Spam

With court backing and a novel use of a civil procedure, Microsoft appears to be close to obliterating the Waledac spam botnet, changing the way online criminal operations are defeated.

A magistrate judge in federal court in Virginia is expected to recommend within days that the judge hearing Microsoft's case grant a default judgment, Richard Boscovich, a senior Microsoft attorney told CNET on Wednesday.

This would mean that the 276 Web domains deployed as Waledac command-and-control servers to provide instructions to thousands of infected computers would be forfeited to Microsoft, effectively shutting down the botnet for good, he said. … Read more

Facebook has closed a hole that was being used by spammers to automatically post wall messages and direct messages to friends, the company said on Tuesday.

Just clicking on the link to one of the applications that were taking advantage of the bug would allow the auto-posting to happen, Facebook said. The apps, which appeared to be sending people to a survey Web site, were disabled on Monday, the company said.

"Earlier this week, we discovered a bug that made it possible for an application to bypass our normal CSRF (cross-site request forgery) protections through a complicated series of … Read more

Facebook on Friday afternoon was investigating what appeared to be a new spam scheme that results in users getting messages from friends over Facebook chat that have malicious links.

The messages say "LOL is this you?" and are accompanied by a link that looks like it leads to a video on Facebook, one victim told CNET. In his case, clicking the link directed to a Web page with a "404-Page Not Found" error message and his account sent the spam out to at least one of his friends, he said.

The spam was also reported on Twitter, … Read more

Twitter users were being hit on Wednesday with what seems to be the second phishing attack this week, according to security firm Sophos.

The latest attack features a message that says "This you????" followed by a link that leads to a fake Twitter log-in page, according to a blog post by Sophos' Graham Cluley. If a user provides the log-in credentials, the attackers have control over the user's account and can retweet the phishing message from that account.

Earlier in the week, a phishing attack was spreading via direct messages that were widely distributed because of third-party … Read more

Web robots, commonly referred to as "bots," are software programs written to do automated tasks, like crawling the Web looking for new sites. They also appear in chat rooms and instant messaging services masquerading as real people.

Depending on the level of sophistication of the artificial intelligence, they can attempt to understand questions and respond appropriately. Usually the conversation is pre-set, which makes for some rather silly conversations.

Bots are nothing new, but not everyone has personally interacted with one. I, for one, have never been approached by a bot in a chat room or on IM, so … Read more

You and just about everyone else, it seems, are spending more and more time on Facebook and Twitter, updating statuses and checking friends' tweets. That's all well and good, of course, but the amount of personal information that all of you share in real time, and the level of trust implicit with the social networking sites, do pose particular security and privacy problems.

A recent study from Sophos found that Facebook users reveal a lot of personal information to new friends, including ones they really don't even know or have never met. Using fake profiles, Sophos sent out … Read more

Facebook has sued three men, alleging they used phishing techniques to get access to Facebook user accounts and then sent spam from the compromised accounts.

The lawsuit was filed Monday in federal court in San Jose, California, and named as defendants Jeremi Fisher, Philip Porembski, Ryan Shimeall and the companies associated with them, Choko Systems, Harm, and iMedia Online Services, according to a Facebook statement late on Tuesday. The defendants could not be reached for comment.

The defendants are accused of launching at least four spam campaigns over the last couple of years, the latest in the last three months … Read more

Google is taking legal action to stop companies from allegedly using the search giant's name to trick people into paying for supposed work-at-home kits advertised online and in e-mails.

The company filed a lawsuit on Monday in federal court in Salt Lake City against Pacific WebWorks and other, unnamed defendants alleging trademark infringement and dilution, unfair competition, federal cyberpiracy, and violation of consumer sales practices. The lawsuit can be amended to add the names of additional defendants as they are uncovered.

"This action seeks to stop a widespread Internet advertising scam that is defrauding the public by misusing … Read more

Updated 5:10 p.m. PST with information about later versions of the e-mail campaign directing to a landing page with hidden code that uses an Adobe exploit to try to download malware onto the system.

You can ignore that e-mail that looks like it comes from the U.S. Centers for Disease Control and Prevention about creating a profile for an H1N1 vaccination program. It's a malware scam, according to security provider AppRiver.

The fake alert informs recipients that as part of a "State Vaccination H1N1 Program" they need to create a profile on the CDC … Read more