Brian Krebs has a post up today on his blog indicating that the amount of spam ending in .cn has declined dramatically due to steps taken by the Chinese government making it more difficult to get a domain ending in .cn: In mid-December 2009, the China...

Depending on the articles you read, the US is either a leader in cybersecurity or it isn’t.  According to an article from the E-CommerceTimes: A new bill introduced in the Senate on Tuesday aims to put the United States in a leading role in the global...

My friends over in the Forefront Server Protection team have asked me to post a survey on my blog, and I have agreed to do so.  They are conducting research to understand what applications you would like to protect, and how you would like them protected...

As I posted a couple of weeks ago, the Zeus botnet was partially taken down after researchers worked with ISPs to disconnect them.  Even though this victory was only temporarily short-lived, it’s still nice to know that botnets can be targeted for...

I was checking out a blog post by Dancho Danchev on ZDnet , he has some interesting statistics on Russian spam.  In it, he describes how much spam is Russian and how much money they are making.  Rather than summarize his views, I thought I would...

CircleID has an update on the latest Google vs China standoff: Earlier this year Google made the announcement that it is reviewing its business operations in China and considering possible closure due to China's cyberattacks and limits on free speech...

Twitter recently announced that taking action to mitigate spam and abuse of its service: A couple weeks ago, Biz explained how Twitter users were being victimized by phishing scams spread primarily through links in Direct Messages. Basically, people click...

One of our spam analysts who works out of our Dublin, Ireland office, Kai Yu, wrote this on our internal malware blog.  I am reposting it here because I think that it is an important topic for this past week. Since March 17th, there has been a large...

I have a YouTube account with a bunch of my videos on it, and about two months ago I was contacted by another magician.  He was commenting on my version of Any Card , wherein any named card appears at any named number in the deck.  It’s an incredible...

I was originally going to post excerpts from this and add my comments, but I have decided to post the whole thing.  Jeff Williams is part of Microsoft’s Malware Protection Center, and posted this on the MMPC blog.  I am reprinting it in its...

On another corner of the Internet, ThreatPost reports that Microsoft’s Waledac take down a couple of weeks ago did, in fact, have far reaching impact. While some on the Internet were claiming that Microsoft’s actions had little to no effect, it turns...

In my previous post, I called attention to a story where a bank employee in Switzerland stole information from HSBC’s list of clients and gave (or more probably, sold) it to the French government.  The government intended to use the data to go after...

On Friday, I went to Bloomberg’s financial page and browsed a few articles.  I read an article which stated that HSBC revealed that a former employee stole details on 15,000 existing user accounts: March 11 (Bloomberg) -- HSBC Holdings Plc’s Swiss...

Instant messaging spam, or spim (Spam over IM), is not something I have a lot of experience with.  However, yesterday (Thursday, March 11), Microsoft announced that it reached a settlement with Funmobile, a company it sued last July, accusing it...

Following in the footsteps of Lethic, Waledac and Mariposa, yet another botnet has been taken offline.  Not completely, though, it was only a partial disconnect.  The Zeus botnet, also known as Zbot , is a trojan password stealer that captures...

In my previous post, I wrote that other security researchers didn’t find much impact after Microsoft obtained a court order to take down 270+ domains associated with the waledac botnet. What do my own statistics say? Waledac is one of the smaller...

A couple of weeks ago, I wrote on the story that Microsoft had obtained a court order to take down numerous domains associated with the Waledac botnet.  It’s now been a period of time since then, did the takedown actually affect spam levels out of...

I see on Symantec’s Twitter feed that roughly 82% of all spam is pharmaceutical spam. Pharmaceutical spam now accounts for 81.9% of all spam. Europe is more likely to receive it than other regions, and Asian ones least of all. My own...

I was browsing YouTube today and I found an online video starring David Perry of Trend Micro.  Perry explains the nature of various web-based threats using building blocks.  It’s actually a pretty good introduction for those who don’t understand...

One of the assumptions that I have long held about botnets is that they grab a compromised computer, spam it like crazy and then abandon it once it lands on an RBL.  Eventually, this RBL delists it due to dormant activity, and later on the botnet...

It hasn’t been a great week this week (March 1-5) for some of our customers who use us for outbound mail relay.  I’m not going to name names because there have been a wide variety of users, but every single day this week we have had one or two organizations...

There are a number of sources talking about the takedown of the Mariposa botnet, here are a few of the good ones: The Associated Press details the story and talks about the technical aspects of the takedown. Boing Boing only has an excerpt.  Nothing...

In my previous post, I noted that rustock had started sending us a whole pile of spam over the TLS protocol.  The question now is why do it at all?  I mentioned in my post that this is clever behavior and one of my readers posted in a comment...

The other day, one of our architects was tinkering around and discovered that approximately 40% of the total inbound connections to our network were connecting to us via TLS.  This seemed to be a rather high number, so that spurred an investigation...

Via xkcd .