angry tapir writes "A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it. The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams. But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a "sinkhole," or a computer they controlled."

tsu doh nimh writes "A Wikileaks-style war of attrition between two competing rogue Internet pharmacy gangs has exposed some of the biggest spammers on the planet. Brian Krebs uncovers fascinating information about a hacker named 'GeRa' who is supposedly behind the Grum botnet, which is currently sending about one out of every three spam emails worldwide. The story also points to several possible real-identities behind the Internet's largest spam machine."

Trailrunner7 writes "Facebook and the state of Washington are suing an ad network they accuse of encouraging people to spread spam through clickjacking schemes and other tactics. The company at the center of the allegations, Adscend Media, denies the charges and said it will fight them vigorously. According to the office of Washington Attorney General Rob McKenna, the company paid and encouraged scammers to design Facebook pages to bait users into visiting Websites that pay the company. The bait pages would appear in posts that seem to originate from a person's Facebook friends and offer visitors an opportunity to view 'provocative' content in exchange for clicking the 'like' button on the Facebook page."

Sparrowvsrevolution writes "With much of the web upset over about Google's latest privacy policy changes, it's helpful to remember it could be much worse: A search engine called Skipity offers the world's worst privacy policy (undoubtedly tongue-in-cheek), filled with lines like this: 'You may think of using any of our programs or services as the privacy equivalent of living in a webcam fitted glass house under the unblinking eye of Big Brother: you have no privacy with us. If we can use any of your details to legally make a profit, we probably will.' The policy gives the company the right to sell any of your data that it wants to any and all corporate customers, send you limitless spam, track your movements via GPS if possible, watch you through your webcam, and implant a chip in your body that is subject to reinstallation whenever the company chooses."

An anonymous reader writes "New analysis of financial records and online chat logs retrieved from the operators of Spamdot.biz — until recently the most notorious spam affiliate program — provides tantalizing clues about the identity of the man behind Cutwail, currently the largest spam botnet. Brian Krebs tells the story of 'Google,' the screen name used by the now-27-year-old botmaster who was part of a team of programmers in Moscow. Over the years, Cutwail has shifted from a spam cannon for male enhancement pills to a major vector for distributing malicious software."

First time accepted submitter porsche911 writes "It looks like the NYTimes have been hacked and a large number of subscribers spammed with messages about cancellation of their service. The phone system is overwhelmed as well. The Times is currently saying the email is a fake, but that raises other worries. They were one of the only 3rd parties that had the email in question so it appears either someone really screwed up or they've suffered a data breach." Update: 12/28 21:59 GMT by S : Looks like it was just a mistake by an employee.

itwbennett writes "In a presentation at the Usenix LISA conference in Boston, researchers from the Naval Academy showed that signal analysis of factors such as timing, packet reordering, congestion and flow control can reveal the work of a spam-spewing botnet. The work 'advanced both the science of spam fighting and ... worked through all the engineering challenges of getting these techniques built into the most popular open-source spam filter,' said MIT computer science research affiliate Steve Bauer, who was not involved with the work. 'So this is both a clever bit of research and genuinely practical contribution to the persistent problem of fighting spam.'"

PolygamousRanchKid writes "In each of the past five years, IBM has come up with a list of five innovations it believes will become popular within five years. In this, the sixth year, IBM has come up with the following technologies it thinks will gain traction: (1) People power will come to life. Advances in technology will allow us to trap the kinetic energy generated (and wasted) from walking, jogging, bicycling, and even from water flowing through pipes. (2) You will never need a password again. Biometrics will finally replace the password and thus redefine the word 'hack.' (3) Mind reading is no longer science fiction. Scientists are working on headsets with sensors that can read brain activity and recognize facial expressions, excitement, and more without needing any physical inputs from the wearer. (4) The digital divide will cease to exist. Mobile phones will make it easy for even the poorest of poor to get connected. (5) Junk mail will become priority mail. "In five years, unsolicited advertisements may feel so personalized and relevant it may seem that spam is dead."

New submitter bowlinearl writes "Three weeks ago Slashdot featured a story on the Chinese Water Army. A new study from researchers at UCSB delves even deeper into the problem of crowdturfing (full disclosure: I am one of the authors of the study). The study reveals that evil crowdsourcing services in China are a multi-million dollar industry, and that the number of jobs and the amount of money are growing exponentially. Hundreds of thousands of workers are involved, including a small contingent of career crowdturfers who each manage hundreds of accounts on social networks. The researchers observed the behavior of workers and the unwitting users who click on the generated spam by infiltrating the two largest crowdsourcing sites in China. However, crowdturfing isn't confined to China: the researchers discovered crowdsourcing sites in the U.S. that are 95% astroturf, as opposed to Amazon's Mechanical Turk, which actively polices itself, and is only 12% astroturf."

jfruhlinger writes "One of the great banes of election season is that any politician can shell out a few pennies per voter and phone-spam thousands of people who'd rather not hear a recorded pitch. But turnabout's fair play, and now a service called reverse robocall will deliver your recorded message to elected officials as often as you'd like for a nominal fee. If there's a representative you'd like to call repeatedly, check them out."

chicksdaddy writes "Security researchers often use language and metaphors from the natural world to describe problems in the virtual world. (Consider 'virus,' and 'worm.') Now it turns out that the links may be more than just rhetoric. Microsoft Researchers say that tools they developed to detect spammers' efforts to avoid anti-spam filters were also great at spotting mutations in the HIV virus. A report from Microsoft Research in honor of World AIDS Day yesterday described how Microsoft Researchers David Heckerman and Jonathan Carlson were called upon to help AIDS researchers analyze data about how the human immune system attacks the HIV virus. To do so, they turned to tools and algorithms developed at Microsoft to detect and block spam e-mail in the company's Hotmail, Outlook and Exchange e-mail products."

New submitter kermidge sends in an article at the Physics arXiv blog about what's called the "Internet Water Army," large groups of people in China who are paid to "flood" internet sites with comments and reviews about various products. Researchers at the University of Victoria went undercover to figure out exactly how these informational (or disinformational) floods operate, and what they learned (PDF) could lead to better spam-detection software. Quoting: "They discovered that paid posters tend to post more new comments than replies to other comments. They also post more often with 50 per cent of them posting every 2.5 minutes on average. They also move on from a discussion more quickly than legitimate users, discarding their IDs and never using them again. What's more, the content they post is measurably different. These workers are paid by the volume and so often take shortcuts, cutting and pasting the same content many times. This would normally invalidate their posts but only if it is spotted by the quality control team. So Cheng and co built some software to look for repetitions and similarities in messages as well as the other behaviors they'd identified. They then tested it on the dataset they'd downloaded from Sina and Sohu and found it to be remarkably good, with an accuracy of 88 per cent in spotting paid posters."

courteaudotbiz writes "For years, a business named Compu-Finder has been sending spam all around the province of Quebec, Canada. In their emails, there is a phone number where we can reach them, and an unsubscribe link that you can click and seems to work, but even after asking them on the phone, by email or with their unsubscribe link, to unsubscribe me, I still receive 10 — 15 spams a week coming from this company. Many bloggers, journalists and radio chroniclers talked about them, but they seem to be untouchable. Still, it is easy to find the names, addresses and phone numbers of the shareholders and administrators of the company. How can we, collectively, take action to make them understand that we do not like their mass mailing practice?"

wiredmikey writes "A compromised server at the Massachusetts Institute of Technology (MIT) has been identified as being used as a vulnerability scanner and attack tool, probing the Web for unprotected domains and injecting code. According to researchers, the ongoing attacks appear to be related to the Blackhole Exploit Pack, a popular crime kit used by criminals online. The attacks started in June, and an estimated 100,000 domains could have been compromised. Judging by initial data, one MIT server (CSH-2.MIT.EDU) hosts a malicious script actively used by cyber-crooks to scan the web for vulnerable websites. These types of attacks are how BlackHat SEO scams are propagated, which target search results in order to spread rogue anti-virus or other malware. In addition, compromised hosts are also leveraged for other schemes, such as spam or botnet control."

An anonymous reader writes "One cool feature I used on KMail years ago was the ability to generate a spoofed email bounce for any given message I had received, which claimed delivery failed because of an unknown recipient. While this doesn't exactly align with expected behaviour from a mail client, it was a useful way of easily getting off mailing lists (automated, or manually created by freaky acquaintances!). This is something I really miss, so I'm wondering if there are any mail clients for Windows that provide similar functionality?"

waderoush writes "First-generation search engines such as AltaVista — built when the Web had only a few hundred thousand sites — produced notoriously goofy and spam-prone results. Well, when you search the Android Market for 'restaurant guide' and the top result is the U.S. Army Survival Guide, it begins to seem like we haven't come very far. San Francisco-based Chomp is one of the companies trying to fix mobile app search and discovery by leapfrogging Apple, Google, and the other app store providers. Founder and CEO Ben Keighran, creator of the once-hugely-popular Bluepulse text messaging system for Java phones, says the company plumbs the app stores, the Web, Twitter, and other sources to distill accurate keywords ('appwords') for each app. The top apps at Chomp for the search terms 'restaurant guide': Yelp, Urbanspoon, and Zagat, just as you'd expect."

richi writes "It looks like Carbonite, Inc. has been giving out customers' personal information. The company has admitted to giving customer email addresses to a third party, in direct contravention of its privacy policy. A company statement reads: 'Carbonite has discovered an advertiser misappropriated our e-mail list during the process of one of our e-mail marketing campaigns. When Carbonite launches an e-mail marketing campaign, it provides a suppression list to e-mail advertisers so that Carbonite customers do not receive promotion emails from Carbonite (since they’re already customers) and importantly, so that people who have opted out of receiving emails from Carbonite do not receive future email from us. This list was mishandled by an advertiser and we have taken immediate remedial efforts. As an online backup company, the security and privacy of our customer data is our top priority. We take all matters related to privacy very seriously. The matter will be addressed privately with the involved third parties and we will ensure that all customer e-mail addresses are permanently removed from their database.'"

New submitter wesbascas writes "Have you ever wanted to play a new PC game, but weren't sure where your PC falls between the minimum and recommended system requirements? I don't have a whole lot of time to game these days and with new hardware perpetually coming out and component vendors often tweaking their model numbering schemes, knowing exactly what kind of experience I'm buying for $60 can be difficult. Luckily, somebody benchmarked Battlefield 3's campaign on a wide range of hardware configurations and detail settings. If you've purchased a system in the past few years you should be in luck. The video cards tested start with the AMD Radeon HD 4670 and Nvidia GeForce 8500 GT, and go up to the brand new Radeon HD 6990 and GeForce GTX 590. I hate it that my aging Radeon HD 4870 isn't going to cut it at 1080p, but am glad that I found out before buying the game." If you're curious about the game itself, here's a detailed review from Eurogamer and a briefer one from Rock, Paper, Shotgun.

An anonymous reader writes "The Facebook Immunity System (FIS) processes and checks 25 billion actions every day, or 650,000 actions every second. The social networking giant's cybersecurity system was developed over a three-year period to keep the service's users safe from spam and cyberattacks. FIS scans every click on Facebook for patterns that could suggest something malicious is spreading across the social network."

Last week, you asked questions of "father of the Internet" Vint Cerf; read on below for Cerf's thoughts on the present and future of IPv6, standards and nomenclature, the origin of his beard, and more. Thanks, Vint!