A man in the U.S. who have made themselves known as the Spam King was sentenced yesterday to nearly four years in prison. The court hopes that the judgement sends a strong signal to other criminals on the Internet.

Robert Soloway in the United States has made itself known as the Spam King because of the massive volume of spam he sent out. He was yesterday sentenced to 47 months in prison for fraud, spamming and tax fraud. Soloway acknowledged guilty on all points.

The case has been watched intensively by the media when very few cases of similar nature reaches the courts in the United States. Earlier this year, however, was sentenced Jeremy James in the United States to nine years in prison for spamming.

However, it is not the first time Soloway asks as an excuse. 1999, he was under investigation for spamming. He then moved to another state and continued with his activities.

Popularity: 7% [?]

According to Trend Micro you should stay away from files called start.html, begin.html, r.html, main.html, news.html, and about.html since all these files will try to install a dangerious file called WATCH.EXE. This .EXE file contains a malware called TROJ_AGENT.AYZO.

Since all these .html and .exe files are hosted on legitimate sites that has been hacked or compromised it’s important to have a look at your address bar every now and then. It’s of course also important to not to download files you don’t know are safe!

If you own a web site on your own you have to upgrade all your blogging, forum and other software you may use on your site as soon as a new security update is released. You should also look for files you know you haven’t uploaded (espesially files called start.html, begin.html, r.html, main.html, news.html, and about.html).

If you host your web site on a unix or linux based server then it’s really easy to search for the *.html files. Just logon to your server via SSH and type find . -name “r.html” -print. This will search for all files called r.html in the current directory and in all subdirectories. If you got a large web site it may take some time

Popularity: 7% [?]

Trend Micro has created the new word (or at least it’s the first time I’ve seen it) YAMSIA in one of their latest blog posts. The reason for YAMSIA is Yet Another Massive SQL Injection Attack which is causing problems for certain .ASP pages.

The botnet behind this attack is the Asprox botnet and it has been around for quite some time . The botnet is searching the web for certain .ASP pages and then launching an SQL injection attack against these pages when vulnerabilities are found.

The botnet adds a special .js file on attacked sites which is pointing to yet another .js file on another domain. Depending on your country of origin you may be redirected to www.msn.com without any danger at all, but if you’re lucky enough to be let in your computer will be filled with several vulnerabilities - all with intentions of hocking your computer up to the botnet.

Trend Micro says:

Unfortunately, security is still a major issue with the majority of Web sites, and until it becomes one of the core design goals from the start of a Web site project, expect to see more YAMSIA (Can you tell I’m trying to get this mnemonic to stick?) blogs in the future.

Read the full story here, or start working on your insecure SQL code immediately.

Popularity: 10% [?]

A little “bug” in Google Calendar allow you to find out the name of any person behind any gmail.com email account (if the person registered with his own real name that is).

How to do it:

• Get a Google Calendar account at http://www.google.com/
• Select “Share this calendar”
• Fill in the email address of the person to look up (works only with @gmail.com addresses and companies using gmail with their own domain name)
• Click on “Add person” and hit save
• Next time you check you will see the name of the person behind the account

Google are aware of this since if you fill in the admin email for gmail you get the name “smart ass“:

Popularity: 7% [?]

The latest version of Wordpress has been released so hurry up and download the new version as soon as possible before you get hacked. When new versions of the softwares you use are released you should upgrade as soon as possible even if there are no immediate threats.

Popularity: 5% [?]