Today another blogger and I were discussing a bunch of crap posts (spam comments on a blog) that were recently submitted to a group of blogs. These crap posts were never seen by the public, of course, because the security in use by those blogs automatically prevents such things going live.

"You'd think," the other blogger said to me. "That these comment spammers would figure out that it isn't sticking and stop, but they haven't."

There are two problems with my associate's statement.

Comment spammers won't figure out—for some time at least—that their posts aren't making it through to publication. They do it all through automated processes that target hundreds of sites simultaneously—"war posting". The process usually goes something like this:

Marc Orchant, the author of our sister site, The Tablet PCs Weblog, updates the IE/server security vulnerability story with welcome news:

OK. For the moment, it's safe to use Internet Explorer. ZDNet is reporting that the Russian server that was invading infected PCs has been shut down. Still, experts warn, it's only a matter of time before we see something like this again.

Web surfers are no longer playing Russian roulette each time they visit a Web site, security researchers say, now that a far-reaching Internet attack has been disarmed.

The attack, which had turned some Web sites into points of digital infection, was nipped in the bud Friday, when Internet engineers managed to shut down a Russian server that had been the source of malicious code. Compromised Web sites are still attempting to infect Web surfers' PCs by referring them to the server in Russia, but that computer can no longer be reached.

Still, Web surfers should take precautions, as the Internet underground is increasingly using this type of attack as a way to get by network defenses and infect officer workers' and home users' computers.

ALERT! Internet security groups are warning of a newly discovered vulnerability in Microsoft's Internet Explorer browser that allows outside parties to take control of users' machines. The code that exploits the vulnerability and opens a backdoor is prevalent not only on small, out-of-the-way sites, but also on popular trusted, professional and corporate websites such as those belonging to leading banks, auction services, and price comparison firms.

And, its spreading.

The maliscious code is so rampant on trusted websites that the prevailing advice from Internet security consultancies like the Internet Storm Center and US Computer Emergency Reponse Center is to use another browser, to discontinue use of Internet Explorer until Microsoft patches the vulnerability.

From BBC News World Edition, Friday, 25 June, 2004:

The net watchdog, the US Computer Emergency Reponse Center, and the net security monitor, the Internet Storm Center, have both issued warnings about the combined threat of compromised websites and browser loophole.

Cert said: "Users should be aware that any website, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code."

In its round-up of the threat the Internet Storm Center bluntly stated that users should if possible "use a browser other then MS Internet Explorer until the current vulnerabilities in MSIE are patched."

What websites are vulnerable to infection, and thus becoming points of attack upon IE users?

...Any Windows 2000 Server that does not have the MS04-011 security update installed and is running Internet Information Server.

The virulent Sasser worm exploited loopholes closed by this update so many servers are likely to be patched against the problem.

How does the infection occur?

Infected servers are adding a malicious chunk of Javascript to all the web, gif and jpg files served up to anyone browsing the sites they host.

When loading on a browsing PC, this chunk of code might trigger a Windows error message.

Once downloaded the code redirects a browser to a Russian website which tries to install a program that opens a backdoor into the PC.

Some net service firms have started blocking access to this Russian site.

Pariah Burke writes the Design Weblog and Magazine Design Weblog for Weblogs, Inc., and is a contributing writer to the Nanopublishing Weblog.

The number of "phishing" e-mails circulating on the Web has increased from 279 to 215,643 over the past six months, according to e-mail security company MessageLabs.

Phishing is an Internet scam in which unsuspecting users receive official-looking e-mails that attempt to fool them into disclosing online passwords, user names and other personal information. Victims are usually persuaded to click on a link that directs them to a doctored version of an organization's Web site.

MessageLabs, which monitors corporate e-mail traffic, said Monday that in September 2003 the company encountered just 279 phishing e-mails. In January 2004, this figure reached 337,050 and then dropped back to 215,643 by March. The company said it is impossible to estimate exactly how many people have been fooled by the phishers.

The problem with an article like this is inherent:  The people like to read the article (or this weblog, for that matter) are those who are usually street smart ('net smart?) enough to avoid falling for the phishing scams.

Then again…

This post is from your ISP's technical staff. Because of recent Internet scam spam, we have regrettably been forced to temporarily limit Internet access on your account. Your connection speeds have been halved, and a maximum transfer limit of 10MB per day has been imposed. This situation will persist until you verify your identity. To verify your identity and lift the security limits to your account, respond to this post in a comment with the following information:  Your full and complete e-mail address, the login username you employ to connect to our service, the accompanying password, and the full and complete number of the credit card on which you pay for your service with our company.