X

This week in security

Microsoft and AOL announce plans for money they've culled from spammers, even as phishers came up with a new e-mail-based scam.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
3 min read
Microsoft and America Online this week announced plans for money they've culled from spammers, even as phishers came up with a new e-mail-based scam.

In the new scheme, attackers are sending e-mail warnings that appear to come from PayPal. These e-mails say that someone tried to reset the recipient's password and asks him or her to participate in an investigation.

The e-mails direct people to a Microsoft Word document hosted on a Web site and urges them to download the form, fill it out, and fax it to a toll-free number.

The new tactic comes as people are becoming more suspicious of e-mails asking them to fill out sensitive information online, said Graham Cluley, a senior technology consultant for Sophos.

"We've seen a few attempts of this in the last few days, where phishers are trying out a new technique with people who have learned their lesson about filling out forms on a Web site," Cluley said. "They're hoping people will feel it's safer to fax back a form."

At the same time, Microsoft is planning to invest some of the $7 million it is expecting from a damages settlement with "spam king" Scott Richter into fighting Internet crimes. After covering its legal expenses, Microsoft will dedicate $5 million to helping law enforcement agencies address computer-related crimes. The company also said it will give $1 million to community centers in New York for programs that help expand computer-related skills. The software giant, which had sued Richter in conjunction with New York Attorney General Eliot Spitzer, says it wants to "reward" the state.

Describing Richter as one of the world's most "prolific" spammers, Microsoft called the settlement a milestone and expressed hope the decision will send a clear warning to those dabbling in spamming.

Meanwhile, AOL is on the brink of giving away a fully loaded Hummer H2 and nearly $100,000 worth of gold bars and cash, all of which once belonged to an e-mail marketer. Both AOL members and nonmembers--all of whom will have a chance to win the goods--can thank the Can-Spam Act.

AOL obtained the goods as part of a settlement earlier this year in the first lawsuit it filed under the Can-Spam Act, in a case involving a then-20-year-old New Hampshire resident. The law not only arms Internet service providers with legal weapons against those who fire off unsolicited e-mail, it also allows courts to seize any property that a convicted spammer has obtained using money made through the offense. Any equipment, software, or technology used for illicit purposes is also fair game.

In other security news this week, the federal government is financing the development of a prototype surveillance tool by George Mason University researchers who have discovered a novel way to trace Net phone conversations.

Their project is designed to let police identify whether suspects under surveillance have been communicating using VoIP, or voice over Internet Protocol--information that is unavailable today if people choose to communicate surreptitiously.

The National Science Foundation grant comes as federal officials are fretting about criminals using VoIP to mask their communications. The Federal Communications Commission has approved mandatory wiretapping requirements for some VoIP providers, and the FBI has been warning for more than two years that VoIP may become a "haven for criminals, terrorists and spies."