Welcome to a new blog from Microsoft. The focus of this blog is likely to be a little different from most other blogs you'll see on blogs.msdn.com. Microsoft employs some of the best hackers in the world and actively recruits them and develops them. They work on all kinds of projects, whether it be in development, research, testing, management and of course security. Of course, there is controversy even in the word "hacker" but I don't think that should stop us from using it in the manner I think is the most appropriate. At his or her core, a true hacker is someone who is curious and wants to learn how systems work. This can and of course at Microsoft is done in an ethical, legal manner. We employ "white hat hackers" who spend their time pentesting and code reviewing applications and software looking for weaknesses and vulnerabilities so that others don't once we've released that code into the wild. We employ many many smart testers who know more about some of our software then perhaps the architects who designed it. We also employ some of the top researchers in their industry, dedicated people working on the bleeding edge of whats going to be common place in the next 5 or 10 years of computing. So yes, Microsoft does have hackers, and its time to introduce you to some of them and show you what it is, exactly that they do.

Security researcher Alex Eckelberry from Sunbelt Software first noticed the booby-trapped links turning up on Blogger on 27 August.

Now many hundreds of blogs on the site have been updated with a short entry containing the link.

Mr Eckelberry said it was not yet clear how the links were posted to blogs. The bogus entries could have exploited a Blogger feature that lets users e-mail entries to their journal.

The blogs themselves could also be fake and set up solely to act as hosts for spam.

1. Spam - If you think someone is spamming you, tag it out loud! Internally, we like to call a user who games the system a SchMOe (Social Media Optimizer). Tag anyone who spams you with the term schmoe. While they have the ability to delete the tag and never see it again, WE can see it internally. As their user account racks up the schmoe tag, we'll investigate their conversations and take appropriate action.

2. Hot Members - Let's allow the users of MyBlogLog to pick Hot Members! Every week I'll dig through the users who are frequently tagged a Hot Member and let you all know about one of them. User chosen Hot Members sounds so much cooler to me anyway.

Four in every five blogs on some of the most popular websites contain potentially offensive content, such as pornography or adult language, claims new research.

***

Some of the most popular are shamelessly devoted to sex, such as the award-winning 'Belle de Jour, diary of a London call girl' and 'Girl with a one-track mind, diary of a sex fiend'.

Popular teen sites MySpace and YouTube are battling to remove porn from their sites, a problem that is made difficult because all of the content of these sites is made up of files that users have uploaded.

Computer software firm ScanSafe, which commissioned the Global Threat Report, also found more than one in every 20 blogs (six per cent) contain potentially catastrophic computer viruses, spyware or other harmful programs that can steal private or confidential information.

The researchers said large advertisers were to blame for a significant share of the spam problem.

"Ultimately, it is advertisers' money that is funding the search-spam industry, which is increasingly cluttering the Web with low-quality content and reducing Web users' productivity," they write in the paper, which will be presented in May at the International World Wide Web Conference in Banff, Alberta.

Mr. Wang, group manager and senior researcher for cybersecurity and systems management at Microsoft, said, "The good guys are part of the problem."

The researchers' specific findings included evidence that some blog-hosting services have permitted an explosion of phony doorway pages. For example, the researchers noted that such pages were far more prevalent in Google’s blogspot.com service than in other hosting domains. The Microsoft Research team has worked extensively with the managers of Microsoft's Spaces blog-hosting service to detect and identify search-engine spam, Mr. Wang said. Google would not comment for the record on its own efforts to combat such practices.

NoFollow = NoWorky. Using NoFollow in blog comments, the original intent of the tag, does nothing to discourage comment spammers. Using other anti-spamming tools such as question, math and plugins such as Akismet and SpamKarma for Wordpress is much more effective.

Since the use of NoFollow in comments on Wordpress blogs is default, many bloggers do not even realize they are using NoFollow.

Each blog posts automatically redirects the searcher to one of a handful of different people search engines that I don't care to link to. People-Search.com is among the most popular. You can spot these and others in dozens of Google Blog Search results for my site and others.

All of these new spam blogs are powered by Google's Blogger platform. However, they are getting indexed by all of the relevant search engines, including as of this writing Technorati. Google needs to put a stop to these immediately. It seems easily remedied if they can mine the blogs for the redirecting code.

So who had done this? The junk filter had recorded their IP (internet) address. It resolved to somewhere in India. Which rang a bell: earlier this year, I spoke with someone who does blog spamming for a living - a very comfortable living, he claimed. But he said that the one thing that did give him pause was the possibility that rival blog spammers might start paying people in developing countries to fill in captchas: they could always use a bit of western cash, would have the spare time and, increasingly, cheap internet connections to be able to do such tedious (but paid) work.

A few days later I read a stunning report by George Packer in the New Yorker magazine - regrettably, it's not online - about the sprawling mega- city of Lagos in Nigeria. It's the world's sixth largest city, and growing fast; the concept of urban planning has collapsed and life is eked out from the margins of existence. Corruption isn't an occasional hazard; it underpins a near-feudal society. While there, Packer was approached by one of his guides, who offered him the promise of riches looted from a despot; the classic Nigerian scam.

Packer declined politely, attaching no blame to his would-be scammer: "He would have been regarded locally as a fool if he hadn't tried to exploit [me]," he noted without rancour. Elsewhere this week, deliveries began of the hand-powered laptop, Nicholas Negroponte's computing gift to the developing world.

I've no doubt it will radically alter the life of many in the developing world for the better. I also expect that once a few have got into the hands of people aching to make a dollar, with time on their hands and an internet connection provided one way or another, we'll see a significant rise in captcha-solved spam. But, as my spammer contact pointed out, it's nothing personal. You have to understand: it's just business.

I've managed to save up roughly $16804 in my bank account, but I'm not sure if I should buy a house or not. Do you think the market is stable or do you think that home prices will decrease by a lot?

Note that there's no URL, so how can this be profitable for the spammer? Is it part of a larger scheme? The number (in this case, $16804) is different each time. Is it a code number used by spies?

I googled "Do you think the market is stable or do you think that home prices will decrease by a lot?" and it returned 13,300 results. Most of them were from sites that allowed these weird comments to go through (example). I also found that Peter Kaminski has been getting the same type of comments and is just as mystified as I am. What's going on?

"It is like pollution," said Mark Frauenfelder, the founder and co-editor of Boing Boing, who also writes a personal blog at MadProfessor.net. "It reminds me of visible smog, because it obscures what you want to be looking at. You have to waste brain cycles to filter it out, or, if you own a blog, you have to go through extraordinary measures to keep it out."

But Robert Scoble, whose "Scobleizer--Microsoft Geek Blogger" is hosted on the WordPress.com service, said he is happy with the filtering there.

The Scobleizer blog gets around 10,000 visits a day, and about 400 comments are left on the blog daily. Of those, 100 are spam, Scoble said. Most of these are flagged correctly. However, there are also false positives, valid reader comments identified as unwanted postings, he said.

"We've built technology to solve the problem, we invest in updating it, and our 160-plus bloggers manage the few spams that get through," Weblogs CEO Jason Calacanis said. "The only spam that can really get through our defenses are the ones that are hand-rolled by a person, and we catch most of those."

You're making it into this major problem. If you have the right software and you put in simple rules it's not a major issue. The problem is the software makers, combined with blog owners, have not done a horrible good with their software. If you put in simple controls the problem goes away. Folks just don't install the tools to block comment spam.

Curious to learn more about the process, I bid on some writing jobs on the Web sites where these transactions occur. (I described myself quite honestly: as a Journal reporter interested in freelance work who might also write a Journal story about writing for Web sites.)

I managed to get underbid on numerous jobs before snaring one from a Web entrepreneur I would come to know as "Whirlywinds." I would have to write 50 articles, each 500 words long. Topics to be assigned. Pay: $100. For everything.

My first assignment came a few days later. "The topic would be 'colloidal silver,' " Whirlywinds informed me. But then he added a caveat: "Please EXCLUDE any negative comments, as I sell this product online."

Colloidal silver is one of those bits of medical quackery that thrive on the unregulated Web. I told Whirlywinds I'd rather pass.

It's no joke. Last Thursday, President Bush signed into law a prohibition on posting annoying Web messages or sending annoying e-mail messages without disclosing your true identity.

In other words, it's OK to flame someone on a mailing list or in a blog as long as you do it under your real name. Thank Congress for small favors, I guess.

This ridiculous prohibition, which would likely imperil much of Usenet, is buried in the so-called Violence Against Women and Department of Justice Reauthorization Act. Criminal penalties include stiff fines and two years in prison.

"The use of the word 'annoy' is particularly problematic," says Marv Johnson, legislative counsel for the American Civil Liberties Union. "What's annoying to one person may not be annoying to someone else."

"Whoever...utilizes any device or software that can be used to originate telecommunications or other types of communications that are transmitted, in whole or in part, by the Internet... without disclosing his identity and with intent to annoy, abuse, threaten, or harass any person...who receives the communications...shall be fined under title 18 or imprisoned not more than two years, or both."

What does "VooDoo Blogger" do? I'll only mention one or two. First - "This software will allow you to easily create 1000/s of blogs fast and easy" and second - "Create custom blog clusters for any niche."

Might you be getting the idea that this is somehow related to the Blogspot Splogs you mentioned?

Go back and look at that "Stealth Advertiser" and you'll see a couple of interesting comments about the "advantages" in the FAQ's.

Clearly this issue is bigger than everyone probably is imagining, despite what David Sifry says. This must be solved now. Who besides Mark Cuban is taking the lead on this? The future of the blogosphere is at stake here. This has to be addressed at the publisher level. Does anyone care about this or is everyone busy building new features?

According to the FTC complaint, the spyware ring used the iWebTunes Web site to promise free background music on the BlogSpot-hosted sites.

The JavaScript code that was put in the BlogSpot templates also triggered pop-up advertising that flashed warnings to consumers who visited the Weblog sites about the security of their computer systems.

The pop-up warning promised browser upgrades and other PC maintenance software. Instead of getting security software, computer users who clicked on the pop-ups were tricked into downloading spyware programs that only served more pop-up ads, the FTC complaint alleged.

The search giant's Blogger blog-creation tool and BlogSpot hosting service, together the most popular free blogging service on the Web, fell victim this past weekend to the biggest splog attack yet -- an assault that led to clogged RSS readers and overflowing in-boxes, and that may have manipulated search engine rankings.

"Uh, ladies and gentlemen of the blogosphere, I think we have an emergency on our hands," Tim Bray, Web technologies director at Sun Microsystems, wrote in his blog in response to what he called the "splogsplosion."

Just how bad is the problem? According to Glance and Kadayam (who count blogs for a living) nearly 30 percent of blog posts today are spam. That's a conservative estimate, they say, and doesn't factor in the net total of spam comments, which could be upwards of 50 percent.

Spam blogs are such a big deal, there's now a word for it: splog. According to Wikipedia, splog content "is often nonsense or text stolen from other websites with an unusually high number of links to sites associated with the splog creator which are often disreputable or otherwise useless Web sites." Wikipedia further notes, "splogs have become a major problem on free blog hosts such as Google's Blogger service."

Spammers have created millions of Web logs to promote everything from gambling Web sites to pornography. The spam blogs -- known as "splogs" -- often contain gibberish, and are full of links to other Web sites spammers are trying to promote. Because search engines like those of Google Inc., Microsoft Corp. and Yahoo Inc. base their rankings of Web sites, in part, on how many other Web sites link to them, the splogs can help artificially inflate a site's popularity. Some of the phony blogs also carry advertisements, which generate a few cents for the splog's owner each time they are clicked on.

The phony blogs are a particular problem for Google, Microsoft and Yahoo because each offers not only a Web search engine focused on providing the most relevant results for users but also a service to let bloggers create blogs.

According to Heunemann, Yahoo!'s web hosting service Geocities has been targeted by spammers for some time but MSN's validation system is making the service very popular. SurfControl claims that 10 per cent of all spam on the internet is now linked to Microsoft's blog network.

"About three weeks ago 30 percent of the spam on the internet was directing victims to Geocities sites advertising pharmaceuticals. Spammers have moved their content to [MSN Spaces] and from what we gather, the volume of spam attacking MSN sites is about 10 per cent - but we think it will grow," said Heunemann.

When a person visiting a blog clicks the "Flag?" button in the Blogger Navbar, it means they believe the content of the blog may be potentially offensive or illegal. We track the number of times a blog has been flagged as objectionable and use this information to determine what action is needed. This feature allows the blogging community as a whole to identify content they deem objectionable. Have you read The Wisdom of Crowds? It's sort of like that.

BlogSpot's new Flag button seems to be getting a lukewarm reception: the Blog Herald is sniffy about it ("a half-arsed effort") but also appears to misunderstand the Blogger Buzz announcement, misinterpreting "a blog has to be republished for this new button to show up" as "it only applies to new blogs". Sorry, but no, that’s not what "republished" means: Blogger republishes a blog when new content is added or when the blogger makes changes. My blogs predate the Flag button but, since I posted new content, carry it.

Weblogs, Inc.'s Unofficial Google Weblog picks up the Blog Herald report and runs with it, perpetuating the "only new blogs" misconception. A familiar pattern of repackaged, and underresearched, reporting.

I recently launched beta for a simple website called SplogReporter.com where "good willed" bloggers can report sploggers. Verification will then be made on which submitted items are truly splogs. So please bookmark the Splog Reporter site and report any splogs you come across. The goal is to create a master directory of splog URLs to have removed from the search engines. So "good willed" bloggers of the blogosphere, this is your call to arms to rid the blogosphere of splogs.

Whats a splog? A splog is any blog whose creator doesnt add any written value. Im sure some might argue that packaging data, such as news feeds or the blog posts of others is added value. I dont think it is. After all, thats why there are topics and indexes. If I want information about the Dallas Mavericks, I can search for it, optimize it, and save it. Because indexes are based on freshness, my searches are automatically updated, freshest data first, as new posts are introduced.

How many splogs are there and how many posts do they carry? Its difficult to quantify, but I wouldnt be shocked if we have excluded more than 1mm of them at IceRocket.

If you are an individual blogger whose blog is hosted on blogspot.com, every day the chances of you being excluded from icerocket.com's, and other search engines' indexes increases. Its not just blogspot.com, pretty much 90plus percent of blogs hosted on .info sites are splogs as well.

The people who build spam and fake blogs think that they can get some kind of advantage - usually by getting additional search engine rankings or affiliate income by building these systems. In essence, they believe that there is an economics that spurs them on - and at Technorati, we've been working together with leading players to eliminate that economic incentive. We're working with the folks who run web advertising systems and at major affiliate programs to alert them of spammers as quickly as possible. We've been building real-time systems to identify spammers and fake blogs and sharing that information with other web search engines so that link farms and keyword stuffers see no increases in search rankings

So, we have been working really hard on performance and scalability improvements for the service. Just as the size of the blogosphere has been growing by leaps and bounds, and our traffic growth has been growing even faster. We just had another 40%+ growth in traffic this month - which makes this month the fourth month in a row of these kinds of traffic jumps. Basically, that means that we are now serving more traffic in a week than we did in a month just 4 months ago. So, we've been racking and stacking servers - over 200 now in our data center, and more coming each week, and we've been fixing bugs and making performance enhancements on the web site as well. Our median time from post to index is now under 5 minutes. That means that on average, we index your blog posts in under 5 minutes from when you post them to the web. All you have to do is make sure that your blog software sends us a ping.

In the first two weeks of July 2005 alone, Websense Security Labs has discovered more than 500 incidents of free web hosting sites that were created to spread keyloggers, Trojan horse downloaders, Trojan horse droppers, and other harmful spyware and malware. Earlier this year, Websense reported that free blogging accounts were being used to harbor malcode-this trend is now expanding to any form of free web hosting site. The recently uncovered sites include those available for hosting online journals, photo albums, greeting cards, music, sports 'fan' pages and online scrapbooks, among many other popular purposes.

"The growth of this trend is alarming. July has seen a major boom—in the first two weeks alone we found more instances than in May and June combined," said Dan Hubbard, senior director of security and technology research for Websense. "Some of the sites may be created with automated shared hacking software and free online tools, while others are built to appear more legitimate. For example, one of the sites found by the Labs included music that accompanied a greeting-card message which runs while your computer is being infected with spyware."

The sun is shining, birds are singing, and I'm sitting on the couch deleting the 62 trackback spams that have arrived since yesterday. For now, these spams are easy to spot. They're mostly about online poker and miracle drugs, and they make no attempt to look authentic. From our experience with email spammers, you can bet that two things will happen. They'll continue to rachet up the volume, and they'll fine tune their pitches to blend in with authentic trackbacks.

Don't worry, it's only temporary. It's just that we've all gotten a little tired of spending so much time deleting comment spam and dealing with trolls and all that "first post!" crap, so we're switching off comments on new posts for the next day or two while we think about what we're going to do to try and make the comment boards not completely sucky. This was the first morning in months where I didn't have to spend the first 45 minutes of my day deleting spam and banning trolls, and I can't say that I hated it.

In Stiennon's opinion, his most distressing prediction is that spyware will latch onto RSS (Real Simple Syndication) as a way to distribute ad- and spy-style software.

"I'm extremely concerned about this," said Stiennon. "Already we're seeing marketers look to RSS. A recent list by marketing types on why RSS is better than e-mail, for example, had 'no more annoying complaints about spam' at number 8. Where marketers go, adware and spyware writers follow."

Another nasty possibility, said Stiennon, is that a vulnerability will be found in one of the big blogging services. "If a spyware writer finds a way to inject code into a blogging site -- which could take the form of a SOAP object -- most likely through a future vulnerability in Internet Explorer 7, then everyone who subscribes to that service's blog RSS feeds is gonna get infected." Such an attack could be massive, and because of the automated nature of RSS, extremely fast-acting.

Cyber-criminals are now taking advantage of blog sites that allow users to easily publish their own web pages at no cost. Blogs can be attractive vehicles for hackers for several reasons—blogs offer large amounts of free storage, they do not require any identity authentication to post information, and most blog hosting facilities do not provide antivirus protection for posted files.

Between 30,000 and 40,000 new blogs are created every day according to Technorati, and a large part of that growth is due to the creation of "spam blogs" -- blogs which have no legitimate content, but instead are simply random text that contain links to a real blog or page in an attempt to drive up the search ranking of the linked site.

We took comments off because it was getting to be ridiculous. I get great responses, but then you know it just takes one idiot, writing "you're fat, you're a dyke, you're a fat dyke, you're gay, and you're fat and you're gay, and you're also a dyke" and it gets out of control. There were no limits on how much they could post, so they could just post pages of that, or put links up to porno sites or whatever. Finally, we just decided to make it comment free.