India is now the world's single biggest producer of viruses, accounting for 13.74 per cent, while Russia comes next, producing just over 11 per cent. The US now accounts for just over eight per cent, an impressive decrease from 14.65 per cent last month.

The UK dropped down from fourth to seventh on the list.

However, there was bad news for the US in the spam list, with the latest stats showing it came out as number one source for worldwide spam, at just over 12 per cent. India came second with Brazil in third and the UK in fourth with five per cent.

The stats echo those form Symantec Hosted Services which last week declared the UK also in fourth place with around 4.5 per cent of the world's share of spam.

However, Network Box warned that the trends are unlikely to continue in the same vein next month, given the agility of cyber criminals.

"The country sources of these internet threats shifts each month, which shows how quickly internet criminals can move their operations round the world and launch attacks," said Network Box internet security analyst, Simon Heron.

"Businesses need to be vigilant and ensure they are not opening up the back door to a hacker when they use new applications or technologies."

The security firm said that blackhat search engine optimisation attacks were being used to distribute malware, and added that it had found as many as 200 different web addresses that exploit the teen singer's name.

Panda found a number of references to Bieber on the links it studied, and these ranged from 'justin bieber takes estrogen pills', to 'justin bieber smoking weed', 'justin bieber pregnant', and 'justin bieber removes left testicle'.

Although this technique is not new - the last episode of meandering confusathon Lost prompted a similar blooming of sites, for example - it is still annoying. Panda said that the fake web sites appeared high in search rankings, and once clicked prompted the user to download a file which turns out to be fake anti virus software.

"These types of activities have become increasingly common and any popular topic or issue is used by cyber-crooks to spread their creations," said Luis Corrons, technical director of Panda Labs.

"By positioning web sites used to distribute malware among the first results in search engines, they can be sure that numerous internet users will inadvertently download the fake antivirus."

The security firm revealed that the 'Small Business Success Index' widget was infected last week, but the malware could have been operating in some form for months. It soon realised that the problem was much more widespread than at first thought.

"Yesterday I had some time to sit down and study this widget further, and discovered something critical - it's a part of the standard domain parking page of Network Solutions," explained co-founder Wayne Huang.

According to a Google search, the widget in question was available and serving malware on more than 500,000 domains, but according to Yahoo that number rose to over five million, he said.

"I didn't have time to click on every single one of them, but I clicked on enough to conclude that, all of them are indeed infected, via the same widget we blogged about a few days ago," wrote Huang.

"Also, neither Google or Yahoo actually shows all results. Google shows the first 45 pages only, and Yahoo shows the first 100 only. So we couldn't really go through all the domains one by one...and 5 million is too large a number for manual verification anyways."

The drive-by-malware in question, when downloaded, redirects user searches and monitors various search terms, automatically popping up advertising on the user's screen, for which the malware writer will get a fee.

According to Armorize, Network Solutions took down the widget within three hours of being contacted. However it remains worrying how such a large scale drive-by download remained under the radar for so long.

Up to 50,000 computers may have been infected by Masato Nakatsuji, 27, of Izumisano, Osaka Prefecture, the Asahi Shinbun reported today.

High-tech crime officers said Nakatsuji is suspected of writing the Ikatako (squid-octopus) virus, which was distributed on the Winny file-sharing site in May, disguised as a file for anime songs, according to the report.

He was arrested whilst serving a suspended sentence for a previous offence and reportedly told police: "I wanted to see how much my computer programming skills had improved since the last time I was arrested."

Police arrested Nakatsuji in 2008 for violating copyright laws by writing a virus which replaced user files with anime images.

The European Union's executive body reviewed the use of smartphones by its staff, which number over 30,000, two years ago, according to a Reuters report today.

"Following this evaluation, the HTC and the iPhones emerged as the most suitable platforms for voice/mail-centric mobile devices," a Commission spokesman told Reuters in an email.

"As a result, the Commission currently supports these two platforms."

The news will be a blow to RIM as it struggles to fend off strong competition from Apple and phones running Google's Android operating system.

Apple pulled off a coup in May when UK bank Standard Chartered offered its worldwide workforce the chance to switch from BlackBerry to iPhone.

The decision by Saudi Arabia and the United Arab Emirates this week to ban key BlackBerry services has added to RIM's woes.

However, somewhat ironically, these "security concerns" appear more to be due to the fact that BlackBerrys are too secure, with both authorities expressing concerns that they can't monitor encrypted communications made over the devices.

For its part, the UK government remains convinced that BlackBerrys are the most secure smartphone around, saying in June that it would not sanction ministerial use of iPhones for official business due to security concerns.

"The only mobile telecoms or personal digital assistant devices that have been issued to ministers of the department are BlackBerrys," said health secretary Simon Burns.

"The department does not issue Apple iPhones to staff as these are not approved for government use by the Communications-Electronics Security Group [CESG]."

A fictitious web site was created especially for participants to hack into and the results were interesting and a little frightening.

Using tools such as Nmap (port scanner), Netcat (multi-purpose tool), Metasploit (command line tool) and John the Ripper (password cracker), which are all freely available on the internet, we had a crack.

We successfully managed to hack into the fabricated web site and obtained not only admin login details, but credit card details of the owners and customers in under just under half an hour.

This was done using a Virtual Network Computing (VNC) tool, which we installed on the fictitious admin machine to gain remote desktop access.

Alan Cottom, technical engineering specialist at Stonesoft, was on hand to explain the principles.

There are usually five steps that an attacker goes through when looking to carry out a hack:

1. Selecting the target: There are mainly two types of hackers. Those who focus on an individual or organisation for financial/political gain and those who are opportunistic, who scan ports looking to find vulnerable systems.

2. Gathering information: Once a target has been selected, the hacker embarks on the most important process which is the research phase. Attackers aim to gather as much information as possible, including business/domain/contact names, web site addresses, phone numbers and emails. These are all primary pieces of information that a hacker is eager to acquire. The more information an attacker has, the easier it is to gain access into a system.

Individuals must be careful about posting computer details on forums as hackers commonly browse these to pick up information about potential targets.

Hackers are always on the look out for mergers and acquisitions as these are seen as 'soft targets' because businesses usually want to link IT systems quickly and may sacrifice security, Cottom said.

3. Exploiting vulnerabilities: Hackers do not waste their time breaking into firewalls, they look to exploit vulnerable areas of a system i.e. through a web server that may not have been patched properly or a test machine that has remained connected.

4. Leaving a back door: After access has been found, a hacker always leaves a back door to regain entry, by planting a root kit or a remote shell. Some may even modify access rules.

5. Covering tracks: The best attackers will look to disable auditing processes and delete event logs.

The first thing a good administrator will do if he/she suspects there has been an attack is check the logs, so hackers will want to cover their tracks by disabling these, Cottom said.

There have been several high profile hacks recently including the infiltration of Google's Gaia password system in January. This occurred when an employee clicked on an MMS link and had their machine infiltrated, which was used to gain access to the firm's admin system.

However, Twitter experienced one of the most embarrassingly simple hacks last year when a user used a brute force password cracker to gain admin access. Passwords were changed, private information was viewed, and tweets were sent out from users such as Britney Spears.

Twitter could have avoided this by simple employing a lockout of accounts after three-password attempts.

Essential Security Tips from Stonesoft
- Use alphanumeric passwords, but not ones that are so complicated that you need to write them down.
- Keep anti-virus software and patches up-to-date.
- Do not click on suspicious links in emails or instant messages.
- Turn office hardware off at night.
- Take a look at some Intrusion Prevention Software.

V3.co.uk will post a video demo of Alan Cottom explaining the stages of hacking soon.

Firstly, it's been discovered that many "private" browser sessions are in fact nothing of the sort, and that hackers could gain access to sites visited, despite claims to the contrary by many firms.

A report on the New Scientist web site claims that researcher Collin Jackson from the Carnegie Mellon University in Pittsburgh found ways that hackers could detect which sites were visited even with the security mode enabled.

A hacker could, "guess what sites you've been to based on traces left behind", Jackson is reported as saying.

Secondly, a wireless security researcher from AirTight Networks claims to have discovered a vulnerability in the WPA2 security protocol for Wi-Fi protection that compromises user security, which has been termed Hole 196.

Md Sohail Ahmad explained that the Hole 196 loophole allows malicious users to bypass private key encryption and authentication to sniff and decrypt data from other users, scan Wi-Fi devices and install malware.

Although AirTight acknowledged that to exploit this vulnerability a hacker would have to be on the same network, corporate thieving and espionage is a key concern to many large corporations, making the threat very real.

The vulnerability has been given the name Hole 196 as it relates to a line on page 196 of the IEEE 802.11 Revised Standard published in 2007 from which the exploit is made possible.
Ahmad will be demonstrating the vulnerability at the Black Hat Arsenal (and again at DEFCON18) in a presentation wonderfully titled "WPA Too?!" on 29 July.

The Chromium Security Reward scheme was launched in January and Google claims that the program has been a success.

"We have been notified of numerous bugs, and some of the participants have made it clear that it was the reward program that motivated them to get involved with Chromium security," Google said in a blog post this week.

"Whilst the base reward for less serious bugs remains at $500, the panel will consider rewarding more for high-quality bug reports. Factors indicating a high-quality bug report might include a careful test case reduction, an accurate analysis of root cause, or productive discussion towards resolution."

The maximum reward for a single bug has been increased substantially from $1,337 to $3,133.7. But this will only be paid to those who find critical bugs in Chromium, the company said.

The increased reward reflects the fact that the sandbox makes it harder to find bugs of this severity, Google added.

Google follows in the tracks of Mozilla, which upped its bounty payment to $3,000 last week.

Even though Google has added $3,000 to the reward, not all users are happy, however.

"I highly doubt a $3,133.7 payoff is justifiable. If you figure an individual (or team) put in a combined effort of 160 hours, you're getting paid roughly $19 per hour," noted one commenter on the Google blog.

"I personally wouldn't waste my resources on someone who can not be justified being paid more than $19/hr. Neither would I waste my time providing any information to anyone who values their operating budget for security at $19/hour per incident."

Looks like someone woke up on the wrong side of bed.....or maybe he was just upset that the reward is no longer code for elite.

The add-on contained code that intercepted login data submitted to any web site, and sent this data to a remote location.

Mozilla discovered the bug on 12 July, and added it to its block list prompting the add-on to be uninstalled.

"All current users should receive an uninstall notification within a day or so. The site this add-on sends data to seems to be down at the moment, so it is unknown if data is still being collected," Mozilla said in a blog post.

Mozilla Sniffer was not developed or reviewed by Mozilla. It was in an experimental state, and all users that installed it should have seen a warning indicating it is was not reviewed, Mozilla said.

A security flaw was also discovered in version 3.0.1 of the CoolPreviews add-on.

The vulnerability is triggered using a specially crafted hyperlink. If the user hovers the cursor over this link, the attacking script is given control over the host computer.

So far 177,000 users have a vulnerable version installed. This is less than 25 per cent of the install base and it will continue to decrease as more users are prompted to update to a new version, Mozilla noted.

Among the highest severity vulnerabilities, given a CVSS base score of 10.0, are a flaw in the TimesTen In-Memory Database and two in the Oracle Secure Backup product.

There were 17 fixes in total scheduled for Oracle applications including PeopleSoft and JDEdwards suite, the Supply Chain Products suite and the E-Business suite.

However, the biggest set of fixes was reserved for Sun's Solaris products.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible," noted the CPU.

"Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack."

Removing user privileges or the ability to access certain packages from users that do not need the privileges may help reduce the risk of successful attack, although must only be seen as a temporary solution, said Oracle.

It will be a busy time for security administrators, who also had to cope with the latest Patch Tuesday from Microsoft, which saw the release of four fixes for five vulnerabilities capable of allowing remote code execution attacks.

One of the issues set to be addressed was a flaw first disclosed by Adobe early on this month alongside a problem with Flash Player, which was subsequently fixed.

The issue relates to the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and Unix and could cause a crash and potentially allow an attacker to take control of the affected system.

"Note that the 29 June 2010 updates represent an accelerated release of the next quarterly security update originally scheduled for 13 July 2010," noted an Adobe security blog post

"With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on 13 July 2010."

Although Adobe is right to accelerate its update schedule for this flaw, given that it is being actively exploited in the wild, the firm will be angry that its products are receiving yet more bad publicity, given the long-running dispute with Apple over the security and stability issues of Flash.

Tory blog London Spin revealed the Conservative MP for Suffolk Coastal also had her blog hacked - presumably all three accounts shared the same log-in credentials - with attackers posting "sexually explicit messages and comments".

On Wednesday evening Coffey wrote on her blog "My account has been hacked - am trying to rectify the problem now". In a tweet later she wrote: "I have the email of the person who has hacked in, so hopefully I can do something about it."

It remains to be seen how the attacker managed to hack into Coffey's account, although it's a timely reminder, especially for those with official Twitter accounts, to keep a close eye on account activity, and ensure passwords for different accounts are kept separate.

It seems even those with Verified Twitter accounts are not guaranteed a secure account, with Britney Spears falling victim late last year.

The security vendor revealed in its May roundup that Apple's Safari browser fell prey to a vulnerability that allowed cybercriminals to execute arbitrary code if users visited a malicious site. Opera was found to have a similar vulnerability.

These browsers, along with Google's Chrome and others, are likely to be targeted in increasingly large numbers as the traditional dominance of Internet Explorer, and to an extent Firefox, crumbles in the aftermath of the EU's browser ballot decision.

Trend Micro also showed a predictable increase in FIFA World Cup 2010 related spam, while PayPal remained the number one phishing target in terms of site and email spoofing.

"These statistics really demonstrate that attacks are increasingly regional and targeted in nature", said Rik Ferguson, senior security advisor at Trend Micro.

"The limited mitigation afforded by using a less widespread browser is increasingly sidelined by criminals all too aware that the browser market has changed for good."

The rationale is that with Kaspersky Mobile Security 9 software installed, users can block the phone if it is stolen.

The location of a lost smartphone can also be tracked using built-in GPS technology, and if the SIM is replaced, the owner will receive immediate notification of the phone's new number, according to the vendor.

Kaspersky Lab is not the only vendor looking to use the global passion for the beautiful game to promote its own products and services - Twitter and Facebook have both sought to jump on the World Cup bandwagon with new offerings.

However, ITV's attempts to screen the matches live on its site seem to have hit a technical hurdle after the site crashed during the first match of the tournament and users watching on Saturday missed England's opening goal.