Symantec came out with another very interesting piece of research last week. They published their "Dirtiest Web Sites of Summer 2009". These sites are the worst of the worst security offenders. Common threats include phishing attempts, malicious downloads, browser exploits and links to other unsafe sites.

On average, sites in this list contain an astounding 18,000 threats per site. Forty of the sites on this list have over 20,000 threats. And one particular offender has 23,414 serious security threats. And, finally, the Symantec list contains some information that will refute the notion that extremely dangerous sites are taken down quickly. It turns out that 3/4 of the sites on the list have been hosting threats for more than six months...

Last week, Cyveillance, a company which works in cyber intelligence, released another one of those truly chilling reports that cross my desk and compel me to write something in this blog. The "1H 2009 Cyber Intelligent Report" covered a number of interesting areas, but, perhaps the most interesting looked at how well security vendors are keeping up with the flood of malicious software that has been released.

If you follow this blog, you will know that I frequently write about how quickly malicious software has been growing. That alone is scary, but what will happen if security vendors cannot keep up? The Cyveillance report seems to suggest that security vendors are having trouble keeping up - if their numbers are to be believed, there could be dire times ahead.

The subject of social networking has come up several times on this blog. I have talked about how many researchers consider social networking to be one of the more vulnerable areas on the internet today (from a security perspective). I have also talked about some privacy concerns that affect social networking.

Today, I am going to cover a very interesting piece of research that was prepared by Joseph Bonneau and Sören Preibusch from the Computer Laboratory at the University of Cambridge. Entitled, "The Privacy Jungle: On the Market for Data Protection in Social Networks", this research took a sample of 45 social networking sites and analyzed each from a privacy perspective. This paper is relatively short and extraordinarily easy to read, so I suggest that you read the entire paper if you are interested in social networking and privacy.

More disturbing news came out of PandaLabs last week. According to their research, the number of computers infected with credential stealing malicious software has risen by 600% compared to this time last year! And, 71% of the new malicious software that PandaLabs receives are Trojans - and according to their press release, these are "mostly aimed at stealing bank details or credit card numbers."

In the press release promoting this research, Luis Corrons blamed the economic crisis and organized crime for this startling new trend. Mr. Corrons said, "this is in conjunction with organizations which have made a business out of selling personal information on the black market."

The last week has seen some major stories about identity theft and fraud. Since so many major things happened, I would like to point out a few of the major stories and give you some links so you can read more about them.

Perhaps the biggest news story was about Albert Gonzalez. On Monday, Gonzalez was charged with conspiracy, theft and fraud for allegedly stealing the personal data of 130 million people. Gonzalez could face five years in jail on conspiracy charges and another thirty years in jail for fraud. And top all that off with a fine of either $1.25 million or twice the amount of money he stole.

Do you run an eCommerce site? Would you like it to be included in the SmartSwipe database? If so, please comment on this thread and we will test your page and add the record in to our database. That way, when a SmartSwipe user visits your page, he/she can simply swipe, confirm his/her credit card details and complete the transaction.

It cannot get any easier than that...

There is a constant race being waged between cyber-criminals and security researchers and the spoils of this race are (or should be) of great importance to you. Cyber-criminal release a new strain of personal information stealing malicious software, researchers wait to receive a copy and then write a patch to fix it. And innocent people become victims in between the release and the patch.

Several days ago, PandaLabs released some research which shows just how adept cyber-criminals have become at winning this race. Turns out that 52% of malicious software only spreads and steals data for 24 hours before it becomes inactive and harmless. After 24 hours, this malicious software is replaced by new variants, which researchers have not yet had the opportunity to fix. The race continues...