Late Friday afternoon, MasterCard released the news about how potentially 40 million credit card holders were at risk of having their data stolen, after discovering a hacker had placed a trojan on the computers of a credit card processing company. That was scary enough, but as the details continued to come out over the weekend, the situation just seemed to get worse and worse. Jeremy Wagstaff notes that the processor in question, CardSystems, apparently knew about the breach for nearly a month but claimed they didn't say anything because the FBI asked them not to -- a charge that the FBI denies. Then comes the best part. The NY Times reports that CardSystems wasn't even supposed to have this data. The company processes credit card transactions, but isn't supposed to keep records of the transactions, as per agreements it signed with Visa and MasterCard. However, these days, when it seems to be common practice to play fast and loose with other people's data, CardSystems hung onto all the data, for its own "research" purposes. It looks like those research purposes just caused plenty of problems for an awful lot of people.

A security breach has occurred at a third-party processor of payment card transactions that affects over 40 million card accounts, Mastercard International said Friday.

Of the cards involved, 13.9 million were MasterCard-branded cards, which include Maestro and Cirrus, and 22 million were Visa cards, said Visa spokeswoman Rhonda Bentz.

The breach took place at the Tucson office of CardSystems Solutions, which processes transactions on behalf of financial institutions and merchants. CardSystems said in a statement that it identified the breach on May 22 and contacted the FBI the next day.

"We're working with the FBI. It's a criminal investigation," Visa's Bentz said, noting that CardSystems "was out of compliance" with Visa's security standards when the breach occurred and that Visa would review whether it would continue to work with CardSystems when the case is resolved.

By watching for certain keywords, law enforcement agencies can already identify e-mails that might contain clues to criminal activity and corporations can flag employee messages that could cause legal problems.

Keywords have limitations, though – people trying to avoid detection may steer clear of language likely to attract attention. So a Queen's University researcher is exploring ways to spot suspicious e-mails even when writers try not to give themselves away.

Dr. David Skillicorn's work is based on the idea that when people are trying to hide something, they write differently than people who have nothing to hide. That's more true of e-mail than of more formal documents, he adds, because few of us go back and edit our e-mails.

A related trick, he says, is to examine patterns in who e-mails whom. As an example, in criminal networks it is common to find several people communicating regularly with the same person, but never with each other. This is meant to ensure that if one lawbreaker is caught, he or she is unlikely to lead authorities to too many others. But it can also be a clue to suspicious activity.

An online business based in Russia is paying Web sites 6 cents for each machine they infect with adware and spyware, according to security researchers who call the practice "awful."

IframeDollars.biz says it pays Webmasters to place a one-line exploit on their sites. The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven't been updated would be vulnerable to the exploit. According to analysis done by the SANS Institute's Internet Storm Center, the exploit drops at least nine pieces of malicious code--including back doors, other Trojans, spyware, and adware--on any PC whose user surfs to a site that hosts the exploit code.

IframeDollars says it pays $61 per thousand unique installations, or 6.1 cents per compromised machine, to any site that signs up as an affiliate.

According to the Internet Storm Center, companies can prevent the downloading of adware and spyware from iframeDollars' servers by blocking the IP address 81.222.131.59.

Computer Associates has warned of a co-ordinated malware attack (CMA) described as among the most sophisticated yet unleashed on the net. The attack involves three different Trojans – Glieder, Fantibag and Mitglieder – in a co-ordinated assault designed to establish a huge botnet under the control of hackers. CA reckons that access to the compromised PCs is for sale on a black market, at prices as low as five cents per PC.

Glieder-AK: the "infantry element" of the malware attack infects systems, open up backdoors that exploited by the follow-on Trojans. On 1 June, 2005, eight new Glieder variants appeared in rapid succession and quickly spread. "The apparent objective is to get to as many victims as fast as possible with a lightweight piece of malware," CA said.

The Fantibag Trojan further disables the security features of compromised systems. It exploits networking features of target systems to prevent those systems from being able to communicate with anti-virus firms or with Microsoft’s Windows update site, so isolating infected systems.

The Mitglieder Trojan opens a backdoor on a compromised system, leaving them under the control of hackers.

Are you addicted to email? According to the Opinion Research Corporation, the odds are pretty good that you are. Their study of 4,012 adults in the twenty largest U.S. cities found that 41% of respondents start the day by checking their email. On the average, respondents admitted to checking their email five times a day. Respondents also mentioned email features they wish were available. Examples included the ability to retract unread messages (45%) and a way to track the forwarding of their own email (43%). Just how addicted are the email-dependent among us? So heavily that one quarter of respondents won't go more than two or three days without it. Of course, by those standards, most Americans must be addicted to work, sex, and TV as well.

Lycos DSL in Germany says it will no longer store dynamic IP addresses of its customers, now that a specialist on data privacy laws from Frankfurt University has threatened to sue the company.

Jonas Breyer had asked Lycos what data was kept on him and whether that information was shared with backbone providers, but the ISP refused to co-operate. Probably to avoid further law suits, Lycos has now decided to ditch IP storage altogether.

According to the German Tele Services Data Protection and Telecommunications Act, ISPs are only allowed to store communications data for accounting purposes. Apparently, there is no requirement for German ISPs to keep a record of IP addresses.

A decision by German ISPs not to keep logs on IP addresses would be extremely controversial as the entertainment industry is increasingly demanding from ISPs to disclose the names of suspected file sharers. Courts in both Germany and Canada have recently denied the entertainment industry the right to subpoena the identities of file-sharers.

The Spam Prevention Early Warning System (SPEWS), whose blacklist is referenced by many antispam controls, imposed the block in response to the high number of Telewest customers whose machines have become compromised and taken over for the purpose of sending spam.

Last month, Silicon.com revealed that some of Telewest's Blueyonder.co.uk home subscribers were sending hundreds of thousands of e-mails each day--a sure sign of an open relay, pumping out spam.

Currently Blueyonder.co.uk is the ninth in the Senderbase list of domains generating e-mail--two places behind Hotmail and two ahead of America Online.

According to Senderbase, Blueyonder.co.uk addresses are generating 90.4 million e-mails per day. The company confirmed it has around 700,000 customers, with updated figures due for release on Thursday.

More than a quarter of about 180 hardcore spammers tracked by watchdog group Spamhaus are based in Florida, and most of those are in the tri-county area. The city with the most spammers in the world is Boca Raton.

South Florida is so notorious that some experts attributed a short-term decline in global spam after last year's hurricanes to the assumption that the storms disrupted spammers' operations.

And the FBI's North Miami office receives so many fraud complaints that only major cases get the bureau's attention. "If you come in with a $1 million case, we'll put you in line with all the others," said LeVord Burns, supervisory special agent.

Because spammers often route their e-mails through hosts overseas, spam is difficult to trace. So to solve cases, investigators usually follow the money trail.

Though many spammers operate legally, law enforcement officials are concerned that some South Florida spammers will use e-mail to rip people off, given the area's history as a scam capital.

According to Jupiter Research, 58% of web surfers deleted cookies from their system in 2004. This has sent a loud message to marketers in regard to consumer's preference as to tracking their online activities. The marketers have responded with PIE. Persistent Identification Element (PIE) is a technology that uses Macromedia's Flash MX to track you even without using cookies. Macromedia has created a page to instruct users on how to disable this.