Matthew Hines wrote an excellent article last week on how malicious software vendors have 'mastered' search engine optimization to the point that, when breaking news hits, they are able to consistently beat legitimate news sites. The problem is that these malicious sites are getting to the top of Google's rankings, thus turning the search engine and people's natural curiosity about current events into a tool to distribute malicious software.

Hines cited some research conducted by Roger Thompson, who is AVG's Chief Research Officer. Thompson specifically focused on the recent earthquake in Samoa. In doing so, he discovered that 50% of Google's top stories contained some form of malicious threat. Sites that host malicious software even beat out such big names as CNN and the Guardian!

Today is the second Monday of October and so Canadians are celebrating Thanksgiving. Sad day for turkeys, but a great day for all of us. So, on behalf of the entire SmartSwipe team, I would like to take this opportunity to wish each and every one of you a very happy Thanksgiving.

Be safe!

The United States Internal Revenue Service recently notified its clients that a phony email (claiming to be from the IRS) was circulating around the web. This particular email's subject tells recipients that they have underreported their income and advises them to login to a site to update their records. Problem is, if recipients click on the link, their computers end up infected with malicious software. While the I.R.S. has been the subject of many high profile phishing attacks, I think that this method is especially interesting.

Think about this for a moment - what thoughts would go through your mind if you got an email message that said you underreported your income? Would you be scared that you were going to face criminal charges? Would you worry that someone had stolen your identity and earned income under your name/social security number? Would you have images of serving time on tax evasion charges? And, if thoughts like this are running through your head, do you think you would make the most rational decision?

It turns out that, if you are so inclined, you can buy the 'Adrenalin botnet kit for $3,500. The 'premium product' includes built-in exploits (like a keystroke logger), the ability to steal digital certificates, the ability to encrypt any data that is stolen, the ability to conceal itself from security tools...and complimentary 24/7 technical support.

Oh yes, cyber criminals have become so brazen that they now openly offer technical support to anyone who can step up and buy their products. Not only is this a sad sign of how ineffective our current model of law enforcement is against cyber-crime, it is also a sad sign of the changing face of cyber-crime. Think about it - if they offer technical support, it must mean that they want anyone (with a criminal mindset and $3,500 kicking around) to be able to use this tool to set up botnets and steal as much personal data as possible.

Phonebusters came out with its October report and I wanted to pass along an update so that you could get some more information on the state of identity theft in Canada. September 2009 was another bad month for identity theft - Phonebusters reported that 808 people called in to report identity theft. These people lost a total of $1,143,206.95.

When you compare those numbers to August, you will see that the number of cases reported dropped while the total stolen went up a little bit. In September, 1,468 people reported being victims, but they only reported having been defrauded out of $1,056,880.49. If you work out these averages, it means that in August, the average loss was $719.95. In September, the average loss increased to $1,414.86. The average loss per case increased by over 90%...in one month.

According to Forrester Research, online retail sales are set to grow 11% in 2009. Even though this is smallest growth in a decade it is still growth in a recession. However, consumers are still hesitant to press the ‘submit’ button even though they are clearly looking to buy. The E-tailing Group reports shoppers are abandoning shopping carts at rates of 41% to 50% of the time. And Marketing Sherpa reports an average abandonment rate of 60%.

The top reasons why consumers are hesitating are security and privacy, comparison shopping, hidden return policies, confusion and impatience. These reasons are rational and ultimately predictable. It is obvious many consumers are still not comfortable with the online shopping process. Online retailers have done a lot to try and comfort customers about the security of their site with lock symbols and 3rd party endorsements, but it still seems like the Wild West.

I think that I have the greatest job in the world. Basically, I get to spend all day working on the bleeding edge of internet security. Netsecure is a great company to work for and I'm surrounded by some of the funnest people I know every time I go in to work. And, in my customer support role, I get to meet and make friends with SmartSwipers from around the world.

Certain SmartSwipers stand out to me. One particular gentleman really opened my eyes towards the world of accessibility.

Two major security companies released some very interesting numbers today. Symantec published numbers which showed that 12.3% of the malware it detected in September 2009 was new. And Panda Security published a report which demonstrated (amongst other things) that world-wide malware infections were up 15% in September. Sounds like another gloomy day in the security world, hey?

Not necessarily. Symantec also published some very positive news. For example, the percentage of email that are infected with malware actually dropped 0.09 percent in September. And, the number of phishing emails dropped 0.11 percent.