Microsoft is releasing another "out of band" update tomorrow. This update is to fix a recently discovered zero day vulnerability in Internet Explorer 7 that is actively being exploited.

More information about the vulnerability can be found at Microsoft's Security Advisory page.


Recently, we came across this rogue: Antivirus Plus. What makes this one different from others was that it was distributed directly as a fake video codec. They have now removed the fake alert step in between.

fake codec install


AntivirusTrigger is a new rogue anti-spyware application and a clone of VirusTrigger. It will give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove the reported threats.

AntiVirusTrigger's GUI


Have you made any recent purchases to be delivered by the postal service? With the holiday season upon us, chances are good that you have. If so, there's a common spam scam that may try to catch you off guard in order to infect your system with malware. Here's an example of a subject line and e-mail message to be on the lookout for this holiday shopping season, and beyond -

Subject: [NO-REPLY] UPS Tracking Number 21263130


It's not often that Microsoft breaks their update cycle to release a patch but when they do it's generally a good idea to get that patch installed or face infection.

Microsoft Security Bulletin MS08-067 released this morning outlines a vulnerability in the Server Service, of ALL Versions of Windows, that allows for remote code execution (RCE).


A word of caution as you look to update your PC with the latest security patches from Microsoft - attackers are taking advantage of Microsoft's October Patch Tuesday to try to con users into downloading bogus patches and infect them with malware.


In the U.S., the upcoming presidential election in November is not just a political hot topic - it has also found its way into the security arena.

Months ago, security experts began predicting that online scammers would take advantage of the media hype surrounding the presidential candidates to prey on computer users. We're already seeing the online risks being noted and reported in a number of ways, including:

Gustav Brews Scams

by Erin on September 3rd, 2008 in Security Alerts, Security Tips.

What bad online behavior should you be on the lookout for this week? Take note as you surf the Web in the coming days: cyber scammers are taking advantage of Hurricane Gustav - a storm that caused havoc in the U.S. and Caribbean - in order to prey on well-meaning consumers.


We can't say we're surprised that the Storm Worm is sending a new squall of spam through our inboxes. In fact, Storm has shifted spam campaigns numerous times in the past few weeks alone.


Last week, we saw two legitimate sites hit by SQL injection attacks: Sony PlayStation and the Association of Tennis Professionals. SQL injection attacks are an emerging tactic that is becoming increasingly popular among hackers.


Going Phishing

by Michael on June 26th, 2008 in Security Alerts.

This one came in last night on my home personal e-mail. Please keep your eyes peeled for phishing e-mail scams, and do not, I repeat do not, click on the links.

From: service[at]wachovia.com

Sent: Tuesday, June 24, 2008 3:10 PM
Subject: Your wachovia account is locked.
Wachovia logo


If it looks too good to be true...it probably is. The old adage rings true with the latest e-mail scam we're seeing, where fraudsters promise thousands in cash to compensate victims of Internet crime.