Six months ago, the Srizbi botnet was big news. Indeed, I reported that it was responsible for as much as 46 percent of the spam being seen by one monitoring outfit. Then, just last week here at IT Pro I was ranting about how spammers were in a world of hurt courtesy of the takedown of a single web hosting service thought to be responsible for enabling as much as 75 percent of the spam on the planet. Indeed, a week ago things looked good for the spammed majority with 70 percent less spam flowing through cyberspace.

But a week is a long time in spamonomics and a recent prediction that things would soon start getting back to normal for the spamming minority seems to be playing out. Not least thanks to the disturbing news that the Srizbi spambot has risen from the ashes once more.

According to FireEye security researchers Srizbi has been spotted updating its bots with a new binary which is bad, bad news for everyone else. As that earlier prediction stated, the command and control servers would appear to have been established in Eastern Europe. The domain registrations being handled in Russia while the servers are located in Estonia.

Apparently, a dynamic DNS generation mechanism has enabled this relatively quick recapture of the command and control centres for the Srizbi operators, despite the devastation of the McColo takedown just a couple of weeks back.

The good news, sort of, is that breaking news suggests that the Srizbi resurrection could be short lived, at least in the short term and that the Estonian servers have all been taken offline. The bad news is that one IP was registered in the Cayman Islands with servers in Germany and this still appears to be live, for now…

Who says crime does not pay? Certainly it cannot be the criminals who are apparently raking it in as the honest and hard-working amongst us suffer at the stamping feet of a recession. A new report from Symantec suggests that crooks are enjoying boom times as far as the underground economy is concerned.

How much enjoyment would that be? How does a total value of goods advertised during the last 12 months on underground economy servers in excess of £183 million grab you? That’s how much Symantec calculate the market was worth if you take the advertised prices of the goods and services on those servers and then measure just how much would be made if the advertisers were to fully liquidate their inventories.

Naturally enough, credit card data sits firmly at the top of this particular advertising tree and accounts for some 31 percent of the total. I have reported before on how little stolen credit card data sells on the black web market, and prices are certainly not going up although the advertised limits on those cards for sale is. So Symantec note that you can now buy live credit card numbers for as little 7p each, and the maximum was just £17, but the credit limits are an average of £2650. Add it all up and that means the potential worth of all the stolen credit cards being advertised in that 12 month period was a staggering £3.5 billion.

In all, Symantec spotted some 69,130 active advertisers posting a total of 44,321,095 messages to the underground forums being monitored for that year. The potential value of the total advertised goods for the top 10 most active advertisers was £10.8 million for credit cards and £1.3 million for bank accounts. The most active advertiser had a potential itinerary value of £4.2 billion.

“As evidenced by the Report on the Underground Economy, today’s cybercriminals are thriving off of information they are gathering without permission from consumers and businesses,” said Stephen Trilling, vice president, Symantec Security Technology and Response. “As these individuals and groups continue to devise new tools and techniques to defraud legitimate users around the globe, protection and mitigation against such attacks must become an international priority.”

Either that, or I need to think about a new career as an Internet crime lord…

I once wrote that “Spam is annoying, resource consuming, malware driven and often offensive” and still old that opinion. There was a time a few years back when I would have said that spammers were immortal when viewed as an industry, it simply could not be stopped. Now, I would simply say that spammers are vulnerable.

In October I noted that the once King of Spam was dead as the Storm Botnet had apparently stopped producing any spam at all. Of course, having been around this business for a long time now, it was obvious that the death of one player does not equate to the death of the industry. Indeed, I warned at the time that there were “plenty of young pretenders ready to wear the junk mail crown.”

The interesting thing is how recent events have played out with it being reported just last week that the takedown of a single web hosting service thought to be responsible for enabling as much as 75 percent of the spam on the planet, meant that spam was pretty much dead in the water. Indeed, during the first 12 hours following the pulling of the McColo Corp plug spam volumes did drop dramatically. As much as 70 percent less volume being recorded by the likes of MessageLabs for example.

What is more, one week on, and spam volumes have still not returned to the same levels as before the takedown. Things really are not smiley and happy in spam-land right now. Shame.

You just cannot downplay the importance of the McColo spam factor, it hosted the command and control infrastructure for three of the world’s most prolific spam botnets; Srizbi, Mega-D and Rustock. Taking McColo out of the equation meant that spammers were disconnected from their spam botnets. “This is the most significant single event in the fight against spam we have ever seen,” said Phil Hay, lead threat analyst with the MessageLabs TRACE Team. “It shows that a coordinated effort against spammers by security researchers can have a positive and meaningful impact on global spam levels. It is something that we have been working towards for a long time and it is fantastic to see the flow-on effects on spam levels as a result of targeting the bigger botnets”

Trouble is that neither Hay nor anyone else who knows about such stuff expects the situation to last. There is no doubt at all that new command and control servers are being established as I type. They still have to re-establish connections with all those zombies PCs out there, but that will happen. It has not happened yet, but it will.

“Last week’s events have proven that by drawing attention to the worst spam offenders, security researchers and law enforcement have the capability to focus their energies on the key players and take action. Five years ago when spam was dominated by numerous small-scale spammers it was extremely difficult to target an individual spammer and have any real effect on spam. Now, because botnets have enabled a handful of major spam players to dominate, the targeted actions of the IT security and law enforcement communities can have an immediate and palpable effect on spam,” said Hay.

Now, if only idiots would stop buying stuff from the spam they do get, maybe we could kill this thing once and for all.

With the holiday season fast approaching, many of us are starting to consider doing the Xmas shopping. For an ever increasing number of people that means avoiding the high street crowds and high street prices by heading online instead. Unfortunately, while the shopper is saving money the same cannot be said for the employer if that shopping is done on work time. A new set of surveys reveals that the average cost to business this Xmas could be as high as £2000 per worker!

ISACA has serves some 86,000 IT security, assurance and governance professionals across 160 countries. It has revealed the results of three simultaneous surveys, two in the US and one in the UK, which looked at the latest trends in online shopping and workplace Internet safety.

Concentrating on the UK survey, we can see that 82 percent of people said their organisation either does not have or they are not aware of a policy that prohibits employees from shopping online. Whatever happened to the good old Acceptable Use Policy then?

Anyway, of those organisations that do allow online shopping at work, only 32 percent educate their employees about the risks involved. But the real blinder from this survey comes as it reveals that more than 40 percent of organisations thought that they stood to lose an average of at least £2000 in terms of productivity per employee as a direct result of online Xmas shopping during November and December. At least it is not as much as the cost of workers being sociable online I guess.

ISACA president, Lynn Lawton, comments “The challenge for organisations is not only to educate workers about information security, but also to change their behaviour.”

Amen to that!

Mark Russinovich is a cool guy. He also happens to be a Microsoft Technical Fellow and Windows Kernel guru. Best of all, he has been talking at length (some 45 minutes or so) to the MSDN ‘Channel 9′ network about what’s inside Windows 7.

Sure, news about Windows 7 has been leaking like crazy especially now that early versions are available for free.

But this is different, this is not speculation, this is someone who really knows his stuff spilling the technical beans about Windows 7.

Now that’s where everyone’s ears should perk up, mine did. Especially when it got to the bit about how the reworking of the ‘dispatcher spin lock’ in Windows 7 means that the OS can scale to a whopping 256 processors. He goes into some technical detail about how bottlenecks have been removed to make this possible.

I mean, what geek could not be seduced by the lure of a forthcoming Windows Server 2008 release that supports 256 logical cores? Must be a possibility, considering that it will be a Windows 7 based upgrade. About bloody time as well, after all 32 core limits are so 20th century.

There is not a lot a point in me just trying to explain all this in highly technical detail, in text, when Russinovich does a perfect job in person. Seriously, if you care about this stuff it is worth sacrificing 45 minutes of your life to view the video. And I wouldn’t be saying that, I wouldn’t be pointing you away from IT Pro for goodness sake, if it wasn’t so!

I am informed, admittedly by way of the company that makes the product in question, that a new firewall is delivering “record-setting performance” to the enterprise segment. The PR bunnies for said company assures me that the FortiGate-620B multi-threat security appliance “sets new performance records with 16 Gbps firewall and 12 Gbps VPN throughput.” Which begs the question, how fast is your firewall?

I have to admit that it is not something I have not lost a great amount of sleep over to be fair. But then again I have not got a gigabit-switching infrastructure to worry about so do not have to consider internal network segmentation points with gigabit-per-second links. Yet it seems that this level of requirement is starting to escape from the expected boundaries of the high-end enterprise and firmly into the SME marketplace with increasing frequency. So maybe it is just as well that security vendors are thinking about affordable appliances that manage to break into new performance territory, that can pack a 24 port density punch and introduce security-specific ASIC network processors previously reserved for truly high-end products only.

Indeed, Fortinet CTO and co-founder Michael Xie is adamant that what is needed is a “strategy to drive higher price/performance and port density into our products in order to bring high-end enterprise-level features to a broader enterprise segment.” Not least because firewalls must evolve to survive in the dynamic enterprise technology landscape where threats are ever changing.

Bloody hell. No wonder there is so much spam. No wonder there is so little success in stopping the evil trade. No wonder criminal gangs have turned to creating and controlling spambots as an easier and less risky way to make money than trading in drugs or prostitutes. Just take a look at the economics of spam, or spamonics if you prefer.

US researchers working out of the University of California, Berkeley as well as UCSD, have revealed that all it takes for a spam operation to turn a profit is for one response in every 12.5 million spam mails sent to be returned. That bears repeating: a response rate of 1 for every 12.5 million spams distributed is enough to make a profit. Not just a ‘little over break even’ kind of bottom line, but millions of pounds a year in profit. Such is the scale that your average spamming business works to.

The researchers were able, effectively, to hijack an operational spam network in order to make the discovery. Over the course of a year, the seven researchers were able to closely monitor the workings of the infamous Storm botnet by creating a series of proxy bots to control just shy of 76,000 hijacked computers on the botnet. These were then used to route fake spam campaigns and analyse the results coming in to the fake pharmacy site they set up for the purpose.

Don’t panic, the team did not actually flog anything but instead idiot punters attracted by the spam were presented with an error message if they were stupid enough to get their credit cards out.

Apparently, the researchers sent a total of 469 million spam messages during a one month period, most of them looking to promote the fake pharmacy although some mimicked the way Storm attempts to infect user machines and assimilate them into the botnet collective.

The response, after 26 days, was actually less than 0.00001 percent. That is 28 sales from 350 million spam emails sent. Compare and contrast to a genuine direct mail campaign which would average around 2 percent conversion rate. Yet, the researchers say, this was enough to produce a revenue of around £65 every day. OK, so that is small change, but remember they were sending out just a fraction of the spam volume you would expect from a well organised crime syndicate. Like the people behind the Storm Botnet, for example. Indeed, the researchers scaled up the results they got to represent the full Storm operation and worked it out to around £4,400 a day or £2.2 million per year.

It seems that during the course of the now decided US Presidential Election campaign, covered with intense scrutiny by global media, one tech focused story didn’t make it out into the open until now.

Not the whole Obama is a Tech God thing, be it Obama on the Xbox 360 or iPhone Obama or Obama the Twitter King. What’s more, it was not even the McCain is a lamer by comparison stuff.

Nope, I am talking about the election campaign computers of both Barack Obama and John McCain being hacked tale. Newsweek is reporting that both systems were victims of “a sophisticated cyberattack by an unknown foreign entity” which led to a FBI investigation earlier in the year.

The story reveals how, during the summer, Obama tech experts detected a phishing attack or so they thought. But far from being a simple expedition for credit card numbers the FBI and Secret Service, visiting the campaign headquarters the following day, were warning that the computers had been compromised and “a serious amount of files have been loaded off your system.” Newsweek claims that the White House Chief of Staff confirmed this with Obama campaign chief David Plouffe the following day, also issuing the ‘real problem’ warning.

But Obama was not alone, it would appear, as McCain’s campaign computers had also been compromised in August and the FBI were investigating that as well.

As I understand it, the motivation behind the attacks is most likely to be a sophisticated play at getting advance intelligence on the policy positions of both camps in order to have an advantage with the 44th President of the USA when it comes to any negotiations in the future.

The story leaves more questions than it provides answers, unfortunately. We don’t know if the campaign networks were compromised at web server level, email server level, a single machine was involved or what. The campaigns are remaining quiet regarding their security, and it is doubtful if that position will change.

All that we do get to learn, is that the Obama campaign admitted to plugging security holes found and that the ‘foreign entity’ might have been China or Russia. Hmmm, no s*** Sherlock!

Who said that Moore’s Law was a dead duck as soon as the 35nm chip brought diffraction limits into play to prevent feature creation any smaller than that? Actually, I don’t know and I don’t care, because now somebody else has said it really doesn’t matter. Possibly.

A couple of Berkeley Boffins, Xiang Zhang and David Bogy, seem to have found a method of getting around this light beam limitation and enabling chip features right down to a sub-10nm level. In which case, Moore’s Law is not dead and transistor numbers on a chip can continue to double every 18 months for a while yet.

The key that unlocks this particular problematic padlock would appear to be photolithography. Or at least something very similar to it. By using light waves with a plasmonic metal the electrons are allowed to vibrate and produce, in effect, shorter wavelengths than standard light. Shorter waves means the ability to focus more light in the same area, which in turn means smaller features on a chip. In theory.

According to the Register the researchers have devised a 100nm plasmonic lens with silver material organised into concentric Fresnl screen-alike rings which flies 200nm above the revolving substrate beneath. So far they have only managed to get features down to a width of 80nm, which does little for Moore’s Law survival, but seem to be pretty sure that they can reduce that size down to maybe even 5nm and so enable processors 10 times smaller than those we have today while also being far more powerful.

Come back in five years when they have had the time to get all this working. Until then, maybe the title of this posting should have been Moore’s Law is in suspended animation…

Facebook likes to push the mantra that it is making the world a more open and connected place through the medium of dance. Sorry, through the medium of social networking I mean. It also likes to let slip every now and then that the software it uses to build the site and service is pretty much all open source stuff.

Now Facebook has taken that final step into the lovey dovey world of openness and is releasing that code which it has developed into the wild, so that the open source community can do with it what it will. Well, apart from producing a Facebook clone one assumes.

The process gets under way immediately as Facebook releases the Scribe cold. This critical piece of infrastructure is used to collect large amounts of data from a large number of servers, data which is then used to do stuff like track database memory consumption when delivering relationship stories directly into the News Feed. Or, as Facebook puts it “Scribe is a server for aggregating log data streamed in real time from a large number of servers. It is designed to be scalable, extensible without client-side modification, and robust to failure of the network or any specific machine.”

Facebook ended up building its own system because all the open source, and proprietary ones for that matter, which it tried to perform the same task just could not cope with the massive amounts of data being generated by Facebook members. Massive as in tens of billions of pieces of information being moved around every single day.

The Scribe source can be found here.