Gmail, which has been praised by its users for the strength and accuracy of its anti-spam filtering, may be falling behind in the ongoing battle with clever and resourceful spammers, according to Stan Schroder of Mashable in a post written today. I've also noticed a few more spam messages in my Gmail inbox which, like Stan, surprised me since I'm so used to seeing no spam at all there.

I'm a huge fan of Gmail. Checking email in a web browser, also called webmail, has been around for years, but the interfaces used by many internet service providers (such as SquirrelMail) were clunky, especially compared to Outlook. When I saw Gmail, though, I was impressed. Google's interface design for its products tends to be simple, yet attractive and utilitarian. Forwarding my other email to Gmail allowed me to read everything in one place, anywhere there was an internet connection, even on my Mobile Web equipped Verizon cell phone.

But the best feature of Gmail was its heavy-duty, yet remarkably accurate, anti-spam filtering. Rarely did I see any spam in my inbox, and in the two years I've been using Gmail, I'd guess I've found less than two dozen real messages that were filtered into the spam folder. I'd been averaging about 150 spam messages a day until about a week ago, however, when that number jumped to nearly 300 per day. According to statistics from electronic communications security firm MessageLabs, about 50 percent of all email is spam on an average day, with the rate jumping to near 70 percent on weekends. UPDATE: MessageLabs site doesn't appear to be updating these statistics for casual visitors; various other estimates run from 71 percent (Symantec) to 95 percent (Barricuda Networks).

So I imagine the main reason for the additional spam in my Gmail inbox is simply an increase in the amount of spam across the internet lately, possibly due to the Valentine's Day Storm Worm blitz, and Gmail's filters are simply overwhelmed. It's possible that spammers have come up with new ways to circumvent the filters, though, which makes the "community clicks" method of reporting spam that appears in your Gmail inbox as important as ever.

Happy Valentine's Day! Here's a repeat of my recent post about Storm Worm holiday-related attacks, this time with a romantic come-on. Be cautious opening what might appear to be a card from your beloved today....

The Storm Worm trojan horse is being rolled out to unsuspecting email readers as a Valentine's Day come-on. Storm Worm, known by several different names depending on your antivirus software provider, adds malicious code to your PC in order to open it up to further downloads intended to allow criminal hackers to access your computer and use it to send spam. The process to get Storm Worm onto your PC and begin its new life as a zombie, or spambot, is based on social engineering principles, where the PC user willingly visits an infected web site because of an interesting spam message. Variations in the past year, when Storm Worm was first identified, have included news about the supposed death of Fidel Castro, promises about pornographic photos or video, and the come-on that gave the malware its popular name, "230 dead as storm batters Europe."

The current attempts to lure PC users to visit the infected sites features variations on romantic propositions, such as "Falling in love with you" and "A Toast To You." Users who click on the address included in the spam email are directed to one of several websites that display a heart and another romantic message, while the malware is downloaded behind the scenes.

These types of attacks on personal computers are very common. Security company Sophos reported this week that one out of every 12 emails monitored by the company were of this variant of Storm Worm.

What should you do? The New Tech Heroes recommend that every PC user follow these suggestions, without exception:

• Install up-to-date virus protection, and make sure the virus definition files are updated frequently (at least daily if your PC is connected to the Internet all the time over a broadband connection).
• Install a personal firewall solution. Your cable or DSL modem and wireless router (if you use one) may also have hardware firewalls, but they generally don't inform you of attempts to access your computer from outside and are not easily configurable. At a minimum, make sure Windows built-in firewall is on.
• Don't open email from unknown senders. Be suspicious of email that friends or family forward along to you. Use common sense with all other email, even if it appears to be from someone you know.
• Don't click links in email unless you're absolutely sure you know where it's taking you and it's from a trusted source. Never click one that is shown as an IP address (in the format of ###.###.###.### instead of a domain name).
• Consider setting your browser security to a higher level, or using a browser that has stronger protection against scripting code that can compromise your PC if malicious. (Firefox with NoScript comes to mind.)

Spammers are clever. Well, occasionally, anyway. Among the obvious spam message titles like "Show the world the giant you've been hiding" and "you are so good to me eggplant mike" are the ones that touch on the hot topics of today. I mentioned the Valentine's Day spam the other day, where the subject line suggests that you have an e-card sent by your lover. Wait a minute, let's check something:

Please tell me you're not clicking any of these! What have your mother and I been trying to tell you? You need to avoid these types of messages. That forwarded email joke might be hilarious, but you don't know where it's been, and it just might have been infected with a computer virus from the start. Use caution and use protection, that's what I say! Now before this turns into a high school health class, let's continue....

So the current topical spam scam is tax refund phishing and other IRS-related spam. You receive a message that appears to be from the IRS, telling you about a previous year's refund or asking for additional information to help you avoid an audit. These messages often have the IRS logo included and sound very official, but the IRS never offers refunds by email and never sends unsolicited email to any taxpayer. The email asks you to submit personal information to confirm the refund or other tax-related activity, but the information is sent to the spammer instead, who can then use it to steal your identity, access bank accounts, and more.

I haven't seen any reports of a potential variation on this phishing attempt, but I wouldn't be surprised to see some sort of official-looking email from the U.S. Government, perhaps the IRS again, looking to confirm information in order to send the proposed tax rebates to Americans later this spring. If you see something like that, keep today's story in mind and, as we like to say... don't be a sucker.

Facebook, MySpace Hit by Zero-Day Flaw - by Jake Soriano from Trend Micro   "A vulnerability in the image uploader used by MySpace and Facebook was recently discovered by security researchers, bringing about issues of the possibility of exploits and malicious users gaining access to affected systems."

Spam continues to increase, Symantec says - by Robert Vamosi from CNET   "Spam now accounts for 78.5 percent of all e-mail traffic, according to a new report from Symantec. That's up from previous months. And Europe, not the United States, can now claim to be the source of most spam."

Decision Time For Yahoo - by Michael Arrington from TechCrunch   "The dust is settling on Microsoft’s $31 per share offer to acquire Yahoo, and the options left open to the company are fairly well understood at this point. There will almost certainly be no White Knight or other buyout offer coming to the table."

Today's statistics from MessageLabs show spam making up over 50 percent of all incoming email, though the rate peaked over last weekend nearer to 70 percent. Even more of a concern is the increase in malicious spam, those unwanted messages that have content or attachments that contain various forms of malware, like viruses, trojan horses, or attempts to obtain personal information through phishing. The virus rate has averaged 0.7 percent for the last week, with phishing attempts running at about 0.4 percent.