Test Center ThreatWatch: Sept. 16

Spam Watch: Sept. 13-Sept. 15

The filters need updating as spammers managed to push their mail through using legitimate-looking URLs. Virus activity dropped back down after the highs from last week. No new virus threats were reported. Medium-level spam messages, generally messages that the filters quarantined, almost doubled.

As expected, majority of the messages in quarantine contained links that appeared safe, often using applications hosted by Google, such as on sites.google.com.

Total spam and virus activity returned to average volumes Monday, and more spam messages slipped through the filters and showed up in the Inbox. The mail breakdown showed a slight difference from the previous days, with blocked connections increasing to 86.8 percent and spam and viruses hovering at 12.5 percent.

Yesterday's mail-related threats seemed European. The most common virus relays were known servers from Italy and the United Kingdom, and the spam relays were in Poland and Hungary.

The greatest number of blocked connections came from three different relays in Spain yesterday, all known offenders. In the past few days, a relay generally made up only 2 percent to 3 percent of the total number of blocked connections. These Spanish relays accounted for 10 percent yesterday.

Since the filters blocked these messages outright, there's no way to determine the type of malware threat they contained.

In the past, natural and man-made disasters became spam headlines. Despite Fay, Gustav, Hanna, and Ike blowing through the Atlantic and the Gulf in the past month, the filters did not record storm-related spam.

There is nothing about Wall Street collapsing (although Rolexes apparently cost only $100 now). The most popular news-oriented headline yesterday continues to be related to the US Presidential elections, namely McCain and Palin. Still, as the cleanup from Hurricane Ike and the financial meltdown continues to dominate the news, it will be worth examining subject lines over the next several days.

Attack Watch: Sept. 16 For the past few days, the lab's trap network has attracted a number of different spam attacks via Microsoft Messenger -- many with some variation of this long-tried phishing attempt:

"Windows has found 73 critical system errors. Your PC may be suffering from serious file errors in your Windows reg

"To fix the errors, please do the following:" And the instructions lead the unsuspecting to a site, regfixit.com, with instructions to download and install a "registry update."

Regfixit.com traces back, via Network Solutions Whois service, to a post office box in Yarmouth, Nova Scotia. A number of complaints about the site have been posted on Internet forums since 2006; the uninvited appearance on our network also makes us want to reach for the URL blocking software.

The IP addresses associated with this low-level threat trace back to Beijing, China -- though it's unclear whether that's the site of origination or the site of a spam relay.