L.A. Times published interesting story about fighting against online scams in Romania. Recording to L.A. Times Romania is top source of auction site scams. Ebay stated that company is trying to do something about the problem with help of local law enforcement over recent years. Ebay already has sent teams and equipment to help the authorities combat this form of cyber crime, which is run with all the organization of an industrial-scale business.

Microsoft has warned Windows Home Server users not to edit files stored on their backup systems with Vista Photo Gallery, Office OneNote and Outlook, as well as files generated by finance software Quicken, QuickBooks or Microsoft Money 2007. Microsoft said that the problem is a glitch within Windows Home Server’s shared folders. The company development team is working full-time through the holidays to diagnose and address this issue, but there is one reasonable question we’d like to ask: what the point is in having a home server if you can’t back up files on it?

For couple hours last week Kaspersky AV quarantined Windows Explorer after being falsely identified as malicious code. The security systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or deletion. Since Windows Explorer is the graphical user interface for Windows’ file system, this made it difficult to perform many common tasks within the operating system. The bug was only live for two hours, and ended up affecting just one corporate customer and small number of home users.

Prevx Research Lab reports about Storm worm outbreak. Yesterday was spotted more than 700 variants of the Storm worm, repacked every few minutes from the server using a polymorphic-like technique to evade from antivirus software. The worm is spreading via email attachment happy2008.exe Also there is a version spreading via malicious web site called uhavepostcard.com. If user click the link on the page it will download happy2008.exe User caution is advised. Don’t run open spam emails or visit malicious websites such as uhavepostcard.com.

Christmas Storm this year is surprisingly silent and so far just one malware has been spotted. This one spreads via series of spam messages redirecting traffic to malicious site merrychristmasdude.com. On the site is stored new version of the Storm Worm, Email-Worm.Win32.Zhelatin.pd As you can see on the screenshot there is “Download For Free Now” you should avoid to click. Otherwise you will get infected.

Opera released version 9.25 for Windows to fix four security flaws. It’s recommend to install new release. Flaws that have been patched are issues with plugins to allow cross domain scripting, problem with TLS certificates that could be used to execute arbitrary code, rich text editing so it can no longer be used to allow cross domain scripting, preventing bitmaps from revealing random data from memory.

Google has been notified about spoofing vulnerability in the Google Toolbar that could be exploited by hackers to execute malicious files or launch identity theft attacks. A well-known hacker who regularly finds and reports software vulnerabilities, figured out a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the toolbar. Google team is working on a fix, and it is advised to avoid adding new buttons on Google Toolbar

Microsoft has provided info on IE blog about latest issue spotted after installing latest patches. As company states those IE problems affect custom installations primarily and it is not a widespread issue. At IE blog you can find more detailed info how to solve problems after patching, but seriously why bother to edit registry at your computer when you can easily switch to other browser?

Google’s social networking site Orkut has been hit by a web worm. This worm used a vulnerability in the “Scrapbook” feature of the site and infected almost 400,000 accounts before it was shut down by removing a download file it needed to operate. Presumably there’s a bug somewhere in the HTML filter which is allowing malicious Javascript to get through. Infection spread through Orkut users via email notification that you have a new scrapbook entry from a friend. It says: “2008 vem ai… que ele comece mto bem para vc”

Adobe releases highly critical patch for Flash Player. As company stated in Security bulletin this patch cover at least nine flaws hat could affect Windows, Mac and Linux machines. Versions affected include Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier. Attacker could use those vulnerabilities to take control of a system. Adobe recommends that everyone upgrade to the new player.