Here's a quick roundup of some snippets of interest, including a nostalgic little 'where are they now' look at the new venture of the folks behind Blue Security, more on an interesting spammer tactic, and a glimpse of the tangled thoughts of a stock spammer.

First, you may remember Blue Security, the Israeli company whose DDoS war with a major spammer caused widespread collateral damage and ended in defeat for Blue. Where are they now? Not supporting the Okopipi project, as you might have thought. In fact, TechCrunch claims that they have all but joined the other side. Didn't see that one coming.

Second, my recent diary of a spamtrap mentioned a pharmacy spammer's tactic of using (presumably) legitimate electronic newsletter text as camouflage for their spam. They appear to be doing this systematically; more recent posts have included the entire text (with linked images) of promotional mails for kohls.com and bose.com.

The spammer is using the 'borrowed' text for more than just camouflage ('spamouflage'?), though. They've edited the HTML so that each link in the message will take you (through a web of redirectors) to a pharmacy site. The messages do actually contain one image of the usual pills, which should normally be displayed 'above the fold' at the start of the message. However, the spammer sites hosting this image tend to drop offline quickly, leaving the recipient looking at something that looks exactly like a newsletter from a reputable shopping site — but where all the links take you to MyCanadianPharmacy. That's going to breed a whole new level of distrust on the Internet.

Meanwhile, in another part of the cyber-forest, an anti-spam group has outed a stock spammer, quoting sections of his postings made on a spammer forum. The most interesting part comes at the start, where 'Nick Danger' sketches how stock spam works. Mr Danger may not be an entirely reliable narrator, but his description of the basic idea does fit well with our current ideas about stock spam. Given that Mr Danger doesn't exactly come across as a rocket scientist and little specialist knowledge is needed to put his ideas into practice, this also serves as a reminder of how depressingly easy it is for anyone to get involved in the spam game.

Oddly, there are some signs that the big stock spammers may be getting out, or at least regrouping and considering their next move. I haven't looked at the numbers in any rigorous way, but I've been seeing a lot less image-based stock spam over the past few days. The stock spammers seem to have mostly switched to plaintext spams and the filter rules that used to catch image-based stock spam now seem to be picking up pills and warez spams instead. It's too early to say that image-based stock spam has had its day, but it certainly looks as if the frenzy of a few months ago may have (temporarily?) died down.

Or maybe the spammers are too busy fighting each other and are using all their spare botnet capacity to run their own DDoS wars. 'Tis said they eat each other, as the old man put it. Even allowing for the inevitable collateral damage from a fullscale internecine spammer war (which will be fought primarily with other people's computers on other people's networks), that may not be entirely a bad thing.