Since this blog went live, we have published a few different stories on scareware. Dan McCann started things off and threw down the gauntlet with a great article about scareware. Then, I published some results of research that PandaLabs performed - this research demonstrated that scareware was growing at an incredibly fast pace.

And today came news that the New York Times, that venerable, highly respected publication was hosting a piece of scareware. While details are still scant, according to an article written by Riva Richmond, many viewers to the New York Times' web site were confronted with ads for scareware.

Symantec came out with another very interesting piece of research last week. They published their "Dirtiest Web Sites of Summer 2009". These sites are the worst of the worst security offenders. Common threats include phishing attempts, malicious downloads, browser exploits and links to other unsafe sites.

On average, sites in this list contain an astounding 18,000 threats per site. Forty of the sites on this list have over 20,000 threats. And one particular offender has 23,414 serious security threats. And, finally, the Symantec list contains some information that will refute the notion that extremely dangerous sites are taken down quickly. It turns out that 3/4 of the sites on the list have been hosting threats for more than six months...

Last week, Cyveillance, a company which works in cyber intelligence, released another one of those truly chilling reports that cross my desk and compel me to write something in this blog. The "1H 2009 Cyber Intelligent Report" covered a number of interesting areas, but, perhaps the most interesting looked at how well security vendors are keeping up with the flood of malicious software that has been released.

If you follow this blog, you will know that I frequently write about how quickly malicious software has been growing. That alone is scary, but what will happen if security vendors cannot keep up? The Cyveillance report seems to suggest that security vendors are having trouble keeping up - if their numbers are to be believed, there could be dire times ahead.

More disturbing news came out of PandaLabs last week. According to their research, the number of computers infected with credential stealing malicious software has risen by 600% compared to this time last year! And, 71% of the new malicious software that PandaLabs receives are Trojans - and according to their press release, these are "mostly aimed at stealing bank details or credit card numbers."

In the press release promoting this research, Luis Corrons blamed the economic crisis and organized crime for this startling new trend. Mr. Corrons said, "this is in conjunction with organizations which have made a business out of selling personal information on the black market."

The last week has seen some major stories about identity theft and fraud. Since so many major things happened, I would like to point out a few of the major stories and give you some links so you can read more about them.

Perhaps the biggest news story was about Albert Gonzalez. On Monday, Gonzalez was charged with conspiracy, theft and fraud for allegedly stealing the personal data of 130 million people. Gonzalez could face five years in jail on conspiracy charges and another thirty years in jail for fraud. And top all that off with a fine of either $1.25 million or twice the amount of money he stole.

There is a constant race being waged between cyber-criminals and security researchers and the spoils of this race are (or should be) of great importance to you. Cyber-criminal release a new strain of personal information stealing malicious software, researchers wait to receive a copy and then write a patch to fix it. And innocent people become victims in between the release and the patch.

Several days ago, PandaLabs released some research which shows just how adept cyber-criminals have become at winning this race. Turns out that 52% of malicious software only spreads and steals data for 24 hours before it becomes inactive and harmless. After 24 hours, this malicious software is replaced by new variants, which researchers have not yet had the opportunity to fix. The race continues...

I think that I am slipping - it is August 20 and I still have not updated this blog with Phonebuster's identity theft statistics from July 2009! July 2009 saw the continuation of a scary trend that I mentioned in last month's article - fewer victims are getting defrauded out of significantly more money.

In July 2009, 714 people reported being defrauded out of $982,748.15. This compares to June 2009, when 984 people reported being defrauded out of $828,029.53. So far in 2009, 7,841 people reported being defrauded out of $6,467,582.67! Considering that a very small percentage of identity theft victims report the crime to Phonebusters, these numbers are just the tip of the iceberg. Identity theft costs are soaring and individuals are losing more money per theft than they did just a few months ago.

Dan McCann talked about scareware in one of the very first articles published on this site.  To review, 'scareware' is a particularly evil form of malicious software.  Scareware will pop up a warning that tells you that your computer is infected with viruses, then it will offer to fix these viruses if you download a program and pay an activation/licensing fee.  Now, here is the problem - you were never really infected with those viruses, rather, you were caught up in a very convincing, thoroughly scary kind of scam.

Yesterday, Panda Labs released some research into scareware (though they call it rogueware).  "The Business of Rogueware" contains some very interesting statistics on the growth of this new kind of scam.  This fake anti-virus software is growing at an incredible pace.  Consider these numbers:

• in the first quarter of 2009, more scareware strains were created/detected than in all of 2008
• approximately 35 million computers are infected with scareware every month.
• cyber-criminals make an estimated $34 million per month through these kinds of attacks