Spam researchers have discovered a recent run of unwanted messages using Google’s Web-based word processor and even testing their campaigns using Google analytical tools.

MessageLabs spokesperson Matt Sergeant, said the spam messages are successful in getting through most enterprise email filters. The messages don’t contain content, only a link that takes recipients to a Google Docs file. Once opened the file touts the all too familiar pharmaceuticals hyped in many spam campaigns.

“This is another method that spammers have found of hosting a website in a place that’s bulletproof basically,” Sergeant said.

Google has labeled the hosted file as being registered as spam. The good news is that Google Docs is still in its infancy, so there aren’t a lot of people using them in a corporate setting, Sergeant told me. So far the messages have come in very small numbers, but large enough that they triggered an alert at MessageLabs.

Security vendor Marshal says the Srizbi botnet has grown to be the worlds largest spam botnet, outpacing the Storm Trojan in sending unwanted email and compromising computers. Srizbi now accounts for half of all spam. In comparison, Storm accounted for 20% of all spam at its peak.

In figures released by Marshal’s research team, Srizbi compromised more than 300,000 machines and sends more than 60 billion spam messages per day, according to Marshal. The botnet is also spreading malware, using social engineering tactics to get computer users to click on a malicious link in the spam email.

Marshal points to efforts to combat the Storm botnet as the reason for its decline. Microsoft’s Malicious Software Removal Tool has been successful in slowing Storm.

What is clear now is that no botnet has a firm footing as the number one player on the block. Marshal said the Storm botnet was outpaced in January by the Mega-D botnet, otherwise known as Ozdok. Srizbi came grew strong enough to be recognized in February.

Other researchers, Damballa for example, are tracking far more malicious botnets. Kraken has been spreading dangerous malware and is more sophisticated, allowing its maker to evade detection by simply moving its command and control function to another domain in a hard-coded list.

Damballa saw more than 400,000 unique infected IP addresses on one day in March, with the number continuing to trend upward from about 300,000 in early March.

Which botnet is the biggest? It depends on what month and which security research team you talk to. I’m not sure it really matters.

In this interview conducted last month at RSA Conference 2008, security expert, Howard Schmidt says the federal government’s goal to reduce its nearly 2,000 domain access points to 50 by Fall 2008 is too aggressive and questions whether the government will reach its goal. Schmidt also explains how an unstable economy could affect IT security budgets and whether enough security talent exists to defend critical systems.

We’ve seen the protests in the streets, but now MessageLabs is warning that it has tracked 13 Olympic themed attacks, designed to spread malware and ultimately steal data.

The attacks are originating from IP addresses in Asia, but there’s no surprises here. The attackers are using social engineering to trick end users into clicking on a malicious link in an email message.

I was in San Francisco, attending RSA Conference 2008 when the Olympic torch was carried through the streets. All the security detail had to do to avoid protestors was to change the running route at the last minute. Unfortunately there’s no real “safe zone” in cyberspace.

Messages are being sent with legitimate-sounding subject titles such as “The Beijing 2008 Torch Relay” and “National Olympic Committee and Ticket Sales Agents,” MessageLabs said. Some attacks purport to be from the International Olympic Committee, based in Lausanne Switzerland.

Let’s be honest here, these guys aren’t protesting the Beijing Olympics, they’re trying to steal identities and make a quick buck. They’re also doing a good job staying under the radar, according to MessageLabs. They’re using Microsoft Office Database (MDB) files–usually hidden within a ZIP files–in order to avoid detection by traditional antivirus engines.

IBM’s X-Force security research team and IBM Research are studying ways to protect virtual computing environments. Code named Phantom, the research project has been ongoing and could result in new products and best practices designed to leverage the hypervisor to improve security. In this interview at RSA 2008, Joshua Corman, principal security strategist with IBM’s ISS team, explains Project Phantom and how IBM says it could help alleviate some of the risks associated with virtual environments.

Ira Hanson-Ralph of EnCana explains why the oil and gas exploration company made log management a priority as part of its compliance program. Hanson-Ralph is EnCana’s group leader of IS compliance and controls monitoring. The interview was conducted at RSA Conference 2008.

In this interview at RSA Conference 2008, Sourcefire founder and Snort creater, Martin Roesch, talks about the sudden departure of the company’s CEO and the future of intrusion defense.

In the conclusion of this two-part video series, Information Security magazine Senior Technology Editor Neil Roiter explores security services in the U.S. telecom market. In an interview at RSA Conference 2008, Stan Quintana, vice president of AT&T Security Services discusses the company’s strategy. He talks about what makes carriers qualified to offer security services and some of the challenges facing the industry.

In part one of a two-part video series, Information Security magazine Senior Technology Editor Neil Roiter explores security services offered in the U.S. telecom market. In an interview at RSA Conference 2008, Kerry Bailey, vice president of business security products at Verizon, discusses the company’s strategy.

(ISC)2 Executive Director Ed Zeitler talks about the unique security challenges facing the financial industry and whether the current turmoil in the financial markets could put a strain on IT budgets. Zeitler has 23 years of experience in developing, implementing and managing information security programs at financial firms. Most recently, he served as chief information security officer (CISO) for Volkswagen Credit, where he created and implemented its information security program. He also served as CISO for Charles Schwab & Co., Inc., Fidelity Investments, Bank of America and Security Pacific National Bank.