The latest phishing attack, analyzed by the SANS Institute, builds upon existing IE exploits to install software that records keystrokes on the machines of unsuspecting Internet users. The keylogger is coded as a Browser Helper Object (BHO), an add-on technology introduced by Microsoft to allow programmers to customize Internet Explorer. Browser helpers are DLL components that load with Internet Explorer and share the browser's access and permissions. "In short, a BHO works as a spy we send to infiltrate the browser's land," Microsoft writes in its description.

Yahoo remains a reseller, buying its domains from Australian wholesaler Melbourne IT, which manages the domains. Yahoo isn't saying whether it obtained a better rate from Melbourne IT or has decided to accept less profit per domain to offer a more attractive price, but describes the new rate as a "marketing promotion" rather than a permanent change. For the moment, the price cut makes Yahoo's web hosting services slightly more affordable for its target small business customer. The web portal is already one of the top players in the small business hosting market with more than 587k hostnames.

One of the key factors driving new applications and wider adoption of the Internet has been the increasing bandwidth available to the public. For example, the World Wide Web started to take off among ordinary computer users in the mid-1990s once images were added to pages, and this only became feasible when dial-up modem speeds had increased sufficiently to allow graphics to appear after a few seconds' downloading.

Another instance of how access speed sparked a dramatic shift and rise in online use occurred at the end of the 1990s, when it became possible to download digital music files in a reasonable time, thanks to the rediscovery of an older compression technology, MP3 - strictly speaking MPEG Audio Layer-3. Taking advantage of this, millions of young people started to swap tracks from CDs through Napster, and a huge new class of users were drawn in to the world of the Internet.

Microsoft says the exploit affected servers running Windows 2000 and IIS 5.0 server that are not fully patched against a bevy of security holes detailed in April, known collectively as MS04-011. The initial version of the patch included bugs that crashed Win2K systems. Microsoft posted a web page confirming the IIS issue and referring system admins to a knowledgebase article detaling the workarounds and fixes available for affected Win2K machines.

Internet users wanting to avoid potentially vulnerable sites can use Netcraft's What's That Site Running feature to determine a site's operating system and web server version.

The method of infection appears similar to an exploit reported last year at Interland, in which a footer file inserts malicious code onto a web page, instructing the user's browser to download a trojan. In the new exploit, compromised Internet Information Servers (IIS) are seeding HTML files with footers containing Javascript code, which then uses a sophisticated new hacking technique to trick fully-patched versions of Internet Explorer into downloading a trojan - in this case, one known as "msits.exe" residing on a server in Russia.

With more than 3.9 million hostnames, Germany's 1&1 is the world's largest hosting specialist. The overwhelming majority of its sites are powered by Linux, with just 88,000 of 1&1's hostnames on Windows, almost all of them in its German operation. 1&1 showed its marketing muscle with its entrance into the U.S. market earlier this year, as it has quickly gained more than 147K hostnames and 78K active sites.

In December, Sun released the ROM source code for the RaQ 550 under a BSD-style license, a year after open sourcing the Cobalt Qube code, which is now maintained by the Cobalt Users Group community as Blue Quartz. Prior to Sun's Christmas Eve announcement, the number of sites on Cobalt had been in steady decline from a peak of 3.1 million hostnames in August 2002.

While many hosting companies are phasing out the use of Cobalt since it officially reached its end-of-life on Feb. 19, others continue to see growth in the number of active sites running on Cobalt. A notable example is VIA Net.Works, which has seen 50 percent growth in sites on Cobalt at its newly-acquired Amen Hosting unit. Among those scaling back are two hosts who had some of the largest Cobalt installations prior to Sun's end-of-life announcement, Host Europe and EV1Servers.

The group, which battles identity theft and fraud tied to phishing and web site spoofing, said the modest increase from April's 1,125 attacks was likely related to the Memorial Day holiday in the U.S., as attacks declined late in the month. Even so, the data marks a significant departure from increases of 180 percent in April and 43 percent for March.

The software development platform Eclipse is still something of a well-kept secret. In a way, this is not so surprising; whereas all computer users have an operating system, and most of them use the Internet in some way - and hence are likely to come across both GNU/Linux and Apache, even if tangentially - the only people who get really excited by programming tools are developers. But the rise of Eclipse is, in its own way, potentially just as important as that of GNU/Linux or Apache.

The Eclipse project was launched in November 2001. Although the initial list of supporters included Borland, Red Hat and SuSE, the main driving force behind the idea was IBM, which donated $40 million of code. As both a good background presentation and FAQ explain, Eclipse is an extensible Java-based development environment created from a basic core plus plug-ins. Using Java means that the project is cross-platform, while modularity provides the ability to draw on other plug-ins for functionality and permits a classic open source distributed development approach.

It also allows the platform to expand way beyond its Java roots. Alongside the original Java IDE, called JDT - which allows Eclipse to be a development environment for itself - there are now IDEs for C/C++ and COBOL, as well as a proposal to create an IDE for Web/J2EE application development.

Together with this broadening of goals, another indication of the vigour of Eclipse is the range of community resources and the large number of plug- ins now available. These embrace both open source and commercial projects. Among the latter are products from Borland, HP and IBM - for its WebSphere Studio and Rational product lines. Also of note is how major embedded software companies such as MontaVista and QNX are turning to Eclipse as a framework for their programming tools. Other members of the Eclipse supporters club include Intel, Oracle and Novell. The last of these has announced that it will use Eclipse to provide a common tools platform across all its products.

Winer, who was sharply criticized for the sudden shutdown of many free Weblogs.com sites, Thursday announced a transition plan to help shift stranded bloggers to new hosting digs. Meanwhile, Six Apart, which was blasted for pricey new licensing for Movable Type 3.0, unveiled a new payment structure designed to make its new software more affordable for non-profits and personal bloggers.

The RIAA site began experiencing performance problems again this morning, although it seems to be faring somewhat better than on previous MyDoom.F trigger dates. The site index is using a text-only redirection page at www.riaa.com in an attempt to reduce the load on its server.

A dynamically updating graph of the sites targeted for DDoS by various MyDoom variants is available here.

"There are enormous bot networks out there that can do a lot of damage," said Akamai chief scientist Tom Leighton. "It's a tremendous problem, and presents a threat to the Internet." Akamai said it was able to quickly identify the attacking botnet, which was shut down by the originating network. The outages were limited to approximately 4 percent of Akamai's 1,100 customers, with 1 percent - about a dozen sites - experiencing a significant impact.

The attack was "more sophisticated than we've seen before," said Leighton. "The volume was problematic, and how it was done was problematic. For this nature of attack, it was an unusual volume." While not offering details on the technique involved, he said it was "a step ahead" of known DDoS techniques. The attack targeted the DNS addresses of four large Akamai customers. "It's possible these sites were targeted, and just happened to all be our customers," said Leighton. "But we assume it was an attempt to attack Akamai."

The bounce ends years of erosion in hostnames and market share for NSI. As recently as January, Network Solutions was at the bottom of the performance charts, placing 1,501st out of 1,503 providers tracked, with a monthly loss of 25K hostnames.

The recovery culminates a two-year turnaround effort at NSI, according to Network Solutions President Champ Mitchell. "It's fair to say that the Network Solutions of several years ago gave terrible customer service and was hated by its customers," said Mitchell. "We've reinvented the company and our customer experience. It's a complete reversal from where we were."

The chart below shows that since March 2001 the numbers of IP address have increased by only 11%, while computers have broadly sustained an increasing trend other than for a dip for Code Red and Nimda in 2001, rising by 106% in the same period. This primarily reflects increased use of HTTP 1.1 virtual hosting for shared hosting, and the continuing development and expansion of the web . Since 1999, IP addresses have increased by 103%, while web facing computers have increased by 355%.

42% of the increase in the past 6 months was in the Americas, with EMEA accounting for 34% of the growth. EMEA now accounts for 33% of the web facing servers, an increase of 5% since March 2001.

The methodology is described in the Hosting Provider Server Count.

This is a compelling sales tool:

• Prompt notification of outages means that sales approaches can be exceptionally well timed.
• Measurements can be presented to prospects and customers as a justification for price differential, and also serve as an objective in house metric to judge performance relative to competitors.

The Opportunity

Poor performance and especially, outages are a more immediate call to action for a company to replace in house solutions or switch hosting providers than cost comparisons; outages mean that customers may move with much more urgency.

Being able to enter a sales dialogue with a prospect a few hours or a day after a serious outage means that decisions may be taken while the customer is at a peak but transient level of dissatisfaction and frustration with his current solution.

Currently, price is a very significant factor in sales negotiations. Vendors with reliable facilities and fast, resilient networks have no easy way of empirically showing the prospect the quality of their network and infrastructure, or of knowing the quality of service that the customer receives from their current provider.

Collective ignorance plays into the hands of the service providers investing less in their infrastructure, since they are better able to discount, and their slower response times and network outages are less obvious to the customer.

Access to accurate, up to date, empirical information on the comparative network performance of sites significantly changes the playing field in favour of well informed companies with good quality networks and reliable service offerings.

Extra business won and the reduction in pressure to discount should amply cover the costs of the service. Your sales staff can have individual portfolios of sites and are able to add and remove sites whose performance they wish to monitor via a web interface. Monitoring of newly entered sites will normally start within 30 minutes, with graphs available as soon as there are sufficient points to plot.

The performance problems affected Microsoft, Google, Yahoo and antivirus update services from Symantec and TrendMicro, which are among Akamai's 1,100 customers. Some of the largest affected sites were able to switch their DNS settings to their internal network, rather than akadns.net, which handles domain name service management for Akamai customers. The akadns.net system routs requests for high-volume customer web pages to content stored on its network of distributed servers, easing traffic to the client's main server and speeding delivery to the end user. Akamai performs similar function for downloads of audio and video files, software patches and antivirus definitions.

The outages mark the second disruption of Akamai's network in less than a month, following a similar incident May 24.

Winer, a driving force in the emergence of blogging and RSS, started the service as a founder of Userland software, but left the company several years ago. When the blogs needed to be moved off Userland's servers, Winer said he tried to transfer them to a server he owned, which was unable to handle the load. Winer said cost issues and personal health concerns limited his ability to resolve the difficulties, so he decided to close the service.

"I can't afford to host these sites," Winer wrote. "I don't want to start a site hosting business. These are firm, non-negotiable statements."

But some users protested that they had no warning of the shutdown, and thus were unable to download copies of their sites, including user comments. Winer said he will export a site's content if its owner makes a specific request, but would not do so before July 1.

Sun may go down in history as the Cassandra of computing: consistently able to foresee the shape of things to come, but unable to capitalise on that knowledge. Two of its great insights have been "The Network is the Computer(TM)" and the idea of the Webtone.

While the former neatly encapsulated the essence of the Internet (and maybe even hints at the idea of the GoogleOS - running end- user applications across the Net on huge but invisible computing resources), the latter was an early appreciation that once a global TCP/IP network is in place, it can be used for anything, including telephony.

Currently, the preferred name for this particular application of Sun's Webtone is VoIP: voice over IP. The basic idea is not new, of course: it was implicit in the original research that gave rise to the Internet, which grew in part from packet radio voice communications. Proto-VoIP programs have been around for at least ten years, but it is only now that VoIP is really taking off. The reason is not hard to find.

In the early years of the Internet as a mass medium, the average user's dial-up connection was too slow for any but the lowest voice-quality to be transmitted over it. Moreover, variable Net reliability meant that packets were often delayed or dropped, leading to chopped speech, audio artefacts and noticeable delays. The rise of low-cost broadband has brought bandwidth to spare, encouraging people to turn from traditional circuit-switching telephony to one based on IP packet switching.

There are various ways of implementing this. One requires both caller and recipient to be using the same program, in which case the calls are free. The most popular example of this approach, with 13 million downloads to date, is Skype, created by the people behind the P2P file-sharing software KaZaA, and employing a similar approach. Headsets and handsets can be connected to a computer's USB port.

Do the heated opinions surrounding The SCO Group's legal case translate to the bottom line for Linux-powered businesses? Apparently not in the case of EV1Servers, whose continued growth has defied predictions that the web hosting company would lose customers due to fallout from its dealings with SCO.

On March 1, EV1Servers became the first publicly identified company to have paid SCO to settle its disputed legal claims involving Linux. More than three months after the deal was announced, EV1Servers has weathered the initial storm of criticism and continues to show a strong gain in Linux hosting-based hostnames, adding more than 80,000 Linux-based hostnames since the SCO deal was announced. With more than 770,000 hostnames on Linux, EV1Servers is the fourth-largest Linux host, trailing only 1&1 Internet, and domain registrars Go Daddy and Register.com.

There's been no meaningful exodus of Linux customers from EV1Servers, despite a wave of online forum postings and media articles predicting the Houston company would be ostracized by the Linux community for its dealings with SCO.

Capital Sports' website has been the worst affected and has been unavailable since mid day yesterday.

A spokesman for Blue Square said the company came under attack after the company ignored a demand for $30,000. The new attacks raise speculation that extortionists will continue to target gambling sites in the run-up to Euro 2004 and Wimbledon.

Netcraft is monitoring the performance of twenty leading UK Internet Gambling Sites, with dynamically updating graphs available here.

The attack splices together multiple weaknesses in Internet Explorer, including at least one known but unpatched flaw and several new ones. The scripting cocktail tricks the browser into running code from a remote web server as though it were a local help file, and can then install a trojan of the attacker's choice on the compromised system.

The malware targets Windows computers, and arrives in an email bearing the subject "Re" and an attachment that will have an .asp, .hta, .htm, .htt, .html, .vbe or .vbs extension. Upon infection, the virus uses Microsoft Outlook to send itself to everyone in the Microsoft Outlook Address Book. "If the day is the 6th, 13th, 21st, or 28th, the worm will delete all the files from the computer," Symantec reports. Despite its nasty payload, SANS notes that VBS.Pub "doesn't possess any earth-shattering characteristics to make it a significant propagation threat."

The reason for this is FreeBSD’s deployment with the operators of shared hosting systems, where tens and even hundreds of thousands of sites are collectively administered as part of a single system. FreeBSD has been synonymous with large scale shared hosting since the genesis of the web, and continues a symbiotic relationship with the largest hosting companies today.

Over half of the FreeBSD active sites are at the largest 20 hosting providers using FreeBSD, and much of the surge in FreeBSD sites over the last year has been caused by the continued growth of Yahoo!’s shared hosting offering. Yahoo has strong ties with the FreeBSD project and provides hosting for the project's servers. while Pair Networks recently led the contributors with a substantial $20,000 when one of the FreeBSD core team offered to work full time on the project as its first commercially funded developer.

May was a good month for European providers, who occupy three of the top four spots in our monthly roundup of the fastest-growing hosting companies. Go Daddy led all providers with a net gain of 170k hostnames, followed by 1&1 Internet, France's Gandi, and Germany's Tect AG.

German hosting giant 1&1 Internet is set to exceed 4 million web sites within the next month, with most of its gains coming through new customers, as opposed to those switching from other providers. As a result, 1&1's strong entry into the U.S. market hasn't drained customers from other providers, as some American hosts had feared. During May, 1&1's schlund.us unit had a net gain of 29k hostnames, of which 26k were "new" hostnames not previously found in our survey. No U.S. provider had more than 400 hostnames switch away to 1&1 last month.

XML is perhaps one of the Internet's greatest unrecognised success stories. The first draft of the XML standard dates back only to 1996, and was born out of an attempt to marry the simplicity of HTML with the power of Standard Generalised Markup Language (SGML). It has rapidly moved centre-stage, to the point where most of the initiatives in the W3C A to Z list on its home page are based around XML - even HTML has been re-cast as XHTML.

But XML is more than just an exercise in re-packaging. Since its creation, the scope of XML has widened enormously, and now encompasses a number of major ancillary projects that address deeper technical issues well beyond simply tagging data more intelligently - XML's starting point. For example, the eXtensible Stylesheet Language (XSL) family - XSL Transformations (XSLT), XML Path Language (XPath) and XSL Formatting Objects (XSL-FO) - is concerned with the presentation side of XML documents: converting them into HTML for display in a browser is one obvious application.

In the June 2004 survey we received responses from 51,635,284 sites.

Although web server market share has been relatively stable in recent months, the web is again growing very rapidly both in absolute terms and in terms of active sites hosting distinct content. As measured by hostnames, the Internet has grown 26.1 percent over the past 12 months, adding 10.7 million since the June 2003 survey. That's the strongest period of sustained growth since the boom era of Feb. 2000-2001, during which the Web added 16.9 million hostnames. Thus far in 2004, the net gain has averaged nearly 1 million per month.

The surge in hostnames and active sites has been accompanied by robust growth in the use of the Internet for business. The number of servers using Secure Sockets Layer encryption has grown 56.7 percent in the most recent 12-month period (April 2003 to April 2004), according to our Secure Server Survey. More than 300,000 servers are now using valid third-party SSL certificates, which provide encryption for online banking, retail sales, e-commerce and the secure information exchange.

Spam and abusive behavior are not new issues for Wikis, web pages that anyone can edit or even delete. But it has yet to approach the level seen in weblogs, where automated comment spamming with links to Viagra, porn or herbal remedies has forced many bloggers to shut down their comment section or install blacklist plugins. The torrent of comment spam is not designed to produce clicks, but rather to improve the spammers' Google ranking.

This week Jan Philipp Lenssen described how he used a campaign of Wiki sandbox postings to attain the top position in an ongoing competition between SEO professionals to attain the highest Google rank for a random term - in this case nigritude ultramarine.

During May, an Italian hosting company,Seeweb, was the most reliable of the hosting company sites we monitor. Second placed was the Jumpline site, which was top of the chart last month.

Linux and FreeBSD were evenly split amongst the top 10 sites with four sites each, with MyHosting.com running Windows Server 2003 and DellHost on Windows 2000.

The worm represents an alarming advance in phishing, as it forgoes the need to trick the end user into divulging details. Phishing trojans that monitor keystrokes are not new, but to date have required some form of response to an e-mail "bait." Korgo uses the LSASS vulnerability to auto-infect Windows systems that haven't applied the MS04-11 patch issued April 11.

Open source adoption within companies has occurred in a series of waves, each moving free software successively closer to the heart of the enterprise. First, there was Apache, whose rise is documented vividly in the Netcraft server survey. After the Web server, open source began to find favour for file serving, typically using GNU/Linux and Samba. GNU/Linux was also used to run proprietary databases like Oracle and DB2, but more recently open source databases like MySQL have proved increasingly popular with companies.

Although the open source desktop is clearly reaching a tipping point in terms of broader adoption - not least thanks to the maturity of offerings like OpenOffice and the Firefox browser - it is arguable that the next bastion of proprietary software to fall will be that of the application server.