After the fourth or fifth time of being hammered after an article appeared in Google News, I finally discovered a pattern I should have seen earlier. Our access logs were full of requests from many different IP addresses asking for the same page repeatedly within a few seconds. That in itself wasn’t unusual for traffic generated by Google News, but more peculiar was the user-agent identifier — that’s the bit of text a browser sends that tells a server what its maker and version are.

Lots of traffic from Google News, but not all of it driven by humans.

"Spam, one of the Internet's oldest annoyances, is gearing up for a second act. Unlike traditional email spam, which usually comes from strangers, this new form—dubbed "social" spam—often appears to be from a friend. Criminals find social networks alluring because they can spread messages though a chain of trusted sources.<br />"Such spam puts the usefulness of social networking at risk. Facebook says less than 4% of the content shared on its site is spam and Twitter says just 1.5% of all tweets were "spammy" in 2010. But Facebook adds that the volume is growing faster than its user base. On any given day, spam hits less than 0.5% of Facebook users, or some four million people."<br /><br />Spam is the E.coli of the internet.

"The quality of conversations on Google+ is something we take very seriously, so we’re happy to announce that we've finished rolling out our new comment spam moderation system.

"Now, if we identify a possibly spammy comment on your post, we'll immediately mark it for your review."

If Google+ is getting spam that's actually a good sign - spammers don't bother with places where nothing is happening. But you have to review your own? Bet that people won't, for the most part.

"Microsoft also alleges that Dominique Alexander Piatti, dotFREE Group SRO and the John Doe defendants committed some of the same violations made in the successful legal cases against the operators of the Waledac and Rustock botnets. Kelihos infected users’ computers with malicious software which allowed the botnet to surreptitiously control a person’s computer and use it for a variety of illegal activities, including sending out billions of spam messages, harvesting users’ personal information (such as e-mails and passwords), fraudulent stock scams and, in some instances, websites promoting the sexual exploitation of children.

"Similar to Rustock, some of the spam messages also promoted potentially dangerous counterfeit or unapproved generic pharmaceuticals from unlicensed and unregulated online drug sellers."

41,000-strong botnet, could send 3.8bn spam emails per day, also hosted Mac scareware. One up for Microsoft.

We wrote about this some time back. The law grinds slow but... "The lawsuit between e360 and Spamhaus was a long-running, tortured affair, and it looks like it finally came to a close. With e360 being awarded a whopping $3 in damages against Spamhaus. (Here's a <a href="http://arstechnica.com/tech-policy/news/2011/06/appeals-judges-berate-spammer-for-ridiculous-litigation.ars">link</a> to Ars Technica's recap of the oral argument, where Judge Posner blasted e360's counsel: 'This is just totally irresponsible litigation . . . .You can't just come into a court with a fly-by-night, nothing company and say 'I've lost $130 million.')"<br />
<br />
Yes, three dollars.

Go on, enjoy the schadenfreude.

"Fundamentally, I believe Twitter’s priorities here are wrong. Twitter needs a far more aggressive, automated, proactive, heuristic-based anti-spam system. And if someone has trouble legitimately tweeting a link with no text to 100 people in a row who don’t follow them at precise 1-minute intervals, that’s just the price we’ll have to pay.<br />
"In the meantime, I’m never using the “Report Spam” feature again, because it just seems like I’m wasting my time."<br />
<br />
Though this does assume that spam on Twitter actively annoys people. There's not a lot of evidence that it does, though, because unlike email it hasn't reached the point where it's any significant proportion of a timeline - and has any single spam account actually tweeted the same person twice?

Mostly offline as owners have been jailed or gone into hiding. Spam volumes have fallen by 90% over the past year. But there's a new rootkit around, called TDL-4, infecting millions of machines: "Getting infected with TDL-4 may not be such a raw deal if your computer is already heavily infected with other malware: According to Kaspersky, the bot will remove threats like the ZeuS Trojan and 20 other malicious bot programs from host PCs. “TDSS scans the registry, searches for specific file names, blacklists the addresses of the command and control centers of other botnets and prevents victim machines from contacting them,” wrote Kaspersky analysts Sergey Golovanov and Igor Soumenkov."<br />
<br />
Makes it sound like a boon.

"Spam levels have dropped massively in recent months, though researchers fear this is simply because botnet operators have switched their attention to more lucrative activities.<br />
"Junk mail volumes - which reached 90% last summer - are down to 75% this summer, net security firm Symantec reports.<br />
"The 15 percentage points drop in spam has led to a 60% decrease in total email volumes, helping reduce network congestion and server load in the process.<br />
"Symantec reports that junk mail volumes that reached a high of 230bn spam messages per day in July 2010, 90% of all email traffic, are down to 39.2bn messages per day, 72.9% of all email."<br />
<br />
Spam was 9 out of 10 - now it's only 3 out of 4! We're back to... 2001?

"At first, I thought that Amazon’s rationale might be similar to the one Google takes on the issue of infringing or objectionable YouTube content: given that 48-hours’-worth of video is being uploaded every minute, it simply isn’t feasible to pre-scan stuff before it’s published. But Google will take it down on receipt of a complaint. That won’t get Amazon off the Kindlespam hook for two reasons: (1) Compared with video, pre-scanning of text is perfectly feasible, and computationally not that difficult; Amazon could easily do it. (2) Detection of infringing content in Kindlespam by rights holders is very difficult for the reasons outlined earlier, so while a take-down-upon-complaint policy is perfectly feasible, complaints will be much less frequent than they are on YouTube.<br />
"So we’re left with a puzzle. Pre-scanning for crap, spam and infringing content in Kindlespam is perfectly feasible — and indeed only Amazon can do it effectively. Yet it does not do it. Why?"