In the spirit of entrepreneurship, spammers are finding new ways to send out their junk mail just weeks after the shutdown of a major Web-hosting firm took many of them off the map.

According to MessageLabs, a division of Symantec, after Web-hosting company McColo Corp. was shut down two weeks ago, spam levels declined by 65 percent. Now new analysis finds spam levels are returning to two-thirds of what they were before the McColo Corp. takedown.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

McColo played host to several massive spam-sending botnets and its shutdown caused spam levels to plummet because the spammers were out of business. The lag between the initial decline and the subsequent rise is attributed to the time it took for the botnet owners to find a new ISP and bandwidth provider, according to Matt Sergeant, Senior Anti-Spam Technologist at MessageLabs.

"The Asprox and Rustock botnets are back with a vengeance after having found new command and control," Sergeant said in a statement. "Cutwail never went away and it seems its owners have used the opportunity to increase output. Mega-D is also on the rise again, he said. Srizbi, having once been responsible for 50 percent of all spam, is now completely defunct. Without this botnet, spam levels won't return to what they had been."

The research conflicts with figures from messaging security firm IronPort, which is part of Cisco Systems. The company claims to have blocked approximately 35 million spam e-mails on Monday, which is far below the level of blocking it saw before the McColo takedown. Ironport claims to have blocked in excess of 150 million spam messages before McColo's demise.

MessageLabs' Sergeant urged vigilance in the face of the news.

"As always, businesses and consumers are urged to make sure their spam filters and anti-virus engines are up to date."

Could the stretched-out replacement cycles for desktop machines be a boon for client computing? In a recent Wall Street Journal Business Technology blog post, Ben Worthen noted that a survey from our print publication, CIO Magazine, found that companies will forgo traditional three-year replacement cycles for desktop machines (both traditional desktops and notebook computers). According to the CIO survey, 46 percent of businesses will defer replacing machines for the next year or two.

Worthen says that this will be a problem for people who are already suffering from overloaded machines, bogged down by big apps and too much data. I'm not so sure about that. Any machine purchased in the past three years should be capable of holding at least 2GB of memory, which should be plenty for most people's workloads. On the data side, most three-year-old machines should have at least 40GB of storage, and probably more. It's hard to imagine most work environments requiring more than 40GB of storage.

[ Stay up to date on the latest virtualization developments with InfoWorld's Virtualization Report blog and newsletter. ]

However, I think he's on to something -- not so much from today's workloads, but from tomorrow's. Specifically, the looming (semi) forced shift to Vista or Windows 7. Both of these versions of the OS require a significantly larger hardware footprint than XP does. Consequently, there's a collision course between the operating system of the future and the hardware of the present -- which presents an enormous opportunity for client virtualization.

There's three ways that client virtualization can help out in a capital-constrained environment:

If the current hardware really is overloaded by heavyweight apps, presentation virtualization is a possibility. This technology puts the application back on the server and merely shunts the user interface out to the client machine. Instead of having to host the entire application process and store the data, the machine acts as a rich client.

If the client hardware is insufficient to run Vista or Windows 7, move to a Virtual Desktop Infrastructure (VDI) environment, with a virtualization server hosting multiple desktops. There's no need to outfit end-point machines with 4GB of memory and 200GB of storage. It's not even necessary to scale that level of resource onto the server.

For example, if you have 10 desktops on a single server, you don't need 40GB of memory. Because end-user machines are very spiky in terms of usage and, frankly, underutilized 99 percent of the time, a smaller amount of resource is required on the server. In other words, the resources can be multiplexed. This is financially savvy for two reasons: (1) Due to the multiplexing effect, you don't need to buy as much total resource capacity as you would if you were provisioning individual end points, each with sufficient capacity to support a Vista environment; and (2) buying in bulk for servers is, up to a certain point, less expensive than buying the same amount of capacity for individual end devices -- in essence, you're paying wholesale rather than retail (so to speak) for hardware capacity. There is a finite ability to play this "wholesale vs. retail" trade-off; typically when you start putting very large memory sticks into servers the price for it escalates wildly.

For those power users who can't (or won't) "share" a server, there's a different flavor of VDI available. You still put the client machine in the data center, but dedicate a blade server to it. A significant investment for hardware dedicated to a specific user, but the design of blade server systems still reduces overall investment. While you scale the amount of memory linearly for each dedicated blade, economies of scale are still available for resources like power supplies, network connections, and cooling.

Of course, all three options still require some kind of interface equipment at the end-user location -- after all, there has to be a screen to look at and a keyboard to type on. For the first option, the current hardware can be left in place. For the last two options, an existing desktop can be use. However, a thin client is also a possibility. This presents the intriguing opportunity to implement VDI for current users, using their existing desktop machines; when new users join the company (or a desktop machine for an existing user needs to be replaced) a thin client device is given to the user. The cost differential between a fully scaled desktop device and a thin client can be very large; I've heard $200, quantity of one, quoted for thin clients.

Of course, there are other factors to be considered. The capacity of the network needs to be examined to see if it can handle the traffic between the data center and the desktop locations. Also, the cooling capacity dispersed to end-user locations must be available within the datacenter.

On the other hand, client device reliability should go up significantly with centralized administration. Operations staff on-site visits to end-user device locations should drop as a result.

I don't know that I've seen any good case studies on how the numbers might pan out for a real-world desktop virtualization implementation. Intuitively, however, desktop virtualization seems like it must be less expensive to run. However, it's often the case that a situation that, early on, made economic sense, when seen through to a later phase, doesn't make sense at all. Inertia keeps the no-longer-making-sense system in place because "it's the way it's always been done." Desktop computing made a ton of sense early on when it delivered computing ability to end users at a fraction of the cost of mainframes. It makes sense as a way to let end-users perform their own computing taks. It certainly has fostered innovation because many, many apps make sense only in an end-user computing environment (the Web, anyone). But that doesn't mean that the only way to achieve those benefits in the future is to plunk an expensive, extremely powerful computing device in front of the person interacting with it.

Smart CIOs will be looking at client virtualization with open eyes, particularly in this economic environment. Maybe those desktops could be stretched for two or three more years.

Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of "Virtualization for Dummies," the best-selling book on virtualization to date.

CIO.com is an InfoWorld affiliate.

CEOs worldwide are expecting significant changes in the months to come but feel that the ability to manage change -- an opportunity for CIOs to be the "catalysts for change" in their organizations -- has not grown at the same pace.

However, change is just one challenge CIOs are faced with. In a Global CEO Study conducted by IBM Corp. this year, the collective insights of more than 1,000 CEOs representing 32 industries have been collated into five core traits of what IBM dubs as the Enterprise of the Future.

[ Get sage advice on IT careers and management from Bob Lewis in InfoWorld's Advice Line blog and newsletter. ]

The traits are:

1. Hungry for change. "The next four to five years is going to be very tough, thus, CEOs are expecting faster, broader more uncertain change in their companies," says Colin Powell, IBM Asia Pacific consulting services leader. "The world is shrinking, creating the need for speed and change."

2. Innovative beyond customer imagination. Powell says CEOs now recognize that customers are more informed and intelligent, thus, they want their organizations to be effective at engaging the new and changing customer. "CEOs want to satisfy the information omnivore," he points out.

3. Globally integrated. Jeanine Cotter, vice president for systems services of the IBM Global Technology Services group, says CEOs are moving aggressively toward global business designs, deeply changing their capabilities, partnering more extensively, and using mergers and acquisitions to grow.

4. Disruptive by nature. "CEOs don't want to stay in their comfort zone. They want a disruptive business model that is adaptable to different ways in doing things," says Powell.

5. Genuine, not just generous. Explaining the fifth trait, Cotter says responding to customer expectations of corporate social responsibility is an opportunity for CEOs to differentiate themselves from the rest. Cotter says CSRs include manufacturing products with right governance, such as "going green" and making sure product components are safe. "CEOs see CSR as an engine for growth, thus, they want to include it in their values and business strategy," she notes.

With the identification of these five core traits, Cotter says CIOs are expected to play two key roles in the transformation of the enterprise to that of the future. The roles are as catalyst for change across the enterprise as the service provider and ally of the CEO, and as leader of the transformation of the IT organization into a model of the enterprise of the future.

"The CIOs direction is needed to deliver results in each area of the enterprise of the future vision," says Cotter. To enable change, she says CIOs must apply unique IT applications and mitigate risks associated with new opportunities.

Explaining how CIOs can "innovate beyond customer innovation," Cotter says CIOs must turn information into business insight. "They need to empower customers by giving them secure access to relevant information," she adds.

Meanwhile, to allow the enterprise to be globally integrated, CIOs are advised to remove operational, technological, and cultural barriers. "Build on common standards and shared services," suggests Cotter. "Create a collaborative working environment."

To enable a disruptive business model, Cotter says CIOs need to remove obstacles to business model changes and facilitate rapid integration of acquisitions and mergers.

Lastly, to support the CEOs vision of a "genuine, not just generous enterprise," CIOs need to initiate green computing campaigns, reduce the environmental impacts of their technology infrastructure, and enhance workforce mobility alternatives.

Security researchers at Microsoft Corp. Tuesday warned of a significant climb in exploits of a Windows bug it patched with an emergency fix last month, confirming earlier reports by Symantec Corp.

Microsoft again urged users to apply the MS08-067 patch if they have not already done so.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The new attacks, which Microsoft's Malware Protection Center said began over the weekend but spiked in the past two days, use the same worm Symantec first spotted last Friday.

Dubbed "Conficker.a" by Microsoft and "Downadup" by Symantec, the worm exploits the vulnerability in the Windows Server service, used by all versions of the operating system to connect to file and print servers on a network. Microsoft patched the bug in an out-of-cycle update five weeks ago after it discovered a small number of infected PCs, most of them in Southeast Asia.

According to Ziv Mador, a researcher with the Malware Protection Center, the new wave of attacks has spread in corporations and hit "several hundred" home users. Most of the infection reports have come from U.S. users, said Mador in a post to the center's blog, but his team has received calls from users in several other countries too. The worm avoids infecting Ukrainian computers, Mador said, which may indicate the malware was written by a Ukrainian; hackers often purposefully skip systems in the country where they live, hoping that will postpone or eliminate any reaction by local authorities.

"It is also interesting to note that the worm patches the vulnerable API in memory so the machine will not be vulnerable anymore," said Mador. "It is not that the malware authors care so much about the computer as they want to make sure that other malware will not take it over too."

The worm also resets the machine's system restore point, said Microsoft in its technical write-up, which may make it difficult or impossible to "roll back" Windows to a pre-infection state.

PCs that have been patched with the MS08-067 fix are protected, Mador stressed.

Last week, Symantec bumped up its ThreatCon security alert status from "1" to "2" in response to attacks it had tracked hitting its customers and honeypots. Others security vendors, however, disputed the uptick.

Computerworld is an InfoWorld affiliate.

Google's social-networking Web site Orkut has been used to spread a malicious Trojan, says Websense.

According to an alert from the security firm, the hoax message, which has been received by a number of Orkut users and is written in Portuguese, looks like it comes from a lonely Orkut member looking for love and features a number of links that appear to point back to the social-networking site.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

However, Websense urges Orkut users not to click the links as they result in the Trojan imagem.exe being downloaded. This subsequently opens the Orkut login page while a password-stealing Trojan called msn.exe is downloaded in the background.