not April 15th. October 15th is the deadline for people who filed for an extension. If you get an unsolicited email saying you’re due a refund but need to supply a credit card number to get it your probably (is there any doubt?) getting scammed. Another scam promotes the site as part of the IRS e-File program. Sometimes they submit the return but the refund goes to them.

In early May Google published their Ghost in the Browser(pdf) report. The headlines from the report were that 10% of websites are dangerous. If this was an antivirus or antispyware vendore we could say they’re trying to sell software. But the report seemed like bad news for Google. As an Internet advertising business, which is where they make almost all their money, they need people to trust the Internet.

The on May 21st Google started a Oneline Security Blog and along with it the news that they had an anti-malware team which has been around for about a year. Their first post clarified the “1 in 10 dangerous websites” headlines:

Unfortunately, the scope of the problem has recently been somewhat misreported to suggest that one in 10 websites are potentially malicious. To clarify, a sample-based analysis puts the fraction of malicious pages at roughly 0.1%.

Google has also been flagging sites in their search results if Google thinks the site may be harmful. There are security vendors which also have products that flag potentially malicious sites so this isn’t unique. But it’s free and already built in. As the Google blog and report point out, a fact that a site may be dangerous could be unknown to the owner since in many cases these are legitimate sites that were hacked.

Then on Monday Google announced that they purchased Greenborder. Greenborder provides “safe surfing” software by running IE or Firefox in a virtual session which isolates it from the rest of the PC. This technology protects the PC from drive-by downloads. An interesting note here is that Greenborder no longer offers there product for download. They appear to have pulled it shortly before the announcement. They still support existing customers. So is Google planning to release a free version or include it in their toolbar?

I wonder what Symantec, Microsoft, McAfee and other vendors with online security products are thinking? It appears Google’s getting into their business, although in a vary focused way so far. Google’s cash cow is search, web security would just be a way to get people to trust, and use, their search and then click on their ads. It can’t be good news for security software vendors but is only going to help us.

They’ve mentioned companies such as 3M, AIG, Bank of America, and Nationwide Insurance among others. Not all are completely bad, such as BofA which had several occurrences but where quickly plugged. It’s been over thirty days since they started, there’s less than a dozen companies listed since they started March 26th.

Support Intelligence provides security monitoring services to companies so it’s intended to bring them publicity (which I’m giving them). Int some cases they mention that the breach seems to be isolated mail systems and the spam probably originated from outside the corporate network so data wasn’t compromised, but they claimed some companies had bots running internally. A corporate network with bots loose internally could compromise data which would be a concern.

Even though I’m writing about it, I think the "30 days of…" stuff is worn out and I’m not sure that this actually adds anything to the spam fight besides trying to embarrass companies into better securing their networks. Although anything to better secure networks is a good thing.

According to the study the US sends 19.8% of the spam with #2 China sending 7.5%.

No doubt much of the US pam comes from unsuspecting companies as profiled in this Inforworld article. The article talks about larger companies who’s servers are used for sending spam (without their knowledge). The obvious reaction is if big businesses can’t secure their servers then smaller businesses probably have even bigger problems. My second reaction is about the security at these companies. While being able to use a server to send spam isn’t at the level of hacking into data it does raise a few flags.

While Australia, which didn’t make the list, is fining spammers according to this International Business Times article.

From the article…

“We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests,” the Microsoft spokesperson told us, “and, most importantly, as part of our ongoing work to continually enhance Windows Live OneCare to ensure the highest level of protection and service that we can provide our customers.”  

BetaNews also reported that McAfee’s VirusScan Enterprise 8.1 flunked the test.

The February testing was done on Windows Vista. Virus Bulletin is a respected virus test organization. The test agains in the wild viruses. Their test procedure is documented here. As for software that past the test, Beta news reported they were…

…both CA’s Home and eTrust (enterprise) products, Fortinet’s FortiClient, F-Secure Anti-Virus, Kaspersky Anti-Virus 6.0 (which was added to the ZoneAlarm suite last November), Sophos Anti-Virus 6.5, and Symantec AntiVirus 10.2

Norton and McAfee are constantly prompting us to check our security settings, update our subscriptions, and/or buy more products. Given that most new PCs ship with one of these two packages preinstalled–and their subscriptions typically expire after 90 days–it’s almost certain they’ll nag you too. We have enough problems with our machines’ security without also having to worry about our security software.

I’d say I have to agree whole heartily, at least on the Symantec side. I’ve removed the trial Symantec software numerous times (and replaced it with something else) to improve the performance of the PC. My exposure to McAfee is less, although none of those experiences were good.

Windows Update also made the list at number 9. Mainly for it’s use to distribute Windows Genuine Advantage.

PC World added some of there own to the list and it included Plaxo. This is a address book update service that spammed everyone in their member’s address book whenever they changed any info. The recipients could avoid the spam by signing up for the service. Ok, I agree they didn’t actually violate any laws but sure sounds like extortion on the surface. They stopped the practice in 2006.