The most common terms typed into search engine Google this year show Kiwis are a diverse bunch interested in murder, boxing, tragedy, science fiction and naked women.

Kiwi spammer Lance Atkinson has been fined US$15.1 million (NZ$21m) by a United States judge for his part in a spamming operation.

Atkinson, who now lives in Queensland, had admitted his involvement in a spam operation that sent millions of email messages marketing "male-enhancement" drugs and weight loss pills to computer users around the world. He was fined $100,000 in the High Court at Christchurch last December.

The US Federal Trade Commission (FTC) took its own action against Atkinson, whom it identified as the operation's ringleader.

It said that Atkinson and US resident Jody Smith recruited spammers from around the world and sent billions of e-mail messages directing consumers to websites operated by an affiliate program called Affking.

"The defendants' spam messages deceptively marketed (the drugs) in violation of federal law.

Remember the DNS hijackings of such high profile sites such as Comcast, Photobucket, and ICANN/IANA domains that were taking place last year? Similar incidents are still happening.

Today, a web site defacement group known as “The Peace Crew� has successfully hijacked the DNS records for high profile New Zealand web sites, through what Zone-H claims to be a SQL injection at New Zealand’s based registrar Domainz.net, in order to redirect the visitors to a defaced page featuring the infamous Bill Gates pieing photo, as well as anti-war messages.

The mass defacement affected major Microsoft sites in New Zealand including WindowsLive.co.nz, MSN.co.nz, Microsoft.co.nz, Hotmail.co.nz, Live.co.nz next to HSBC.co.nz, Sony.co.nz, Coca-Cola.co.nz, Xerox.co.nz, Fanta.co.nz, F-Secure.co.nz and BitDefender.co.nz.

Here’s Microsoft’s comment:

Brian Krebs at the Washington Post reports on a study that found that 40% of Google users do not have all the latest security updates for their web browser. This means they’re susceptible to a broader range of drive-by download and other web-based attacks.

Google users may not be globally representative of the Internet using population, as we know that 60% of users in China use a search engine other than Google. However, it certainly represents a large portion of the Internet-using public.

Another finding was that Firefox users are the most likely, and IE users the least likely, to have an updated browser:

The report concluded that Firefox users were more likely to be using the latest version because Mozilla’s patch process is the quickest and most painless (no arguments there). Firefox downloads updates automatically and prompts the user to install them immediately.

After analyzing three weeks of spam data between June 13 to July 3, 2008, Roaring Penguin Software Inc. found evidence that spam originating from the top three free email providers (Gmail, Yahoo Mail and Hotmail) is increasing, with spammers in favor of abusing Gmail’s privacy preserving feature of not including the sender’s original IP in outgoing emails :

“Spammers are increasingly using free e-mail providers to avoid IP address-based reputation systems. These systems track mail sent by various IP addresses and assign each IP address a rating. Some anti-spam software operates largely or exclusively on the basis of the IP address rating.

Microsoft is going to release Windows XP Service Pack (SP) 3 via its Automatic Update (AU) service on Thursday July 10, company officials confirmed this week.

The client team has been vague about when it planned to push the latest version of XP to users. “Early summer� and “sometime soon� were favorite comebacks when officials were asked for an AU timeframe for SP3.

Customers who have automatic updates turned on but who don’t want XP SP3 to be downloaded to user desktops this week — for whatever reasons — need to deploy the Microsoft Service Pack blocker toolkit to delay pushed-delivery of SP3.

While Microsoft will begin pushing SP3 tomorrow, not all users will receive it immediatly, as the company will be staggering the rollout.

Microsoft has postponed and temporarily halted the distribution of SP3 a couple of times this year because of compatibility and performance problems.

Meanwhile, speaking of problems, Microsoft’s newly launched Windows Vista Compatibility Center still is down for the count. Microsoft officially launched the new portal site designed to help Vista users determine driver and application compatibilty status of products they want to deploy with Vista. The site was supposed to go live on Tuesday and, as of Wednesday mid-day, was still not operational.

XP petitioners: It’s time to raise the white flag.

After months of rumors that Microsoft might rethink its decision to pull the plug on Windows XP, the official word is out: XP is on its way out.

Microsoft is sticking to its plan to cease providing PC makers with XP to preload on new PCs after June 30, as Microsoft is now letting customers know via a letter it has posted to its Windows XP and Windows Vista Web sites.

The June 23 letter, entitled “An Update on the Windows Roadmap,� from Bill Veghte, Senior Vice President, Online Services & Windows Business Group, reiterated that PC makers won’t be getting more copies of Windows XP to load on new machines after June 30, 2008. (There are two exceptions to this rule: “white box� system builders and makers of ultra-low-cost PCs are allowed to continue to preload XP through 2009 and 2010, repectively.)

Microsoft support for XP doesn’t end on June 30; free Microsoft-provided support for XP continues through April 2009. Microsoft “Extended� support — for which users must pay (other than for security-specific hot fixes and various self-help tools, which are free) — lasts through 2014.

There is no new information about the Windows roadmap in Veghte’s letter. Veghte acknowledged that Vista — especially in its initial release — was not an easy Windows release for many customers to swallow. From his letter:

“The architectural changes that improved security and resilience in Windows Vista led to compatibility issues with existing hardware and applications. Many hardware drivers and applications needed to be updated, and while the majority worked well when we launched Windows Vista, some key applications and drivers were not yet available. Since then, Microsoft and its industry partners have been hard at work to address compatibility issues and now the situation is fundamentally different.�

Windows 7 is coming three years after Windows Vista’s release, Veghte reminded users. (Microsoft officials have been saying lately on the record that the company is shooting for a late 2009 release for Windows 7.)

The Storm Worm ranks as one of this year's most virulent and persistent viruses. After making a January debut, transported by e-mail, the virus was notable for the more than 50,000 variants that it subsequently spawned.

The Storm Worm has since continued unabated, most recently in the form of Web-based attacks. E-mails, socially engineered to look like electronic greeting cards and linked to a Web site containing malware, completely avoided traditional e-mail antivirus gateways. The Storm Worm's course change to the Web reflects a growing trend of malware Web-based attacks launched through e-mail.

The simple logic behind these e-mail-based blended threats is astoundingly effective: no attachment means no antivirus block. And when combined with a user-friendly invitation, it creates the opportunity for a high infection rate.

Adobe has fessed up to a dangerous code execution vulnerability affecting software programs installed on millions of Windows machines.

The flaw, publicly disclosed more than three weeks ago, could allow hackers to use rigged PDF files to take control of Window XP computers with Internet Explorer 7 installed.

The bug affects Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions, and Adobe Acrobat 3D.

[SEE: ‘High risk’ zero-day flaw haunts Adobe Acrobat, Reader ]

In a pre-patch advisory, Adobe offered a complicated (and unsupported) workaround for its customers and promised a comprehensive fix will be ready before the end of October 2007.

The workaround involves disabling the mailto: option in Acrobat, Acrobat 3D 8 and Adobe Reader by modifying the application options in the Windows registry.

In its advisory, Adobe provided step-by-step instructions for manual editing of the registry but Windows users should be aware that careless registry editing can cause serious problems.

Adobe’s public acknowledgment comes a day after Heise Security warned of similar URI handling bugs affecting a wide range of Windows applications. These include Skype (silently fixed), AOL’s Netscape browser, mIRC and Miranda.

[SEE: Microsoft should block that IE-to-Firefox attack vector ]

According to security alerts aggregator Secunia, this is a “highly critical� Windows vulnerability that should be fixed by Microsoft but Redmond’s security response officials have no such plans, insisting it is “very difficult� to put protections in place without breaking existing applications.

TorrentSpy.com, the BitTorrent tracking site facing a copyright lawsuit from the motion picture industry, is shutting down access to users in the United States, the company said in a statement late Sunday night.