U.S. and Romanian authorities have busted an international phishing scheme that is responsible for the theft of thousands of credit and debit card numbers. 40 people were indicted, 33 in California and 7 in Connecticut. Among the 65 charges the group is facing are aggravated identity theft, bank fraud, conspiracy to violate the RICO (Racketeer Influenced and Corrupt Organizations) Act, and unauthorized access to a protected computer. The RICO and bank fraud charges carry a combined 50 year prison sentence.

The group sent out phishing emails that looked like legit communication from a variety of banks, including Capital One, Citibank, and People's Bank in Connecticut. Paypal was also a target. Over a million phishing emails were sent out per attack. None of the banking companies used in the attacks have had any comment.

Yahoo has filed suit against a group of scammers. The spam mails claimed the recipent had won a lottery run by Yahoo. In reality there is no Yahoo sponsored lottery and anyone who tried to claim the bogus prize had their personal information stolen and was ripped off for hundreds of dollars in "processing fees".

"The unauthorized use of Yahoo's trademarks is misleading, fraudulent, and has actually confused, misled, and deceived the public," said Joe Siino, senior vice president of Yahoo global intellectual property and business strategy, in a statement on Tuesday.

The identities of the scammers are unknown, but Yahoo claims to have information that will help them track them down for prosecution. The company is seeking an unspecified amount in damages. It is very unlikely they will actually succeed in winning any money, however.

The FBI has issued a warning about a new spam attack. The spams, which are phishing attempts are designed to look like official correspondence from the IRS. Here is their official statement:

The FBI warns consumers of recently reported spam e-mail purportedly from the Internal Revenue Service (IRS) which is actually an attempt to steal consumer information. The e-mail advises the recipient that direct deposit is the fastest and easiest way to receive their economic stimulus tax rebate. The message contains a hyperlink to a fraudulent form which requests the recipient's personally identifiable information, including bank account information. To convince consumers to reply, the e-mail warns that a failure to complete the form in a timely manner will delay the issuance of the rebate check.

One example of this IRS spam e-mail message is as follows:

"Over 130 million Americans will receive refunds as part of President Bush's program to jumpstart the economy.

Our records indicate that you are qualified to receive the 2008 Economic Stimulus Refund.

The fastest and easiest way to receive your refund is by direct deposit to your checking/savings account.

Please follow the link and fill out the form and submit before May 10th, 2008 to ensure that your refund will be processed as soon as possible.

Submitting your form on May 10th, 2008 or later means that your refund will be delayed due to the volume of requests we anticipate for the Economic Stimulus Refund.

To access Economic Stimulus refund, please click here."

Consumers are advised that the IRS does not initiate taxpayer communications via e-mail. In addition, the IRS does not request detailed personal information via e-mail or ask taxpayers for the PIN numbers, passwords, or similar secret access information for their credit card, bank, or other financial accounts.

Please be cautious of unsolicited e-mails. It is recommended not to open e-mails from unknown senders because they often contain viruses or other malicious software. It is also recommended to avoid clicking links in e-mails received from unknown senders as this is a popular method of directing victims to phishing websites.

If you have received an e-mail similar to this, please notify the IC3 by filing a complaint at www.ic3.gov.

Blogger, Adsense, and Google's mail servers weren't enough. Now spammers have moved on and hit Google Docs as well. MessageLabs senior anti-spam technologist explains:

What's happening with Google Docs is that Google Docs is a way to publish your documents online. So, for example, word processing documents and spreadsheets and so on, and much like if you were using Microsoft Word you can embed links within those documents. What this does for the spammers is it allows them to effectively publish online a Web page on hosting sites such as Google that has all the bandwidth in the world for hosting it, and it's also a Web site that is never going to get blacklisted by anyone because nobody would be stupid enough to blacklist Google. So in effect, for the spammers this is a human shield effect. They can host their information and links online on a very stable source of bandwidth and links, and not worry ever about it being taken down or blacklisted.

There is a great podcast on CNET with more info. Check it out here!

Message Partners recently announced Anti Spam protection for Mac OS X email and collaboration servers. MPP provides services like spam filtering, anti virus protection, content filtering, and email archival, attachment filtering. MPP is designed to work with Postfix, the same technology built into Mac OS X server. MPP also support other email and collaboration technologies like Zimbra and Communigate Pro.

I'd like to interrupt our regular programming for just a minute to tell you about Creative Weblogging's new ad network called TierOne ads. This network allows bloggers to register for free and set their own CPM rates. Advertisers are then able to chose the ones that best fit both their target audience and their budget. It's fun, it's free and it is an exciting opportunity for both bloggers and advertisers. Check them out!

Yes, that's right, your faithful I Got Spam?! blogger got hit with a nasty virus. Ironic I know. It started when my main PC suffered a hard drive failure (yes it's been a lovely week). While I waited for my new one to arrive, I fired up my trusty Eee PC (great little device by the way) and got back online. However, since it is only a week old, I hadn't gotten around to installing the long list of Windows updates waiting. That was my downfall-well that and opening a downloaded .exe file without scanning it first. The site had been recommended by some trustworthy people so I let my guard down and got me a nice helping of one win32/Gaelicum.A. It's been spreading it's filth across the net since 2006. Microsoft patched the hole that let it do it's dirty work-but as I said before I hadn't gotten around to installing the updates yet. This bugger is really nasty. First it infects every .exe file on your computer, then it goes into your email and sends itself to every one of your contacts, and then downloads a trojan from a remote server that allows the Shining piece of humanity that wrote the thing to take over your computer-and that's not all. It is network aware so it will also search out any other computers sharing the network and infect them too.

I was lucky-my computer was not connected to my router so the infection was contained to the original system-and it was prevented from emailing itself to my contacts. I was also fortunate that AVG has a removal tool available. I got on my husband's PC and downloaded it to my usb stick, ran it on my infected system and it fixed everything. I also had to delete all my system restore points, but since the computer is so new that wasn't a big deal. Now, thankfully, I'm clean again. Embarrassed and paranoid, but clean. So you see guys, malware can even get those of us who are supposed to know better-and really I do. My brain obviously suffered a BSOD or something. Okay Linux folks, you can stop laughing now! :-)
I