chicksdaddy writes "Security researchers often use language and metaphors from the natural world to describe problems in the virtual world. (Consider 'virus,' and 'worm.') Now it turns out that the links may be more than just rhetoric. Microsoft Researchers say that tools they developed to detect spammers' efforts to avoid anti-spam filters were also great at spotting mutations in the HIV virus. A report from Microsoft Research in honor of World AIDS Day yesterday described how Microsoft Researchers David Heckerman and Jonathan Carlson were called upon to help AIDS researchers analyze data about how the human immune system attacks the HIV virus. To do so, they turned to tools and algorithms developed at Microsoft to detect and block spam e-mail in the company's Hotmail, Outlook and Exchange e-mail products."

New submitter kermidge sends in an article at the Physics arXiv blog about what's called the "Internet Water Army," large groups of people in China who are paid to "flood" internet sites with comments and reviews about various products. Researchers at the University of Victoria went undercover to figure out exactly how these informational (or disinformational) floods operate, and what they learned (PDF) could lead to better spam-detection software. Quoting: "They discovered that paid posters tend to post more new comments than replies to other comments. They also post more often with 50 per cent of them posting every 2.5 minutes on average. They also move on from a discussion more quickly than legitimate users, discarding their IDs and never using them again. What's more, the content they post is measurably different. These workers are paid by the volume and so often take shortcuts, cutting and pasting the same content many times. This would normally invalidate their posts but only if it is spotted by the quality control team. So Cheng and co built some software to look for repetitions and similarities in messages as well as the other behaviors they'd identified. They then tested it on the dataset they'd downloaded from Sina and Sohu and found it to be remarkably good, with an accuracy of 88 per cent in spotting paid posters."

courteaudotbiz writes "For years, a business named Compu-Finder has been sending spam all around the province of Quebec, Canada. In their emails, there is a phone number where we can reach them, and an unsubscribe link that you can click and seems to work, but even after asking them on the phone, by email or with their unsubscribe link, to unsubscribe me, I still receive 10 — 15 spams a week coming from this company. Many bloggers, journalists and radio chroniclers talked about them, but they seem to be untouchable. Still, it is easy to find the names, addresses and phone numbers of the shareholders and administrators of the company. How can we, collectively, take action to make them understand that we do not like their mass mailing practice?"

wiredmikey writes "A compromised server at the Massachusetts Institute of Technology (MIT) has been identified as being used as a vulnerability scanner and attack tool, probing the Web for unprotected domains and injecting code. According to researchers, the ongoing attacks appear to be related to the Blackhole Exploit Pack, a popular crime kit used by criminals online. The attacks started in June, and an estimated 100,000 domains could have been compromised. Judging by initial data, one MIT server (CSH-2.MIT.EDU) hosts a malicious script actively used by cyber-crooks to scan the web for vulnerable websites. These types of attacks are how BlackHat SEO scams are propagated, which target search results in order to spread rogue anti-virus or other malware. In addition, compromised hosts are also leveraged for other schemes, such as spam or botnet control."

An anonymous reader writes "One cool feature I used on KMail years ago was the ability to generate a spoofed email bounce for any given message I had received, which claimed delivery failed because of an unknown recipient. While this doesn't exactly align with expected behaviour from a mail client, it was a useful way of easily getting off mailing lists (automated, or manually created by freaky acquaintances!). This is something I really miss, so I'm wondering if there are any mail clients for Windows that provide similar functionality?"

waderoush writes "First-generation search engines such as AltaVista — built when the Web had only a few hundred thousand sites — produced notoriously goofy and spam-prone results. Well, when you search the Android Market for 'restaurant guide' and the top result is the U.S. Army Survival Guide, it begins to seem like we haven't come very far. San Francisco-based Chomp is one of the companies trying to fix mobile app search and discovery by leapfrogging Apple, Google, and the other app store providers. Founder and CEO Ben Keighran, creator of the once-hugely-popular Bluepulse text messaging system for Java phones, says the company plumbs the app stores, the Web, Twitter, and other sources to distill accurate keywords ('appwords') for each app. The top apps at Chomp for the search terms 'restaurant guide': Yelp, Urbanspoon, and Zagat, just as you'd expect."

richi writes "It looks like Carbonite, Inc. has been giving out customers' personal information. The company has admitted to giving customer email addresses to a third party, in direct contravention of its privacy policy. A company statement reads: 'Carbonite has discovered an advertiser misappropriated our e-mail list during the process of one of our e-mail marketing campaigns. When Carbonite launches an e-mail marketing campaign, it provides a suppression list to e-mail advertisers so that Carbonite customers do not receive promotion emails from Carbonite (since they’re already customers) and importantly, so that people who have opted out of receiving emails from Carbonite do not receive future email from us. This list was mishandled by an advertiser and we have taken immediate remedial efforts. As an online backup company, the security and privacy of our customer data is our top priority. We take all matters related to privacy very seriously. The matter will be addressed privately with the involved third parties and we will ensure that all customer e-mail addresses are permanently removed from their database.'"

New submitter wesbascas writes "Have you ever wanted to play a new PC game, but weren't sure where your PC falls between the minimum and recommended system requirements? I don't have a whole lot of time to game these days and with new hardware perpetually coming out and component vendors often tweaking their model numbering schemes, knowing exactly what kind of experience I'm buying for $60 can be difficult. Luckily, somebody benchmarked Battlefield 3's campaign on a wide range of hardware configurations and detail settings. If you've purchased a system in the past few years you should be in luck. The video cards tested start with the AMD Radeon HD 4670 and Nvidia GeForce 8500 GT, and go up to the brand new Radeon HD 6990 and GeForce GTX 590. I hate it that my aging Radeon HD 4870 isn't going to cut it at 1080p, but am glad that I found out before buying the game." If you're curious about the game itself, here's a detailed review from Eurogamer and a briefer one from Rock, Paper, Shotgun.

An anonymous reader writes "The Facebook Immunity System (FIS) processes and checks 25 billion actions every day, or 650,000 actions every second. The social networking giant's cybersecurity system was developed over a three-year period to keep the service's users safe from spam and cyberattacks. FIS scans every click on Facebook for patterns that could suggest something malicious is spreading across the social network."

Last week, you asked questions of "father of the Internet" Vint Cerf; read on below for Cerf's thoughts on the present and future of IPv6, standards and nomenclature, the origin of his beard, and more. Thanks, Vint!

judgecorp writes "Dutch ISP A2B has filed police complaints against anti-spam project Spamhaus, calling its CEO 'nuts' and accusing him of blackmail. Spamhaus added all A2B's addresses to a spam blacklist, when A2B did not obey the letter of its demands in blocking a spammer."

drmartin66 makes it to the front page with this question: "Last weekend I installed a new spam filter server for a client, and enabled connection rejection if the sending server did not have a Reverse DNS record. Since then, I have had a number of emails rejected from regulator bodies that do not have a Reverse DNS record, and are refusing to have one created for their email server. What is your opinion of Reverse DNS records? Are they (or should they be) a standard, and required? Or are they useless for spam fighting?"

Orome1 writes "Most users get hacked at high rates even when they do not think they are engaging in risky behavior, with 62% unaware of how their accounts had been compromised, The results of a Commtouch survey presenting statistics on the theft, abuse and eventual recovery of Gmail, Yahoo, Hotmail and Facebook accounts, shows that less than one-third of users noticed their accounts had been compromised, with over 50% relying on friends to point out their stolen accounts. Also, more than two-thirds of all compromised accounts are used to send spam and scams, which is not surprising, as cybercriminals can improve their email delivery rates by sending from trusted domains such as Gmail, Yahoo, and Hotmail, and enhance their open and click-through rates by sending from familiar senders."

An anonymous reader writes "That email you might be getting from Barnes and Noble might not be spam, but rather your only chance to prevent the comprehensive record of your buying history at defunct arch-rival Borders from ending up in B&N's data warehouse. You have15 days after the email arrives, assuming that it ever does, since chances are the email address you originally signed up with Borders is long gone." For that very reason, this sounds like a good place for the terms of the bankruptcy to require opting in, rather than opting out.

wiredmikey writes "As any IT security department knows, social networks pose a significant threat to users across the board as they blindly click links which often lead to spam or other malicious sites that could result in malware infection. In a move to further protect users of the world's largest social networking site, Facebook is adding a new feature to help protect users from links to these malicious sites. Starting today, when a Facebook user clicks on a link it will be checked against a database from Websense in an attempt to determine if the link is malicious. If the link is determined to be risky, the user will be given the choice to continue at their own risk, return to the previous screen, or get more information on why it was flagged as suspicious."

Trailrunner7 writes "Earlier this week, Microsoft released an announcement about the disruption of the Kelihos botnet that was responsible for spam messages, theft of sensitive financial information, pump-and-dump stock scams, and distributed denial-of-service attacks. The botnet had a complex, multi-tiered architecture as well as a custom communication protocol and three-level encryption. Kaspersky Lab researchers did the heavy lifting, reversing the protocol and cracking the encryption and then sink-holing the botnet. The company worked closely with Microsoft's Digital Crimes Unit (DCU), sharing the relevant information and providing them with access to our live botnet tracking system."

Trailrunner7 writes with an excerpt from an article in Threatpost: "Continuing its legal assault on botnet operators and the hosting companies that the criminals use for their activities, Microsoft has announced new actions against a group of people it contends are responsible for the operation of the Kelihos botnet. The company has also helped to take down the botnet itself and says that Kelihos's operators were using it not only to send out spam and steal personal information but also for some more nefarious purposes."

itwbennett writes "People trying to email information about the Wall Street protests on Monday using Yahoo mail, found themselves on the receiving end of messages from Yahoo claiming 'suspicious activity'. ThinkProgress.org has a YouTube video of users trying to send emails that mention the 'OccupyWallSt.org' web site, which seemed to be the magic phrase to get your email blocked. Via Twitter, Yahoo announced the blockage was now fixed, but 'there may be residual delays.'"

AmyVernon writes "This piece from RWW got me thinking about whether, when you sign up for access to a site, you're actually signing up to get a slew of email spam from them. The single opt-in is still really popular, which I've noticed because I often check the box indicating I don't want further emails from a company or publisher. I always assume that giving my actual email address means I'm going to get spam-type emails from whomever. It still surprises me that most people don't. But it does raise a good question: Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?'"

An anonymous reader writes "The price of a pair of hearing aids in the U.S. ranges from $3,000 to $8,000. To the average American household, this is equivalent to 2-3 months of income! While the price itself seems exorbitant, what is even more grotesque is its continuous pace of growth: in the last decade the price of an average Behind the Ear hearing aid has more than doubled. To the present day, price points are not receding — even though most of its digital components have become increasingly commoditized. Is this a hearing aid price bubble?"