A study in University of Michigan revealed shocking facts: there was at least single design vulnerability in more than 75 percent of online banking websites. And each of those flaws could make customers lose money or even identities. The researches were surprised that vulnerabilities were that common even on the most reputable websites.

One of the most dangerous vulnerability was redirecting to third-party websites. It’s not necessarily a bad thing, however a customer using a banking site can’t possibly know if the new website is safe or not. If he decides to trust the third-party website, he might burn his fingers because of trusting the bank and everything related to this institution. The redirection trick is often used by malicious toolbars, trojans and other malware. Redirecting to other websites is wrong choice for online banking because it confuses website’s visitors.

The other flaw was using SSL (secure socket layer) protocol only on several pages and leaving login pages unsecured. 47 percent of banking websites made their customers vulnerable by letting average hacker to harvest the login data.

31 percent of banks emailed security-sensitive data insecurely. Emailing passwords, statements and links to sensitive information is not a wise move.

Allowing insecure login names and passwords is also a practice that should be avoided by online banking website, yet 28 percent of banks thought differently. It’s easy to remember your login or password when those are the same as your social security number or email address. But those are also easy to find by others. Someone can even guess login information if it’s simple like that. The 28 percent allowing insecure IDs and passwords includes banking websites that allows weak passwords. A website that is concerned about customer’s security won’t let him use password identical to login name or other passwords that can by guessed easily.

The researchers are going to publish detailed results of this study on July 25.

ScanSafe Global Threat research reported malware rates were 278 percent higher first half of 2008 in comparison to last year’s data. The types of infections and scams are also changing over time, so prevention of malware becomes more complicated. The scams that were popular a year ago could be recognized easier while the most common online frauds of 2008 so far were masked well. This new twist from apparent to invisible brings more victims of malware because it makes fraud almost impossible to recognize with a bare eye.

Compromising reputable legal websites or making infected look-alike copies is not a new strategy; however it was quite rare on the first half of 2007. These tactics are dangerous because of two reasons: computers are infected secretly and the reputation of legitimate websites gets worse in time.

ScanSafe reported good news as well. Although numbers of backdoor trojans and password stealers increased from 4 percent (January 2008) to 27 (June 2008), these types of malware were blocked on most majority of computers by security tools.

Almost 85 percent of emails in Swiss email box is spam; this made Switzerland to take a crown off regular leader in this field – Hong Kong. Spam occupies 82.6% of inboxes in this country. France got ribbon for the third place with 82.1% of email messages recognized as spam. Israel and Austria had respectively 80.1 percent and 79.6 percent of spam emails.

McAfee recruited 50 volunteers in 10 countries for a job every security expert tells you to avoid at all costs: replying to spam emails and clicking on every shiny pop-up. Every volunteer has been given a new computer for this experiment. Fortunately, the test only took a month and the participants were more that fortunate to have fabricated online IDs (names, emails, bank accounts, etc.). Volunteers been attacked by numerous spam messages, but instead of avoiding spam and trying to keep their emails off the lists of spammers, participants did the contrary thing: replied to every offer, visited each “recommended” website and gave their personal information to anyone who asked for it. Each fabricated bank account was hacked several times. And the results were even worse than McAfee expected: The least amount of spam was approximately 3000 emails a month (Germany and France) and the biggest amount was more than 23,000 a month (U.S.A.). Could you handle 750 email messages daily? Needless to say, the participants were happy when the experiment ended. The computers dedicated for this test were hardly working at the end of the month because of spyware, trojans and other malicious programs.

The study was based on Google logs that recorded names of web browsers used for each search request on Google on time period between January 2007 and June 2008. Results of research that included 1.4 billion Web users can be considered accurate. Study revealed that 576 million users of 1.4 billion used unsafe software to browse the web. Measuring safety of web browser might look a difficult task on the first sight, but each browser has vulnerabilities that can be exploited. Fortunately, software developers discover exploits and release updated software regularly. Unfortunately, malware creators discover vulnerabilities as well and use them for their own good. That’s why web browsers should be updated immediately when new version is released. The older version of web browser is aboard a machine, the more chances to fall a victim of cyber crimes.

Users of Mozilla Firefox are the ones that care about their safety the most; the latest version was found on 83.3 percent of computers with Firefox aboard. The most popular Microsoft Internet Explorer hadn’t performed well: only 47.6 percent of users had the safest new version. The numbers may have been a little different if researchers weren’t strict. They automatically labeled IE6 as insecure, but this classification has a point as using IE6 without additional security tools is a risky deal. 65.3 percent of users of Safari browser had the updated version while 56.1 percent of Opera browser fans had the newest update.

Researchers pointed the reason why Firefox users are more likely to have the updated version: it is because the updating process of Mozilla Firefox browser is the most simple of all the browsers. User is prompted to install the update right after it is released and if he/she refuses, the update is installed automatically the next time browser is opened.

The name “Nigerian scam” usually stands for any online scam that involves cashing fake checks or helping to transfer money from certain country. But the scam that recently was exposed actually originated in Nigeria. The Nigerian scammers are still not arrested, but a Washington woman that supervised the fraud was punished this week. She will be imprisoned for two years, although many people she fooled wish the punishment was harder. Fake checks worth $1.1 million were found at her house at the time of arrest. Other checks and money orders worth approximately $600,000 were already sent to gullible people.

The worst thing about Nigerian scam is that victims don’t realize they are doing something illegal. The scammers send thousands of emails asking to cash a check or money order because they supposedly live outside the USA and they can’t do it on their own. They usually even add some sad story next to the “help request”. People who are generous and agree to cash money then become responsible for the scam as well, because they are those who come to bank with fake documents. The scammers don’t risk anything – they can always send another thousand of fabricated requests. But they turn the helpful people into really terrible position when the scam is exposed.

Security experts and police chase scammers, but they agree that the only way to stop the scam is educate people.

The name “Consumerpromotionscenter.com” is well known for MySpace members who are on the social network since summer 2006. But there’s no one who would like to praise the company, because the website was promoted in millions of spam messages. Scott Richter managed to send 100 million spam messages daily on August 2006; he thought it could be nice advertising campaign. MySpace authorities and users thought the other way around and finally sued him and the company on January last year. He created several fake accounts and used them to distribute spam. The fine is not the biggest for Scott Richter: the earlier company he owned had to pay $7 million for Microsoft for similar charges.

According to survey results one in three persons using computer at home clicks links given on spam email messages. One in four home users had problems with computer infections at the time of reasearch; however 1 in 10 admitted they never updated security tools.

Cybercrime is one of the biggest problems on the list for ministers of the G8 nations. The ministers met for two-day summit in Tokyo to discuss major issues of nowadays.

Cyber crimes include various types of criminal activity, but they all are either committed with help of technology or committed online. This category contains copyright issues of content distributed through peer-to-peer networks; online harassment and pornography are also considered cyber crimes.

Old-fashioned spam used for marketing purposes seems to be harmless in comparison with spam that infects computers and targets online bank accounts. However all the spam messages brings loss because it jams the internet, floods email inboxes and distracts people from more important things. According to security experts the price of sending tons of spasm emails is relatively low and it pays off even if very few people reply to spam messages. And if the spam is worth sending, anti-spam measures are worth fighting.

Although spam messages don’t seem to be complicated, automatic recognition and filtering are difficult tasks to do. Spam blockers can recognize certain schemes, but they may become blind if the email contains additional text similar to non-spam content. That’s why this type of spam protection is not a highly effective one.

Botnets that keep growing all over the world are another reason why spammers are difficult to identify. Spammers use zombie networks because anti-spy products can actually track down an IP of computer used to send spam. And the IP of computer in botnet gives nothing useful because the owner of zombie computer usually has no idea it was infected. However the networks have their ‘masters’ – computers that sends commands and anti-spam vendors are working on detecting the leading machines so the identities of spammers could be revealed.

Anti-spam software has a lot of potential because of constant studies of spam techniques and zombie networks. However, the main power that theoretically could take the spam down is regular computer owners. The perfectly planned network of spammers and scammers can be easily busted by an educated computer user who can recognize the scam. But it can also trick the user and rob his money, if the user isn’t computer literate.