ReadWriteWeb

A rampant worm by the name of Ramnit has stolen login and password information for 45,000 Facebook users, mostly in the UK and France. Prowling the 800-million-strong social network, the worm eats user names, passwords and browser cookies. It also acts as a backdoor, meaning a hacker can attack any computer that has already been infected. According to the Microsoft Malware Protection Center, Ramnit infects Windows executables, Microsoft Office and HTML files. The Ramnit worm initially transformed into financial malware in August 2011, according to reports from Trusteer.

"What was once malware designed to steal data from financial institutions has evolved into a social network threat," says John Weinschenk, CEO at Cybersecurity company Cenzic. "Bank account numbers and Facebook log-in credentials seem very different, but to hackers, they are equally as lucrative."

Security researchers have identified the person responsible for about 22% of all spam on the Internet. Ironically, the individual responsible for running the operation through the so-called "Cutwail" botnet goes by the codename "Google." Krebs On Security cracked the case on the malicious hacker responsible for much of the spam that cripples inboxes across the Internet.

Hundreds of chat logs were discovered by investigators between "Google" and the co-founder of a spam operation called "SpamIt," Dmitry Stupin. These logs, discovered on Stupin's computer by Russian investigators, gave a detailed look into how "Google" rans Cutwail and how he built the largest spam network on the planet.

A phishing attack aimed at new Mac users was launched the week after Christmas looking to obtain the credit card information of people signing up for a new Apple ID. The well-timed attack tries to redirect users signing up for an Apple ID to a phishing site designed to look like the Apple sign-in page asking users to update their account information.

You may not know the name J.D. Falk off the top of your head, but he worked tirelessly to protect your inbox from spam. Falk's untimely death came yesterday at the age of 37, but he fought cancer long enough to see his IETF RFC published.

Jesse David Falk was a founding member of the Coalition Against Unsolicited Commercial Email (CAUCE), the Messaging Anti-Abuse Working Group (MAAWG), and was an active member of the Internet Engineering Task Force (IETF).

Anyone who runs an online site knows that comment spam is a continuing battle. And as the accompanying infographic shows, prepared by social spam fighter Impermium, it is a big problem. They took samples of the social Web this summer, looking at more than 100 million different pieces of user-generated content around the world from various Web sites and comment streams. They found that on some sites as many as 40% of the registered accounts were spammers. One site saw more than 30,000 fraudulent new accounts created in an hour, with a combined posting of 475,000 garbage messages. The boot maker Uggs was the most exploited brand by a factor of two over others, and fashion even beat out porn in spam postings. That is saying something.

Security company McAfee released its second quarter threat report today and the language in it is quite frank: "The security industry may need to reconsider some of its fundamental assumptions, including 'Are we really protecting users and companies?'" With malware at its highest levels ever, the escapades of LulzSec and Anonymous continuing unhindered and new varieties of spam being created almost every minute, it is a pertinent question.

Android is now far and away the leader is mobile malware. For-profit mobile malware has also grown significantly, with SMS-sending Trojans and other complex Trojans compromising smartphones. Rootkit malware that takes over the operating kernel of a computer or a smartphone is also becoming popular among malicious programmers. As McAfee notes, "The second quarter of the year was clearly a period of chaos, changes and new challenges."

Spam King Sanford Wallace has turned himself in to the Federal Bureau of Investigation. Wallace is facing multiple counts of fraud and related activity and has been charged with three counts of intentional damage to a protected computer and two counts of criminal contempt. Wallace, who is notorious in spam circles and has been advocating for spam since the 1990s, ran a phishing scam through Facebook that resulted in more than 27 million spam messages.

Wallace was released on $100,000 bail. In 2009 Facebook sued Wallace for his part in spam messages on Facebook and was awarded a $711 million settlement. Most recently, Wallace has been seen on Google Plus where the majority of his pictures and posts are from nightclubs. He currently lists his occupation as "nightclub business / poker" and Google Plus lists his current residence as Las Vegas.

According to a post on the Spamassassin Tips blog, there's some evidence that spam is tapering off from earlier in the year. Is spam really down, or is it too soon to get excited?

When you have enough companies trying to ride the viral invite/closed beta wave with closed betas for a business to specialize in viral invites, it's time to pull the plug. Artificial (or real) scarcity imposed by marketing as a promotional gimmick is no reason to spam your friends, folks.

This morning I reached my personal tipping point for the viral invite gimmick. I was already well poised to boil over after the U.S. launch of Spotify, but this morning another service (that I won't encourage by providing a link or name) put me over the edge. Not only is it another bogus "invite only" closed beta, but the company promises faster access if you offer up email addresses for at least three friends.

Search engine poisoning is the most prevalent form of malware delivery on the Web, according to the security researchers at Blue Coat. In its 2011 Mid-Year Security Report Blue Coat outlined the biggest threats to Web security and the attack vectors that malware providers are using to infiltrate users' computers.

Search engine poisoning (SEP) makes up 40% of malware delivery vectors on the Web. The practice is when malware and spam attackers inundate search results with links to bait pages that will take users to malicious websites that will download malware to a computer. Spammers reach higher in search rankings by creating link farms that drive their poisoned pages further up search results. People want to be able to trust that what they search for in Google, Bing or Yahoo is safe to click on. Users are not conditioned to think that search results could be harmful to the health of their computers. The other leading attack vectors on the Web all pale in comparison to SEP, with malvertising, email, porn and social networking all 10% of malware delivery.