U.S. court tackles fake Canadian domain-name registrar, SEO popular with criminals, Intel to acquire McAfee, HP to buy Fortify, and time to be proactive on cybersecurity.

A U.S. judge has ordered a halt to a Canadian operation that allegedly posed as a domain-name registrar in an effort to collect fees from thousands of U.S. consumers, small businesses and nonprofits. Judge Robert Dow Jr. of the U.S. District Court for the Northern District of Illinois, Eastern Division, has ordered defendant Steven Dale to pay nearly US$4.3 million. The scam allegedly involved sending fake domain-name invoices to small businesses and other organizations.

SEO popular with criminals

According to a 2Q10 Global Threat Report published by Cisco Systems, criminals are using search engine optimization (SEO) and social engineering to become more efficient, luring more targeted victims to fewer URLs. Cisco estimated that search engine queries led to 74% of web malware encounters in the first quarter of 2010. Fortunately, two-thirds of those encounters either did not deliver exploit code or were blocked. But that means 35% of web-borne exploits are still reaching browsers, where they try to drop files, steal information, propagate themselves, or await further instructions.

Complex fraud on the rise: RCMP

Complex fraud schemes are on the rise in Canada, fuelled by technological advances and the popularity of social media, warns theRCMP in a new report on organized crime. The Criminal Intelligence Service Canada report shows that 38% of Canadians have been approached with a fraudulent investment in 2009 (consistent with figures from 2007). About 11% of those people actually put money in, but are investing more – in 2009, 38% of investors in fraud schemes put in more than $5,000, up from 32% three years earlier. People approached with such schemes are, however, more likely to report it: 26% did so in 2009, up from 17% two years earlier. The report attributed this in part to the publicity generated by the recent collapse of a number of Ponzi schemes exposed by the recent economic downturn, with collective Canadian losses of $320-million to date.

Intel to acquire McAfee

Intel has announced a bold moved into the security space: it plans to acquire McAfee for US$7.68 billion in cash. The logic of the move is based on Intel’s well-founded belief that the market for security technology will grow as more and more electronic devices are connected to IP-based networks, from home appliances to vending machines. Analysts expect that many of the tools that McAfee provides today may be built into chips and devices over time. At present McAfee predominantly sells antivirus software to consumers and businesses, with a suite of more sophisticated security products and services aimed at corporations.

McAfee Q2 threat report reveals malware at all time high

McAfee unveiled its McAfee Threats Report: Second Quarter 2010, which found that malware has reached its highest levels ever, making the first six months of 2010 the most active half-year ever for total malware production. At the same time, spam levelled out with only 2.5% growth from Q1 2010. There were 10 million new pieces of malware catalogued in the first half of this year.  Consistent with last quarter, threats on portable storage devices took the lead for the most popular malware, followed by fake anti-virus software and social media specific malware.

McAfee Labs: time to be proactive on cybersecurity

A new report published by McAfee has stressed the need for the security industry to take a more proactive position against cybercriminals. The report details the following methods for building a more offensive security strategy: use hacker techniques such as fuzzing and penetration testing; provide data to help prosecute cybercriminals;  and share intelligence information.  McAfee  also recommends implementing  “shuns” and “stuns”. Three successful takedowns to date – MoColo, Atrivo and Mega-D – fall into one of two categories: shuns, in which the Internet community ostracized the network, and stuns, which focused on incapacitating botnets.

HP to buy Fortify

HP is acquiring software security company Fortify. Fortify specializes in static application security analysis (scanning software for flaws or malicious code before deploying), while HP is more familiar with dynamic security analysis (scanning code while it’s live). The two companies previously worked together on Hybrid 2.0 to integrate static and dynamic security analysis. The union will push development of this technology even further.