Sure, that e-mail looks legit, but is it from a 'phisher'?

The e-mail in my in-box looked official. It had the familiar E-Trade Financial logo across the top. The return e-mail address was a legitimate financial document delivery website. The e-mail informed me that my statement was now available online and that I could click a link embedded in the e-mail and log on.

The problem was the e-mail was not sent by E-Trade. It was a scam.
LA Times

Microsoft takes on spam zombies

Hoping to turn the tide on spam zombies, Microsoft has filed suit against entities it said used compromised PCs to send millions of junk e-mail messages.

The company has identified 13 different spamming operations that use such "zombies," it said Thursday. A lawsuit was filed against unnamed defendants in August. Since then Microsoft has tracked down some of the people behind the operations, said Tim Cranton, director of Internet Safety Enforcement Programs at Microsoft in Redmond, Wash.
CNET

My adventures in anti-spam

For 24 hours I was in IT hell. A simple move to stop the onslaught of spam that was overwhelming my inbox turned into a nightmare. I was so gung-ho to increase my productivity by removing the spam that I overlooked some IT basics. Hopefully, you’ll learn from my mistakes.

A few weeks back, fed up with the amount of “enlargement” messages I was receiving, I purchased Norton Anti-Spam software. I installed it on the computer without reading any of the accompanying literature or studying the support site to see what snafus I might encounter.
Network World

FAQ: Identity fraud uncovered

How could identity fraudsters get my personal information in the first place?
It depends. Fraud artists can bribe employees of banks or credit card companies who have access to confidential records, or they can pose as an employer or landlord to get a copy of your credit report, or simply steal a wallet, purse or your mail. One of the most common ways that information is snatched is through lost credit cards. All of those techniques are more frequent than any methods using the Internet.
CNET

Hackers, Scammers Hide Malicious JavaScript On Web Sites

Hackers and scammers have suddenly turned to a new technique to hide malicious JavaScript on compromised or criminal sites, a security researcher said Thursday.

According to Dan Hubbard, the senior director of security and research at Websense, a family of obfuscation routines with the umbrella name of "JS/Wonka" has spread wildly in the last few weeks.
CRN

Marketing Group Requires Members To Adopt E-Mail Authentication Systems

The idea is to protect both consumers--who will know the e-mail offer comes from a 'trusted source'--and the vendors' brands from illegal use.

The Direct Marketing Association (DMA) today said it will begin requiring its member companies-who represent some of the nation's largest and best-known consumer brands-to adopt e-mail authentication systems that help verify the authenticity of legitimate commercial e-mail messages.
InformationWeek

E-mail claiming to contain Version 1.4 of Skype's VoIP software contains variant of IRCbot Trojan horse

After making a big splash in the news through its $2.6 billion deal with eBay, Skype Technologies (Profile, Products, Articles) can't be happy about a malicious Trojan horse that is circulating as an e-mail attachment and purports to be the newest release of the company's Internet telephone software.

The e-mail, claiming to contain version 1.4 of Skype's VoIP (voice over Internet Protocol) software client, contains a variant of the IRCbot Trojan horse, according to MessageLabs (Profile, Products, Articles) Ltd., which issued a warning earlier this week after detecting and blocking hundreds of copies of the new variant.
InfoWorld

Calif. gov. signs law to punish 'phishing' scams

California Gov. Arnold Schwarzenegger signed a bill on Friday making Internet "phishing" identity theft scams punishable by law.

The bill, advanced by state Sen. Kevin Murray, is the first of its kind in the United States and makes "phishing"--getting people to divulge personal information via e-mail by representing oneself as a business without the approval or authority of the business -- a civil violation. Victims may seek to recover actual damages or $500,000 for each violation, depending upon which is greater.
News.com