Next time you install a Windows machine, think twice before you plug it to the network before installing all patches and securing it..

Sophos has come up with some pretty interesting research: apparently, there’s a 50 percent chance unprotected Windows PCs will be compromised within 12 minutes of going online. Sophos came to that conclusion based on research covering the last six months of virus activity. The company said authors of malware such as spam, viruses, phishing scams and spyware have increased both the volume and sophistication of their assaults, releasing almost 8,000 new viruses in the first half of 2005 and increasingly teaming up in joint ventures to make money. The new-virus figure is up 59 percent on the same period last year.

[Via Slashdot -]

Phishers go to jail, at least in England.

Douglas Harvard, 24, a U.S. citizen who lives in Leeds, England, was
sentenced to six years in prison, and Lee Elwood, 25, of Glasgow was
given four years behind bars. According to the National Hi-Tech Crime
Unit (NHTCU), the two stole at least 750,000 pounds in one 10-month
period as they forwarded money on to unnamed groups in Russia.

The phish-bust was done by NHTCU in cooperation with the FBI. The prison sentence is under the money laundering and defrauding, and not under some fancy anti-phishing new bill. This shows that successful prosecution of cybercriminals does not necessarily require new anti-phishing or anti-spam laws, as long as current and existing laws allow similar relief and prosecution - such as money laundering or fraud laws.

[Via CNET News.com -]

Not sure if this would solve the problem of children receiving "bad" emails, but it is a step in the right direction. Problem is, what happens when these state-run opt-out registries for children’s email addresses are compromised and fall into the hands of spammers, or phishers? Imagine how hard it is to convince a child to click on a colorful animated picture received in an email and imagine what information a child may be lured to enter onto a website.

Talaria writes "The Institute for Spam and Internet Public Policy is reporting that two new laws in Utah and Michigan are going into effect next week, creating ‘do not email’ registries for children’s email addresses. According to ISIPP, ‘Email marketers who send unpermitted messages to email addresses or domains on the child protection registries in Michigan and Utah face stiff penalties including prison and fines.’" (Note that ISIPP has a vested interest in publicizing these laws, since they offer a service intended to establish that senders are in fact within the law.)

Hopefully the implementation of these registries would not create more problems than they are trying to solve.

[Via Daves iPaq, NJ -]

A software piracy ring has been busted by US DOJ federal agents with 70 raids resulting in four (only four??) arrests.

The U.S. raids were coordinated with law enforcement officials in 10 other countries conducting similar operations. According to the Department of Justice (DoJ), the raids were all targeted at the Internet’s "first providers" of pirated software, movies, music and games.

Commonly known as "warez" groups, the networks operate as the original sources for the majority of pirated works distributed and downloaded on the Internet. The stolen works frequently eventually filter down to peer-to-peer (P2P) networks and other public file-sharing networks.

[Via InternetNews.com -]

More on spyware - Microsoft is in talks to buy Claria which is also known as Gator and which is also involved in some high-profile trademark and defamation disputes relating to spyware. Yes, Gator was actually the company that successfully installed itself via various P2P programs and delivered timely and carefully targeted pop-up ads to millions of web users.

And now Microsoft is buying it? Is Microsoft getting into the spyware business? Unlikely. Or Microsoft is trying to solve the problem of spyware by buying and shutting down Claria? Unlikely.

Two years ago a number of publications including the New York Times and the Washington Post
sued Gator in a lawsuit that named them a "parasite". The company
changed its name two years ago and in an attempt to expunge the past,
sued the web site PCPitstop which referred to its past as a spyware
propagator.

…

[Via Register, UK -]

No wonder Microsoft is getting into the anti-spyware business? A recent report, Corporate Anti-Spyware Market 2005, shows growing corporate concerns over spyware - itther from trade secrets perspective or from security/maintenance perspective.

The report predicts that the number of corporate users with
anti-spyware tools will grow from 16 million users in 2005 to 540
million users in 2009. It also says the costs could rise to as much as
$249 (£139) per user, as IT departments are swamped by users whose
computers have been infected by spyware.

Either Microsoft has great business acumen, or they are really good at creating the market for their own product.

[Via ZDNet UK, UK -]

A data breach doesn’t go by itself. Following the major MasterCard breach where 40M accounts were compromised, a number of phish attacks have been noticed where phishers are trying to exploit the publicity and the fear among consumers to lure them into "protecting" their identity by entering it into a web page.

The phishers and malware writers have started sending e-mails that refer to the high profile data security breach
at MasterCard — when information on more than 40 million credit cards
was stolen – with an offer to help worried card holders into
"recovering" their stolen information.

[Via ZDNet.com.au, Australia -]

An interesting editorial by Sam Vaknin on the economics and the numbers of spam. Among most interesting, to me, at least,

Jupiter Media Matrix predicted in 2001 that the number of spam messages
annually received by a typical Internet user will double to 1400 and
spending on legitimate e-mail marketing will reach $9.4 billion by 2006
- compared to $1 billion in 2001. Forrester Research pegs the number at
$4.8 billion in 2003.


More than 2.3-5 billion spam messages are sent daily.
eMarketer puts the figures a lot lower at 76 billion messages in 2002.
By 2006, daily spam output will soar to c. 15 billion missives, says
Radicati Group. Jupiter projects a more modest 268 billion annual
messages this year (2005). An average communication costs the spammer
0.00032 cents.

[Via WebProNews, KY -]

Should there be jail penalty for identity theft? Considering the seriousness of the crime and the relatively few ways for individuals to protect themselves (you can’t really encrypt CitiGroup’s tapes holding your info when they are shipped) the deterrent should be large enough.

That’s on the side of criminals. How about CEOs who fail to notify the customers that their information has been jeopardized? A version of the federal legislation dealing with the rampant identity theft actually proposes criminal penalties for business leaders who do not notify promptly the affected customers.

Specter and Leahy’s bill would require businesses across the nation to
make data security breaches public. Those that do not could face
criminal prosecution.

[Via CNET News.com -]