Two major reports predicting online security threats for 2010 have emerged recently, and to do them justice, we’ll be reporting on both of them (part 2 will appear tomorrow). The first is from Websense, which predicts everything from more attacks on Macintoshes to turf wars between botnets. Of course, other forms of bot prevention software exist to combat these threats, which will indeed be varied and widespread. The full article comes from CNN, and is rather long, so I’ve cut it down to the essentials below. “Threats on the Web continue to parallel Internet users’ Web use patterns,” said ... more

FireEye should be commended, for taking down a botnet responsible for up to four percent of all worldwide spam. The Mega-D, or Ozdok botnet was completely disabled by the proactive moves by FireEye. While this is a milestone in bot prevention, it only points out the need for better day-to-day services along this line, rather than relying on such anti-bot crusaders to do the dirty work. Ars Techinca has the full story: Security researchers have taken down a major spam offender, though the dip in spam levels may be only temporary. Members of the FireEye security team coordinated ... more

I have to admit, keeping up with scammers and spammers is tough work sometimes, since new and ever-more-inventive scams keep popping up. But this one is truly confusing. The governors of the US states at the end of the alphabet have apparently been receiving free computers in the mail. Nobody’s quite sure where they came from or who ordered them. And nobody’s sure whether they are part of a new twist in malware attacks, or just a credit card scam gone awry. The governors’ offices of Vermont, Washington, West Virginia, and Wyoming have all received free ... more

Albert Gonzalez, also known as “soupnazi” online, has been charged by the Justice Department with the theft of over 130 million credit and debit card numbers — the largest in history. These charges are in addition to Gonzalez’s former crime of stealing 40 million card numbers, for which he is already in jail awaiting trial. Since there are only a little over 300 million people in the United States, this represents an overwhelming amount of data stolen. The only good news from this story is that the data thefts happened over six months ago. That, and ... more

Yahoo has revived an old idea in the battle against spam, with a slight twist. They propose that users voluntarily pay a penny per email sent, which would then give them a “stamp” (how long before someone calls it an “e-stamp” I wonder…) which would allow spam filters to more easily differentiate between valid email and spam. The twist is that the money would go to the charity of the user’s choice — meaning that all the pennies would presumably add up to a tax deduction for them at the end of the year. But similar schemes have ... more

“RealHost” — an ISP variously described as “maybe one of the top European centers of crap,” and “a cesspool of criminal activity,” was disconnected from the Internet on Monday. This site, linked to a number of different forms of malware (botnet “command and control” sites, phishing, “rogue” antivirus products, etc.) has now been taken offline forever. This is, obviously, good news. But I thought that the final paragraph in the PC World story had the best news, and the best quotes, personally. A Latvian ISP linked to online criminal activity has been cut off from the Internet, following ... more

Twitter is apparently attempting to add some security, by blocking sites identified by Google as sites with malware. But, as Brian Krebs demonstrates, even this security is pretty lax, and has a few giant holes in it. Meaning a determined person, with minimal effort, can still get around their new security. Twitter deserves points for at least trying, but they’ve obviously got a long way to go. From the full “Security Fix” column: Faced with a recent surge in the number of malicious software programs using its micro-blogging service to spread, Twitter is making an effort to ... more

In what could either be a serious setback for the Obama Administration’s cybersecurity plans, or just a case of political sour grapes, one of the most prominent nominees for “czar” of cybersecurity has withdrawn her name from consideration for the post. In what appears to be an overly-extended vetting process, the Obama team has spent months interviewing dozens of candidates for the job, and the delay is quite obviously causing some frustration among the nominees. The Washington Post has the story in full: The White House’s senior aide on cybersecurity has decided to resign following delays in the ... more

Spam is increasingly going multilingual. While 95% of worldwide spam is still sent in English, the remainder is growing, and growing increasingly better targeted. The question is, will it continue to rely on the inferior services of automated translation, or will it start investing some time and effort into developing true cultural identity? Localization of spam, at this point, is in a pretty crude and unsophisticated state. But, as with all things spam-oriented, this could change fairly quickly. And the interesting thing so far with such spam is the apparent success in targeting the right language ... more

I came across a blog posting with some interesting data on the effect (mistakenly called the “affect” in the article) of CAPTCHAs on the conversion rate for actual websites. While it is not entirely conclusive, since it measured only the number of failed conversions — but not whether they were failures from spammers or from actual customers — but, as I said, the data caught my eye. The author set up a case study, which seems to be fairly well controlled (halfway through the study, for instance, the control sites with no CAPTCHAs and the test sites with CAPTCHAs ... more