Yesterday Microsoft announced a successful, collaborative effort to deactivate a major botnet, called win32/Waledac. 

Botnets are networks of compromised personal and business computers controlled remotely and secretly by one or more cybercriminals. Botnets send massive amounts of unsolicited e-mail messages and they are lucrative -- their controllers get rich by scamming people into sending money for fraudulent purposes. 

Since Microsoft and others joined forces to deactivate Waledac, up to 90 percent of previously controlled computers have been released from the botnet.

Prior to the botnets deactivation, Microsoft estimated that Waledac infected hundreds of thousands of computers around the world and had the capacity to send over 1.5 billion spam e-mail messages per day. Microsoft also found that between December 3 and December 21, 2009,Waledac was responsible for approximately 651 million spam e-mail messages directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks, and more.

For more information about the Microsoft effort to take down botnets and help reduce spam and fraud, see Deactivating botnets to create a safer, more trusted Internet.

Microsoft recently joined forces with the organization Enough is Enough to publicize a new safety education program, Internet Safety 101.

Internet Safety 101 is a DVD for parents, educators, and other caregivers to use to help protect kids online. For more information about the DVD, see About the 101 Program.

Enough is Enough is a non-partisan, non-profit organization whose mission is to help make the Internet safer for children and families. For more information, see Enough is Enough: Who We Are.

For more tips on keeping your family safe, see Protect your family.

A new decade is upon us, which means the presence of all kinds of “Best of the Decade” lists and a new United States Census. Much has changed in ten years, including the rise of identity theft, especially on the Internet.

The Better Business Bureau recommends that you “be cooperative, but cautious” when approached by Census workers, either online, by mail, or at your front door.  If someone comes to your door claiming to be a Census Bureau employee, ask for identification such as a Census Bureau badge, handheld device, Census Bureau canvas bag, and a confidentiality notice.

Official employees might ask for basic financial information, such as your salary range, but they will not ask for the following information:

·         Social Security numbers

·         Credit card information

·         Banking information

·         Donations

DO NOT provide this information if you are asked for it.

For more information, see BBB Alerts Consumers about U.S. Census Workers: Be Cooperative, But Cautious.

To read about how the United States Census Bureau helps protect your information, see the Census Bureau Data Protection and Privacy Policy.

For general privacy tips, see Reduce the risk of online fraud.

These days we store more and more information not on our computers but on the Internet, or in the cloud. Cloud computing can be used in all kinds of ways, such as for Web-based e-mail or large, corporate content management systems. Recently, Microsoft General Counsel Brad Smith travelled to Washington D.C. to urge Congress to enact legislation that would protect information that’s stored in the cloud. In his blog on the Huffington Post Web site, Smith says, “We need a safe and open cloud—a cloud that is protected from the efforts of thieves and hackers while also serving as an open source of information to all people around the world.”

Microsoft’s proposed legislation calls for:

To read a transcript or to watch a video clip of Smith’s speech, see Building Confidence in Cloud Computing.

For more information about Microsoft’s approach, see Privacy in the Cloud.

Valentine’s Day is right around the corner and these days it’s very common to send Valentine wishes electronically. Electronic greetings can save time, paper, and postage and can contain go beyond the standard heart-shaped doily with music and animation. However, some e-greetings can spread malicious software or be used for identity theft.

Here are a few tips on how to send and receive e-greetings more safely.

• Recognize the sender of the e-greeting. If you don't know the sender, do not trust the greeting. Legitimate companies have standard, obvious ways for you to recognize that an e-greeting is not a fraud.
  
  For example, with MSN Greetings, the "from" area in the message header always shows "Ecard from MSN Greetings" as the display name and "[email protected]" as the e-mail address.
  
  Make sure you check both the display name and e-mail address of the sender.
• When in doubt, use alternative viewing methods. Do not click any links when you are not sure of the sender or intent of an e-mail message. 
  
  For example, if you use MSN Greetings, you can view your greeting on the MSN Greetings Web site. Type "msn.americangreetings.com" into your Web browser and click the link in the upper right-hand corner that says “ecard pickup.”
• Never download or click anything from an unknown source.
• Use antivirus and antispyware software that updates automatically, like Microsoft Security Essentials.

For more information on how to send e-greetings more safely and how to avoid other e-mail scams, see Phishing scams that target interests, activities, and news events.

The Security Development Lifecycle (SDL) establishes security and privacy throughout the Microsoft development process. SDL has proven to be effective in making flagship Microsoft products more resilient to security and privacy threats and to better protect Microsoft customers from malicious and costly attacks.

For more information on SDL see: