A system processing a million a day in child support payments was infected with a trojan horse, and now the Nebraska Treasurer’s Office is scratching its head. Actually, the head scratching part is just a theory of mine - usually a bureaucrat’s first notion is to downplay the problem.

“A preliminary investigation of the incident suggests that the hacker did not download the information…But the possibility does exist,” noted State Treasurer Ron Ross.

The really sad part of this is a state with a population of a little more than 1.7 million people has 300,000 people and 9,000 employers in a child support database. If it is running on a Windows desktop, as the ZDNet post suggested, then it is just simple lunacy.

Blackspider reports that a slew of password stealing trojans have been emailed out over the last few weeks, targeting Paypal account holders. The subject line contains a spelling error, which should clue users in.

Someone should tell that trojan writer they are behind the times.

It was only a matter of time, and I suspect there are going to be a whole lotta “I told you so’s” floating around. Someone seems to have finally found a trojan that infects Macs.

In scanning my Norton Anti-Virus definitions, I did notice a few Mac viruses on the list, but they seem to be for the old Mac 9. I am excited as hell for the next Norton update! I can scroll through the list, and finally see “Macintosh” and an “X” on the same line, go flashing by. I hope the fact that it is going to be such a lone soldier doesn’t lead to disappointment - I may miss it in the crowd of “PC.”

Sunbelt Software found a website that teaches people how to create trojans that steal bank account information. You have to know that by the time someone has the balls to post such information on a public website, the malcreants with the skills to follow directions are already hard at work.

A web programmer is claiming he found a trojan that reformats Google referral buttons into text ads, the purpose of getting someone to click through to an alternative site.

Manipulating JavaScript at the browser isn’t too difficult, which is why most browsers give you the option of turning JavaScript off altogether. A pre-infected machine, like one running some adware laden browser toolbar, would make the process even easier. But I have to wonder about the example.

Shown is a rectangular text ad, but Google doesn’t offer such sizes for its referral buttons. The biggest Google referral block offered is 468 X 60, for a banner, and 120 X 60 for a block. The glaring example shown is a 336 X 280 text ad. So either the web page developer left a lot of whitespace (or in this case, bluespace), or we are not getting the full story here.

I call this wishful thinking, because there is great software out there (like SpamAssassin) which still has trouble stopping spam. Nonetheless, the Australians think they can do a better job by getting email users involved in the fight, and are about to distribute some spam reporting software to assist.

Unfortunately, much of the spam you see in your inbox each day does not come from a bigtime spammer - it comes from their unknowing minions - meaning zombie computers.

Zombies are machines (usually Windows machines) that have been infected via trojan programs. One of the main goals in infecting a computer is to hijack it for spamming purposes. Meaning, there are a whole lot of folks out in cyberspace that are spamming, and they don’t even know it. One of the culprits is broadband, with its always on connection, and the other is usually Windows, with its “always weak” security. And computer hijacking is going nowhere but up, up, up.

If you still don’t get it, then read this latest trojan warning carefully. The trojan in question is designed to hijack the recipient computer, for use in none other than spamming!

The Australians are about to start chasing ghosts, its just that the ghost will be walking and moaning.

The heads up for the day is a new trojan spreading fast across the net. The malicious code is distributed via email disquised as a warning that your account is being used to send a ton of spam. You click on the “verification” document attached to the email, and the underlying program directs your computer to a website filled with yet more nasties.

If your email account was hijacked for spammers enjoyment, your ISP would likely shut the account down before you received any warning that it was happening. Hence, your warning would be more likely to come in the form of a phone call, while you get a clue via your temporarily disabled account.

Don’t fall for it.

I have not taken any poll to see who cares whether Michael Jackson is convicted on child molestation charges, nor do I care to. Obviously, someone thinks the whole mess is worthy of some malicious mischief though, so they have created a new spam that with a Michael Jackson suicide note.

The spam includes a “read more” link directing you to a site that looks like it is being overloaded. But the site contains a trojan that attempts to install malware through a hole in Internet Explorer.

For all you voyeurs out there, maybe it is time for you to find a new hobby.

***UPDATE***

However, if you really are obsessed with Michael Jackson, and can’t get yourself unglued from the headlines, here is a way for you to go about your “normal” day and still not miss the verdict when it comes in.

A few months back, Tony Blair was caught spamming. The intent was to send email to his own supporters, but it just didn’t work out that way.

Now, spammers have seized the opportunity. Mention of Blair’s email account is being planted in emails to lure readers to a trojan spam attack. The claim in the email is that Blair’s account has been hacked, and if you click through you can see the contents of the account.

While I feel bad for whoever the victims wind up being, I’ve gotta say that using “a known spammer’s” name (one who just happens to be the leader of a country) to get folks to read a trojaned email is a pretty sneaky trick. And since I have no love loss for politicians, I just have to say “Blair, you had this one coming.”

Watch those blogs. ZDNet reported that new blogs are popping up that contain malicious code like keystroke logging trojans. According to the report, many of these blogs are on legitmate hosted sites (I assume the free ones). As a platform for blogging is just a few clicks away, and with thousands of new blogs being created each day, this comes as no surprise. Note that most of the sites in question, which according to Websense number just a few hundred at last count, are using disquised email lures from popular instant messaging services to attract attention.

*****UPDATE*****

The Slashdot crowd has just put their two cents in on this matter, and in a manner I have come to know and love - loaded with incredulity and scepticism.