Spam filters, junk mail folders and honeypots across the globe got a much-needed respite this week after a Northern California-based web hosting firm - McColo - was taken offline by a pair of its upstream internet service providers.

Few people have ever heard of McColo, but apparently this small Silcon Valley tech company was providing connectivity to countless groups of shady cybercrooks. It’s doubtful McColo was in on the scam, but when it was shut down, security pros saw an estimated two-thirds to 75 percent drop in the amount of spam circulating around the world.

Practically every major security company noticed the stunning decline and made mention of it in research posts and blogs. But practically everyone also agreed that this likely was only a flash-in-the-pan-type victory against the spread of unwanted (and often malicious) messages.

Some experts have predicted the amount of spam would soon begin creeping back upward, with numbers returning to normal levels by the holidays, just in time for the traditional influx of fake e-greeting cards and the like.

While bonet herders will quickly find a new host to which they can connect their command-and-control centers, this news shows that companies who provide access to these crooks, especially if they are based in America, won’t be tolerated.

Many companies such as McColo and Atrivo/Intercage - which was rendered a similar fate earlier this year - will play dumb as to the types of operations they are supporting.

But the fact is, going after these enablers who are turning a blind eye to to the motives of their customers seems to be the most effective solution anyone has come up with yet to stop the spread of junk mail.

There is plenty of reason for cautious optimism, though. As long as there is money to be made, criminals will find a way. So maybe Bill Gates’ prognostication will never come true.

A new spam campaign is emerging that exploits the seedier side of computer users. In a new wave of social engineering, in language that might have been written by Borat, the spam promises videos of presidential candidate Barack Obama having “sex action with many ukrainian girls.”

If a moron clicks on the moronic message, a sex video begins playing. But at the same time, in the background, information-stealing code is downloaded to the victim’s machine, according to a release from Websense, which claims it discovered the email campaign.

This email campaign loads a trojan dropper, which then installs a file in the computer user’s Temporary Internet Files folder, according to the Websense report. A browser helper object (BHO) is also registered, an information-stealing app that siphons off data from the end-user to a site registered in Finland.

We’ve been seeing various methods of phishing scams being perpetrated that exploit the topicality of the presidential campaign, but this one is particularly outrageous for the blatancy of its lies. It almost obliterates ethics in its stupidity. The message is so obviously untrue, yet it attempts to gain a measure of credibility by associating itself with a real person/event. It almost doesn’t matter that it is discrediting Obama. It could just as well be promising free jewels.

We’ve seen it before. Any item in the headlines – a natural disaster or celebrity disaster, say — draws out the malicious exploiters intent on capitalizing on people’s natural proclivity to be empathetic, or their being susceptible to voyeuristic opportunities.

While the Red Cross solicits funds for victims of hurricanes, ruthless parasites get in on the action to redirect the well-intentioned, or the bored.

The Russian Business Network, the shadowy St. Petersburg, Russia-based ISP, is getting a very bad rap lately in the media.

And rightfully so. Experts believe the RBN is largely behind the Adobe rootkit attacks, which take advantage of a recently patched vulnerability, among other active exploits.

But Matt Richard, the newly appointed director of the Rapid Response Team at VeriSign iDefense, told me in an email that other hosting providers are also to blame.

“In fact, the heart of this attack centers around a U.S. corporation known to provide hosting support for adult sites and other shady organizations,” Richard wrote. “In addition, they accept a number of interesting payment options, including wire transfer and WebMoney. They have ICQ (instant messaging computing) contacts for support and are advertised on a number of forums frequented by cybercriminals. They offer support in English and Russian.”

If we should take anything away from Richard, it’s that the cybercriminal underground has become very organized. While the RBN may be the one group receiving the most attention these days, there’s likely scores of others doing performing similar unscrupulous acts.

Patch, patch, patch.

A few days ago, the presidential candidates announced how much they raised in third-quarter donations.

The numbers, as expected, were pretty spectacular. Democratic Sen. Hillary Clinton raised some $27 million, while GOP front-runner Rudy Giuliani banked nearly $10 million.

So how does this all relate to information security? Well, it’s pretty simple really. Thieves follow the money - and there obviously is quite the cash cow to exploit in the political fund-raising world, especially considering the internet is the primary outlet for small donators wanting to contribute.

Indiana University Professor Markus Jakobsson and his talented grad student Christopher Soghoian lay out the risk in a new white paper “The Threat of Political Phishing.”

The pair argue in the 13-page report that this security threat should only grow as fraudsters (easily) create phishing websites that appear like the real thing. Also, detecting if you’ve been scammed is more difficult when giving to a candidate than, say, buying merchandise from an online retailer because you are not expecting to receive anything with a political donataion.

But what’s most interesting, according to the white paper, is that perhaps the candidates themselves are the source of the problem.

“Politicians have exempted their own campaign donation solicitation emails from federal anti-spam legislation, and their campaigns encourage risky behavior by teaching users that it is OK to click the ‘donate’ button on an unsolicited email that arrives from a candidate,” the white paper says.

Soghoian and Jakobsson have a lot of interesting thoughts in the white paper. It’s a good read, if for no other reason than to hear again how our public leaders largely are out of touch with IT security best practices.

Kelly Conley of Symantec Security Response blogged on Friday that her company has seen the percentage of PDF-attachment spam jump from zero percent at the beginning of October to two percent in the past week.

The small spike might be the result of one PDF pump-and-dump stock scam that sent out over 20,000 messages.

Here’s a breakdown of what Symantec has seen in relation to this trend, according to Conley:

“PDF spam was widely observed in June, reached a peak in early August and then began a decline through September where by the end it was barely a blip on the radar. Now in the earlier days of October, we are closely monitoring this small revival of PDF spam that is currently being observed.”

I want you all to think hypothetically for a moment. No - I mean really, really hypothetically.

Shane Coursen, Kaspersky Lab’s senior anti-virus researcher brought up an interesting “imagine-if” on Wednesday at the InfoSecurity show in New York when he conceptualized the potential benefits of the Storm Worm botnet.

By expert estimates, the nasty virus, which began spreading in January, controls hundreds of thousands of PCs worldwide. That kind of super computing power is a spammers’ dream come true. But imagine if such a grid was used for something positive, such as the Human Genome Project?

“If it was used for [such] purposes, it could do a lot of good,” Coursen told the audience of about 50 people.

Not likely to happen, of course. And I’m guessing there might be some legal hurdles to overcome - to say the least - if millions of compromised PCs were being used in a regulated endeavor.

But it’s fun to think about. At least in theory.

OK, I’m done thinking hypothetically. I just got an e-greeting phish in my inbox.

Another holiday, another run of the Storm Worm.

McAfee has a good write-up on the incident.

Researchers from the security company said that over the weekend, new versions of the notorious trojan began spreading in the form of a Labor Day-themed greeting card email. Unsuspecting laborers who clicked on the link - and whose systems were not patched - were greeted not with well wishes but a slew of exploits.

The attack hoped to take advantage of a previously patched Microsoft vulnerability. But that’s not the bad news because, if you’re even somewhat of a security savvy end-user, chances are your PC is up to date with the latest Redmond patches.

The problem is that the storm worm also tries to exploit third-party vulnerabilities, like WinZip and QuickTime buffer overflows.

I don’t know about you, but I don’t think I’m fully upgraded to the latest applications on my machine.

The main takeaway? The storm worm is not going anywhere. And with the holiday season coming up, attackers are on course to only continue to power their botnets with more compromised computers.

One can bet that the attackers’ tactics to infect users are only going to grow more sophisticated. But, for the immediate future at least, users control their own destiny.

No click, no infection.

I like bacn better than spam, both in terms of the real-world foods and the types of email.

By now we’re all familiar with the emails that comprise spam, such as the pump-and-dump emails, the unwanted – and hopefully unneeded – medical procedures and the malicious stuff that contains attachments that you just don’t want to open.

So what is bacn? It is, aside from one of the top search terms on Technocrati recently, emails that the user wants to open, just not immediately – things like invitations from social networking sites or Google news alerts.

Here’s my personal experience The New York Mets have many promotional nights at the stadium, and I feel like I get an email telling me about every one. I signed up for the notifications, I deserve them, but I rarely open them. That doesn’t stop bacn for clogging up my inbox.

The term has received some mainstream coverage lately, here’s a story from the website of National Public Radio.

So is bacn the email security flavor of the week, or will we still be talking about it a year from now? Time will tell. At least it has a tastier name than spam.

Surely long before Hurricane Dean made landfall early this morning as the first Category 5 hurricane to affect the Atlantic Basin since Andrew in 1992, web domain hunters had already picked up a number of storm-related URLs.

The SANS Internet Storm Center, as their handlers always do, were keeping a close eye on the new web addresses.

Why?

Because as we’ve learned with previous natural disasters, namely Katrina and the Asian tsunami, many of the purchasers are not just looking to turn a quick buck by selling the names to the highest bidder. Many, in fact, may be using the sites to host some sort of phishing scheme.

Of course, with Dean’s strongest fury ravaging an under-populated section of Mexico, the window of opportunity for such a scam with this storm may be closing fast. In fact, many of these domains likely will stay parked and inactive.

But, as always, be on the lookout. If there’s money to make, the scammers will be there.

Also - what better event than a huge hurricane to bring more of the “storm worm” trojan to inboxes worldwide? So expect to see botnets continue to grow as users fall for some storm-related gimmick, like a news story.

And let this latest hurricane also be a reminder to check those business continuity/disaster recovery policies. Should a Cat 5 hit the U.S. and your company is unprepared - forget about it. You could be finished.

We’ve been telling you a lot about spam recently, whether it’s image spam or PDF spam or Excel spam. It’s important to note that these tactics have only a few end-goals – usually downloading harmful software to a PC or sending pump-and-dump stock tips.

The researchers at Sophos filled us in on a spam outbreak they saw earlier this week that increased the amount of spam in its global traps by 30 percent in 24 hours.

The spam attack included an attached PDF file that urged recipients to buy penny shares in a company called Prime Time Group Inc. Of course, the spammers have already bought loads of the stock and are trying to inflate the price.

Here is a quote from Sophos’ Ron O’Brien, a senior security analyst, on the spike:

“While the prevalence of PDF spam campaigns has been slowing increasing, the volume of spam distributed with this particular attack is unusual. Typically the trend has been for smaller campaigns that continually evolve and modify themselves so that once one form has been detected others can still bypass spam filters - the recent e-card attack is a great example of this. As long as even a small percentage of people continue responding to pump-and-dump scams like this, the problem will continue to exist.”