A week in security: Zurich Insurance fined £2.3m

This week was dominated by data breaches and scareware and spam attacks, with the unwelcome news that the UK is now the fourth most prolific spam sending country.

First up, the Financial Services Authority fined the UK arm of insurance firm Zurich a record £2.27m for losing the personal details of 46,000 customers.

The fine is the biggest the regulator has ever issued for an offence relating to data security, and is punishment for an incident in August 2008 when information outsourced to Zurich Insurance Company South Africa went missing.

It has raised significant questions over the role of UK data protection regulator the Information Commissioner's Office (ICO), which has thus far been reluctant to impose fines.

In fact, the ICO this week hauled electronics retailer DSG International over the coals for allowing sensitive customer data to be dumped in a skip next to one of its PC World stores.

The watchdog also criticised the Yorkshire Building Society after an unencrypted laptop containing personal information was stolen from one of its offices. But it stopped short of fines on both occasions.

Elsewhere, Symantec Hosted Services revealed that the UK jumped into the top four spam sending countries globally in August as volumes of spam sent from infected PCs in the region almost doubled.

The firm's monthly MessageLabs Intelligence report found that in August, the UK was responsible for 4.5 per cent of the world's spam, more than double the percentage in April, and that UK PCs appear more frequently in prolific spam botnets such as Rustock.

Many of these spam emails appear to have malicious intent. Sophos warned of a major spam campaign designed to trick users into downloading fake anti-virus software, while a huge increase in potentially dangerous celebrity death spam prompted security firm Symantec to warn users not to open morbid messages.

Sticking with scareware, Symantec Hosted Services warned users to exercise extreme caution when using publicly available internet access terminals after malware was discovered on a terminal in a UK airport lounge.

Meanwhile, security firm Zscaler discovered nearly three million phoney YouTube pages all pushing unsuspecting users towards fake anti-virus downloads.

People were also warned about the dangers of USB related infections this week, after Panda Security research found that around a quarter of infections are spread by dodgy memory sticks.

However, there was some good news for UK computer users. New AVG research put Britain in a lowly 31st place on its list of most dangerous countries in whicn to surf the web. Users in Turkey and Russia are at the greatest risk of online attacks, according to the report.

Finally, Microsoft and Apple were forced to respond to more security threats this week.

Microsoft issued a security advisory about a flaw that could affect a huge number of third-party Windows applications. The flaw, which was discovered by Acros Security, is called a 'binary planting' bug and can be exploited as applications load dynamic link libraries. Acros discovered the flaw last year and was surprised at the extent of the problem.

Meanwhile, Apple released an update which addresses 13 vulnerabilities in the consumer and server versions of OS X 10.5 and 10.6. Included in the update are fixes for flaws that, if targeted, could allow for remote code execution attacks.