centre{source}

Tom Liston at SANS has more on the WMF vulnerability and thinks it could be very very bad indeed and suggests that everyone take an unprecedented step in unregistering this DLL and applying an unofficial patch in lieu of action from Microsoft:

To the best of my knowledge, over the past 5 years, this rag-tag group of volunteers hasn't asked for your trust: we've earned it. Now we're going to expend some of that hard-earned trust:

F-secure has some interesting commentary on the latest Windows WMF vulnerability:

The feature now in the limelight is known as the Escape() function and especially the SetAbortProc subfunction.

Kaspersky Labs takes a look at the state of viruses targeting GNU/Linux.

So, Microsoft last week announced they were buying spyware-giant Claria. I had hoped maybe this was some bizarre move by Microsoft to buy them and shut them down -- you know, a gesture to the community or something.

Sadly, no, they appear to be doing something much stupider, as Microsoft's anti-spyware application now detects but "ignores" Claria's spyware. Very odd move by the beast in Redmond.

F-Secure has a story about a new virus:

Fantibag.B is a trojan that installs a packet filter for preventing of downloading AV companies database updates and security patches. It is related to recent Bagle/Mitglieder trojans.

Pretty evil.

Kaspersky labs reports on an increase in sightings of the GpCode virus, which is the virus that encrypts files and demands a ransom to decrypt.

A few weeks ago, as I downloaded the enormity of XP SP2 to burn to CD, it occurred to me that it seems silly that Microsoft didn't leverage the power of bittorrent to distribute this update, and their patches in general. Imagine my dismay to discover that someone tried, and was promptly shut down using the DMCA.

An interesting article on eweek discusses a new strategy in fighting botnets: hunting for their 'Command and Control' servers -- that is, the networks and computers that are sending them instructions.

Mytob is fast becoming a much-reviled wonderboy of the virus world, increasingly used in many variants:

The Mytob worm, which first appeared in late February, is a mass-mailed worm that hijacks addresses from compromised PCs to spread using its own SMTP engine, drops a backdoor Trojan so more malicious code can be added to the infected system, tries to shut down security software already on the computer, and blocks access to a large number of security and update-oriented Web sites.

Some interesting commentary over at Kaspersky about the effectiveness of IM worms:

This effectiveness worked in several ways. By uploading to several sites the attackers still had one or more places left to turn to when measures were taken to take a site down.

Additionally, different messages were used to convince the recipient to click on the link. Among those messages was a one with a link to a .wmv file on a popular humor site. The link, of course, was fake, and it led to the malware.