ReadWriteWeb

The latest outbreaks of Twitter and Facebook worms have once again shown that while antivirus and malware protection often focuses on dealing with threats once they have already landed on a user's computer, proactive protection is really the way to go on the net. The paid and free versions AVG 9, which launched today, include an enhanced link scanner that can handle shortened URLs and analyze a site in real time.

A lot of Twitter users are currently getting this direct message: "rofl this you on here?" and a URL. It's the latest in a series of phishing scams that have been making the rounds on Twitter lately. The link in this message will take you to a Twitter login page that looks almost like the real thing but is actually just a way for the phishers to harvest your login credentials. Once the scammers have access to your account, they will send out more of these messages to your friends.

Amid the hubbub over new iPods and iTunes' LPs announced at last week's annual Apple event, one feature that was a little under-hyped was the new "anti-phishing" protection built into the iPhone's Safari web browser. The added feature, available via an iPhone software update, warns users when visiting fraudulent websites using Safari. This sort of technology is already commonplace on the web, but is rarely seen on the mobile platform.

Unfortunately, there seemed to be a problem with the new security feature: it wasn't working...or at least, so it seemed. As it turns out, the problem was that users weren't informed as to how to properly activate the anti-phishing protection, an issue that points to a poor implementation of what could and should have been a major breakthrough in mobile computing technology.

McAfee, widely recognized as one of the leading providers of online security software for both home and business, appears to be struggling to secure its own Web sites, which at the time of writing this post, allow anyone with enough tech savvy to covertly do whatever they want on, and with, the site.

During tests this weekend, we discovered the company who claims to "keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams," has several cross-site scripting (XSS) vulnerabilities and provides the bad guys with a brilliant - albeit ironic - launching pad from which to unleash their attacks.

Phishing, the highly illegal scam of tricking people into revealing their logins and passwords by creating fake emails, Twitter messages, and/or websites, does not actually make phishers a lot of money. A new paper (PDF) by Cormac Herley and Dinei Florencio from Microsoft Research argues that the basic laws of economics still apply to phishing. As phishing becomes easier, and as 'phishing kits' are being sold for less than $100, the actual income for each individual phisher has to come down. Phishing has become a "low-skill, low-reward business."