Scalix bought by Xandros

My spies tell me there's big changes afoot in San Mateo (and smaller changes in Reading).

Despite the strength of the underlying technology (HP OpenMail, yes I'm biased), Scalix didn't seem to be making its numbers. From the reports of "13 engineers and sales support staff" I imagine that a number of people got made redundant recently.

Xandros and Scalix have been working together for a while now, so I suppose this acquisition makes as much sense as any.

Presumably Scalix now can't get sued by Microsoft for violating Exchange patents? ;-)

Google Acquires Postini

Google announced that it has agreed to purchase Postini for $625 million in cash. Why?

Postini is best known for its managed ("hosted", "on-demand") spam filtering service, but that's not what attracted Google. Gmail and its Google Apps. cousin already have sound spam filtering technology -- they don't need help from Postini.

What Google needed was a way to round out its Google Apps. story with solutions for its customers' policy, compliance, and archiving/e-discovery needs. Google was already partnering with Postini to provide this for Google Apps. customers. Presumably the experience was a positive one and Google simply wanted to own the technology and people.

Google's statements hint that the lack of Google-owned technology in these areas has been a sales inhibitor:

Many businesses have been forced to choose between innovation on one hand, and these backoffice mandates on the other. In effect, many businesses use legacy systems not because they are the best for their users, but because they are able to support complex business rules. We agreed to acquire Postini in order to create a more complete Google Apps solution that addresses the information security and compliance issues facing businesses of all sizes.

Greetings Card Trojan Spam gets Timely Subject Morph

Looking at my spamtraps this evening, I see our "fake online greetings card" chums have switched from their previous boring subject lines to new ones, commemorating U.S. Independence Day.

The new subjects include:

4th Of July Celebration
America the Beautiful
America's 231st Birthday
Americas B-Day
Celebrate Your Independence
Dump tea in the harbor
Fourth of July Party
God Bless America
Happy 4th of July
Happy Birthday America
Happy Fourth of July
Independence Day At The Park
Independence Day Party
July 4th B-B-Q Party
July 4th Family Day
July 4th Fireworks Show
Your Nations Birthday [sic]

Update: my chums at Symantec calculate that they blocked 5.5 million of these during just five hours on July 3.

(In case you've been living under a rock, these messages include a link that tries to infect the victim with a Trojan.)

Srizbi Spam Bot is Nastier than we Thought

According to Symantec's Kaoru Hayashi, last month's Srizbi Trojan is nastier than it at first appeared. It could be a peek at things to come in the world of spam-sending bots.

Naturally, as a malware geek, Hayashi doesn't call it "nasty" -- he says "really interesting":

Trojan.Srizbi is really interesting for some unique features. Trojan.Srizbi driver (windbg48.sys) has two main functions: hides itself using a Rootkit and sends spam, but the thing that makes it really unique is the fact that its probably the first full-kernel malware spotted in the wild.

Once the Trojan is installed, it works without any user mode payload and does everything from kernel-mode, including sending spam ... The most interesting code is contained in the spam routine. We know that using network functionalities directly from kernel-mode is much more complicated and we have seen many rootkit threats in the past - for example, Haxdoor, Rustock, and Peacomm - always carrying over a user-mode payload that gets injected into some Windows processes. Trojan.Srizbi seems to move a step forward by working totally in kernel-mode without the need to inject anything into user-mode.
...
We think this sample is still in a “beta” stage and it’s not finished yet.

The implication being that, if a future version of Srizbi fixes the problems that currently make it visible, detection gets a lot harder. Needless to say, that may well cause more spam to get sent before an infection could be detected and remediated.

I especially liked this bit:

[It] seems to include a special routine to uninstall competitor rootkits, such as “wincom32.sys” and “ntio256.sys”.

Classy.

The DHS is a Wonderful Organization

So I hear the U.S. Department of Homeland security has been having one or two problems with its computer security:

A subcommittee of the Committee on Homeland Security ... expressed "shock and disappointment" that the DHS had reported as many as 844 security incidents in fiscal years 2005 and 2006. The incidents occurred on IT networks at DHS headquarters, and those belonging to Immigration and Customs Enforcement, Customs and Border Protection (CBP) and the Federal Emergency Management Agency.

The security issues ... included one in which a password dumping utility was found on two DHS servers. In addition, Trojans and other malicious programs were found on numerous agency servers, and classified mail was found to have been sent out over insecure networks.

Trojans? Unencrypted sensitive email? Oh, big fat hairy deal. C'mon, this is nothing that you couldn't find in most organizations of that size. It's hardly DHS's fault.

Give them a break. In fact, give them all a big pay rise -- especially those nice officers who work the immigration and customs desks at America's fine airports (and the ones who sit in Canada, too). I do like them a lot, and look forward to my time chatting with them every time I visit the U.S.

They are all, without exception, wonderful people, and anyone who says otherwise is probably some sort of terrorist.