Google Mistakes Own Blog For Spam, Deletes It (via Yahoo News) – Google thought one of its own blogs was a spam blog so turned it over to someone else. Oops. Google does usually send a notification but they say the bloggers “overlooked” it.

The Storm Worm has been spreading to alarming levels according to several articles around the net. The jist of the article that the botnet (Storm installs bots on it’s targets) has grown so big there’s probably plans to change it from use as a spam sender (which is a common use). Some speculate it may be rented out to launch denial of service (Dos) attacks. The story made it to the Slashdot from page.

Slashdot also has a posting about a popup that can’t be stopped. It circumvents popup blockers, they can be sized to fill the entire screen, and cannot be closed by the user. Oh joy.

Techdirt has the story of a guy who sued a spammer being told to pay the legal fees of the company he sued. The CAN-SPAM act limited who could sue spammers to ISPs. So some people found a loophole (they thought) to become ISPs and they sued. The judge ruled the business was set up for the sole purpose of suing. Part of me is happy he has to pay because he did manipulate things to sue. On the other hand he probably *should* be able to sue but that’s the fault of our Congress which defined legal spam in the CAN SPAM law and gave spammers legal cover.

Security Fix is reporting about scam tax rebate sites. They’re popping up even though it’s not April 15th. October 15th is the deadline for people who filed for an extension. If you get an unsolicited email saying you’re due a refund but need to supply a credit card number to get it your probably (is there any doubt?) getting scammed. Another scam promotes the site as part of the IRS e-File program. Sometimes they submit the return but the refund goes to them.

My second Gmail account, the one getting the phishing email, picked up one more phishing email to bring the total to 9.

Comment spam (including trackback spam) continues to climb at The OS Quest. There were 2,036 spam attempts during the week for an average of 291/day. This is up from last week’s 274/day average. The total now sits are 7,026 spam attempts. Two trackback spams made it through bringing the total to 13.

The Spam Chronicles saw a drop by almost 50% in comment spam this past week with 16 attempts (down from last week’s 31), all of which were stopped. The total now stands at 197 for the life of the site.

I switched the anti-spam plugin being used by both The OS Quest and Spam Chronicles. Akismet has been replaced with Spam Karma 2. The main reason for the change was that trackback spam that was getting through Akismet. While the number was small, it was still annoying. So far, SK2 has stopped 757 comment spams without letting anything through. Akismet takes a “black box” approach to anti-spam where the analysis is done by their servers and there’s no local configuration. SK2 does the processing locally so can provide greater detail about what it flagged something as spam. As the name suggests, it assigns a “karma” value for spam-like or non-spam like behavior. It has numerous configuration options, although I’m using the defaults.

News

Items in the news that caught my attention this week were:

Spyware was used to steal municple funds from Carson, CA. They stole almost $450K with IDs/passwords obtained with key-logging spyware. All but $45K was recovered. From the article:

Avilla said she still dosn’t know how her computer was targeted. She said she doubts it had the latest security software patch protections — something sheriff’s detectives and bank investigators told her is essential in safeguarding her computer.

The CIO website has an article on how hard it is to find and nab online criminals, even harder than actually catching them. In what may be a clue to one way the spyware could get on Carson’s computer this article mentions:

He learned, for example, that an aquarium employee had downloaded an audio file while eating a sandwich on her lunch break. He learned that when she played the song, a rootkit hidden inside the song installed itself on her computer.

Slashdot had a posting about addresses provided to AmeriTrade (for accounts) being used as a source of spam. Rather than a network security breach it’s likely someone within AmeriTrade is leaking the email addresses to spammers. AmeriTrade attributes the spam to bot-nets and the past loss of customer data On a backup tape). They ignore the fact that people set up email addresses dedicated to AmeriTrade after the breach. This is something I do, set up dedicated email addresses with financial related accounts. This helps identify phishing emails and can be used to identify data leaks as in this case.