Automatic spam tool can post 1100 posts to websites, forums, and blogs in under 15 minutes.
http://www.net-security.org/secworld.php?id=5370
[Editor's Note (Valle): The disturbing thing is that this tool can read even difficult to decipher CATCHA systems. As more 2.0 technologies and websites depend on user feedback and content creation, this sort of spam issue has the potential to seriously cripple their value proposition.]
A good article on attacks that are specific to Unified Communications. Includes descriptions of Toll fraud, Vishing, DDOS, and platform compromises.
http://searchsecurity.techtarget.com/tip/0,289483
,sid14_gci1260359,00.html?track=sy320
[Editors Note (Valle): Companies that are rolling out Unified communications need to have better (multi-layer) security than other non-UC companies because much more is depending on their network and more attack vectors exist]
Analysts at RSA security have discovered a phishing tool that can create a phishing site on a compromised server in about two minutes.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026709&source=rss_topic17[Editor's Note (Valle): The best way to not fall victim to a phishing attack is to never click on links within an email but rather to type the URL into a browser to make sure you are going to the right website. If you do end up at a compromised server and it tries to download malicious code, having CSA would stop it from executing.
Spammers have changed tactics and are starting to use the PDF format to send out their spam. An analysis shows that it was launched by a botnet that spanned 167 countries.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026840&pageNumber=1
[Editor's Note (Valle): Now that anti-spam companies that learned how to identify and stop image spam fairly well, the spammers have found a new technique to get their messages into people's email boxes. Yahoo is usually very good at blocking out spam but recently I have been getting 3-4 spam messages a day for the last few weeks and surprise, surprise- they all had PDF attachments.
I talked with the IronPort folks and they said they were all over this and their customers would not be affected by this PDF spam.
Many companies don’t realize it but they have compromised computers that are being used by spammers.
http://www.networkworld.com/news/2007/062007-companies-send-spam.html?fsrc=rss-spam
[Editor's Note (Valle): This is a huge liability issue for companies and they need to get their arms around it before some enterprising lawyers do. A good defense against this kind of threat is the IronPort S series that can scan outgoing emails for spam.]
An interesting blog post that speculates that the Hotmail and Yahoo CAPTCHA systems have been compromised by spammers.
http://tech.blorge.com/Structure:%20/2007/07/08/spammers-overcome-hotmail-and-yahoo-captcha-systems/
[Editor's Note (Valle): I'm sure the good guys are developing new CAPTCHA systems that can't be easily read by computers. In the meantime, we will all probably see a rise in spam. The IronPort S series appliance with its SenderBase technology would help mitigate this issue.
In this article Cisco talks about its plans to integrate the IronPort SenderBase technology into its products by 2008.
http://www.darkreading.com/document.asp?doc_id=127721
[Editor's Not (Valle): When Cisco pulls this off they will be raising the bar on what constitutes a robust firewall or secure router. This will also force the other large network/security companies to come up with (or buy) similar technology to make their security products comparable]
