Microsoft is releasing another "out of band" update tomorrow. This update is to fix a recently discovered 0-day vulnerability, in Internet Explorer 7, that is actively being exploited.

More information about the vulnerability can be found at http://www.microsoft.com/technet/security/advisory/961051.mspx


It's not often that Microsoft breaks their update cycle to release a patch but when they do it's generally a good idea to get that patch installed or face infection.


In an attempt to bolster the number of drones in their botnet the Storm Gang has started sending out more spam email.


On Tuesday, May 27, 2008 an unpatched (at time of writing) 0-day vulnerability was discovered in Adobes Flash Player.

This attack is known to be in the wild and a large number(20,000+) of websites have been injected with exploit code to infect users who visit them.


After skipping over the Easter holiday, the crew behind the Zhelatan Worm decided to pump and dump their spam for April Fool's Day.

The latest filenames being kickme.exe, foolsday.exe and funny.exe.

When executed the files "aromis.exe" and "aromis.config" are created in the windows directory.


New Storm Variant Hits?.

by Dave2 on February 12th, 2008 in Security Alert.

 

"just in time for Valentines Day. A new variant of the well known storm worm hit email boxes last night, AdAware detects Storm as Zhelatin, this time with an exe simply named "valentine.exe". In January we saw the first wave of the Storm Valentines propagation email campaign, back now with a few slight changes but enough to make it undetectable by most Anti-Malware applications.

Some of the Subject lines for this new variant include: