May is getting closer. The CARO 2010 Technical Workshop is almost here.

It's going to be good. More than 130 people from all over the world have signed up already.

Registration for the workshop will close in two weeks time.

We have the final program online. You can see the full program with abstracts at http://caro2010.org, but here are the presentation titles:

Click fraud is a lot like shoplifting. It’s not the most shocking crime you know of, and it’s not really victimless. It is theft. But observing and identifying click fraud is more difficult than watching a kid slip an unpaid-for candy bar or magazine into their pocket. It’s also a cost of business that burdens all customers of a business. Ugly.

The U.S. Secretary of Homeland Security Janet Napolitano was this morning’s keynote speaker at RSA Conference 2010, speaking about succeeding in the cybersecurity battle. She joins the list of prominent speakers this week, along with Symantec’s Enrique Salem on “Defeating the Enemy: The Road to Confidence”.

Gerry Egan, Product Manager for Symantec, explains the new Reputation-based security technology in the upcoming Norton 2010 product release.

Spam continues to clog the internet with providers reporting spam stuffing 80% – 95% of all email content en route. It’s an ongoing problem into 2010, so last week we examined the active spambot Tedroo, some of its suspicious behaviors, one of its anti-debug/antiRE techniques, and its spam delivery.

In an early-2009 literary flourish we condemned spammers to hell, discussed the Tedroo spambot’s increased momentum due to the shutdown of other botnets, posted screenshots of the Tedroo spewed pharmaceutical spam and related scam sites, and noted its distribution via malicious pdf files. Tedroo’s increased presence and its distribution is continuing into 2010.

The Google compromise in China story builds interest as Microsoft released an advisory and blog post on the relevant Internet Explorer browser vulnerability, crediting “details” to G

Another cybercriminal group is abusing the face of Facebook in another malware spam blast. The emails maintain an attachment that may have various names. Here are a some of the attachment names that when unzipped and run, ThreatFire has protected its community against in the past day:

Facebook_Password_e9081.zip
FACEBOOK_PASSWORD_52132.ZIP
Facebook_Password_6dd19.zip
Facebook_Password_4cf91.zip
FACEBOOK_PASSWORD_50573-1.ZIP

Another cybercriminal group is abusing the face of Facebook in another malware spam blast, fooling users to install banking password stealing malware and adware on their systems.

The message of the email claims to arrive from “The Facebook Team”, but in fact, the spam is spoofed and not from the team at all:

Symantec Senior Development Manager Gavin Anderson explains Norton SafeWeb Technology: