Report: United States Is World's Top Spammer

The United States is now the top source of spam, accounting for almost 19 percent of all junk e-mail sent throughout the world, according to a new report out today from Sophos.

The security firm's "Dirty Dozen" report highlighted the top 12 countries responsible for the world's supply of spam during the third quarter. With the United States generating almost 2.5 times more spam than second-place India, the country now accounts for almost one in five junk messages. The United States' 18.6 percent share of all global spam also showed a significant jump from its 15.2 percent share in the second quarter.

Among the other top sources of spam, according to Sophos, are India with 7.6 percent of all global junk mail, Brazil with 5.7 percent, France with 5.4 percent, and the U.K. with 5 percent.

The report also highlighted the growth in spam from social-networking sites over the third quarter. Last month, Twitter users were hit by a "MouseOver" exploit that redirected them to third-party spam sites if they simply hovered over a link in a tweet. And over the summer, Facebook users faced their own scams, ones that attempted to trick them into filling out bogus surveys, with the information then used to spam their friends.

Much of the spam now being generated around the world isn't coming from the spammers themselves but from botnets, networks of infected computers directed to send junk mail to other unsuspecting users.

"You should never even be tempted to open a spam message out of curiosity, as it can only take a second to effectively hand over control of your computer to the spammers," Graham Cluley, senior technology consultant at Sophos, explained in a statement. "If your computer does become part of a botnet, you're also inviting further malware infections, which may compromise your personal or banking information."

To protect their PCs from infection by bots and other malware, Cluley advises users to run antispam and anti-malware tools, behave sensibly when online, and stay updated with the latest security patches.


Read more: http://news.cnet.com/8301-1009_3-20019611-83.html?tag=mncol;title#ixzz12qFP4bjw

Microsoft To Fix 49 Holes In Windows, IE, Office, And .NET

Microsoft will fix a record 49 vulnerabilities in its Patch Tuesday release next week that will involve 16 security bulletins affecting Windows, Internet Explorer, Office, and the .NET framework.

Four of the bulletins carry a "critical" rating, 10 are rated "important," and two are "moderate," according to the advisory.

They affect specifically Windows XP, Vista, Windows 7, Windows Server 2003 and 2008, Microsoft Office XP Service Pack 3, Office 2003 Service Pack 3, Office 2007 Service Pack 2, Office 2010, Office 2004 for Mac and 2008 for Mac, Windows SharePoint Services 3.0, SharePoint Server 2007, Groove Server 2010, and Office Web Apps.

Microsoft did not indicate whether two unpatched Windows holes that are being exploited by the Stuxnet worm will be fixed next week. Microsoft previously patched two other zero-day vulnerabilities in Windows the worm was using and said during last month's Patch Tuesday release that two more holes being used by Stuxnet needed to be plugged. Stuxnet spreads through the Windows vulnerabilities but was designed to target industrial control and critical infrastructure systems running Siemens software.

This is the highest number of vulnerabilities fixed in one Patch Tuesday release; the previous record was 34 holes fixed in August.

Meanwhile, in a tacit acknowledgment that after-the-fact patching isn't enough, Microsoft is proposing new ways to address security issues online. Earlier in the week, Microsoft released a paper (PDF) written by Scott Charney, corporate vice president for Microsoft's Trustworthy Computing, in which he proposes applying public health models to the Internet.

He suggests that computers could be given "health certificates" indicating whether they have the latest software patches, their firewalls are installed and correctly configured, antivirus programs are up-to-date, and that they are free of malware. If the health certificate indicates that something is amiss, an ISP could notify the computer user about the problem, and if the computer is being used in an attack, the bandwidth could be throttled to curb that activity, he said.

Comcast is already taking action to alert its Internet-using customers to possible malware on their computers as part of its anti-botnet service. And Brian Krebs reports that the FCC may do more to encourage ISPs to be more proactive in protecting consumer PCs.


Read more: http://news.cnet.com/8301-27080_3-20018933-245.html?tag=mncol;title#ixzz1253q6VPW