Shanktified!

This is big folks.  I recommend getting firefox’s “no script” add-on right away.

Firefox Security Flaw Affecting Gmails Users - The Firefox JAR vulnerability still there!
Last week, security companies around the world spotted a new vulnerability in Mozilla Firefox which could allow the attackers to use a malicious JAR file to harm users computers. The security flaw is still there and moreover, it seems it affects most websites on the Internet including the super search giant Google.
GnuCitizien wrote that Michal Zalewski from Google you know, that famous hacker who joined Googleplex required additional information about a potential exploitation over the companys technologies. In addition, beford.org discovered a way to steal the Gmail contact list using a malicious JAR file especially created to take advantage of the Firefox vulnerability.

Im not going to offer you more details about it but Ill give you a tip on how to remain protected against attacks. You can always install the NoScript extension which was already updated to provide protection for this exploit. In case you never tried it, NoScript is an add-on designed to work with Mozilla Firefox which is supposed to disable the webscripts included on the websites you choose.

More at Softpedia

‘Storm worm’ exploits YouTube | Tech News on ZDNet

Spammers are exploiting YouTube’s “invite your friends” function to send spam containing a variant of the “Storm worm.”Bradley Anstis, director of product management at security firm Marshal, said that spammers are taking advantage of the YouTube function that lets people invite friends to view videos that they have viewed or posted. The function allows someone to e-mail any address from an account.

The scam on Google’s video-sharing site is targeting Xbox owners, urging recipients to collect a prize version of the popular game Halo 3. Anstis said clicking on the link to “winhalo3″ leads to a file containing a Storm trojan.

To date, Marshal has tracked around 150,000 of the spam e-mail messages thought to have originated from YouTube accounts.

There are a growing number of reports that this is a false positive within AGV.

I’ll update you with more soon, but for now check out this excellent post on the topic (translated to English here). Complete with screen shots and search engine analysis.

Please leave a comment if you have any information to share. Unlike the AVG Forum, stupid questions will not be deleted nor the questioners abused. We were all stupid at some point so, chill-out folks.

Update: I have found AVG to do find this with multiple PCs in separate locations. It’s definitely a false positive (misreading from the AVG software). (A note to AVG users, don’t let this bother you, I’ve been using AVG for years and I think this is only the 2nd time Its found a false positive.)

Another Update: AVG will not quarantine Quickbooks files, but it will quarantine Quicken files automatically (in many cases). If you get a message that says the files were deleted you can get them out of AVG’s Virus Vault.

Update #3: I see that the folks at Quickbooks are aware of the issue and are working with AVG to repair it.

MSN messenger users are seeing this message sent to people on thier contact list:

Hey, I get my MSN Names from http://www.IM-Names.com

Remove the malware with your favorite spyware killer (like Ad-aware)

If you have questions or comments you are welcome to leave them in the comments section.

Ron’s Note: Good fix from Dave below: 

• Dave Says:
  May 22nd, 2006 at 8:08 am eThis worked for me!

  first open WINDOWS TASK MANAGER (ctrl+alt+del) then click on PROCESSES. now look for something called ‘IM-svr.exe‘ click on it then then END PROCESS.

  now goto ur program files folder and delete IM-names folder

This is really “must see TV” for anyone online.

Tonight
Watch Dateline’s ongoing hidden camera investigation into computer sex predators — grown men, trolling the Web for young teenagers. This time, police are making arrests. • 9 P.M. Eastern / 8 P.M Central ON NBC

More here:
To Catch a Predator’ - MSNBC.com

Get your Tivo set…

‘To Catch a Predator’ - MSNBC.com
This Friday
Watch Dateline’s ongoing hidden camera investigation into computer sex predators — grown men, trolling Internet chatrooms for young teenagers. This time, police are making arrests. • 9 P.M. ON NBC

It can not be said enough.. You have to protect your children from these folks.

1. No computers in the bedroom. Keep any computer hooked to the Internet in a public room like a den or something.

2. Get a filter. Try BSafe Online’s filter free for 10 days. (yes, I used to work for them, but I get nothing for recommending the product, and I recommended it before, during and after my employment.). If you don’t like their filter, I don’t care, but get one you do like. Good reviews at www.moralmetric.com

3. Know what your kids are doing online. There is never any reason for them to go in a public chat room - and Instant messaging should only be with friends they already have - not for making new one.

4. Don’t let them fill out a profile. It only works as pervert-bait.

So here I am minding my own business when i get some IM about a guy wanting me to 3-way with his wife or girlfriend. This was not a bot, but a real person. So I decided to witness to him. His screen name has been changed to protect the guilty. Continue reading »

Okay, so here’s one example of a virus/worm actually doing some good.

Sober worm persuades child porn offender to turn himself in to police

<shameless plug>Just think, if this guy had had the Bsafe Online Security Suite, he wouldn’t have had child porn or a virus </shameless plug>

MSNBC’s Abrams Report asks what the rest of want to know and find so hard to believe: Why were the ‘Dateline’ predators not charged??

During “Dateline NBC’s” recent hidden camera investigation, 19 were caught going to a suburban home where they thought they’d be meeting with sexually available teens. Some made a run for it when they went into the kitchen and saw NBC’s Chris Hansen waiting.

One came into the house completely naked and sat down in the kitchen, where Hansen met him and kindly handed him a towel to cover himself up. A rabbi was so upset at being caught that he even seemingly went after Hansen.

But why aren’t any of these guys being prosecuted?

The AZ Sting got a couple arrests. Good for them! I wish those dateline guys could have been caught.

Tucson coach arrested as internet predator
The arrest comes after the Eyewitness News 4 Investigators and an online internet watch group gave police detailed information from an undercover investigation we were conducting.

Another suspected internet sexual predator arrested
Daniel “Jed” Poulsen, 22, is sitting in the Pinal County Jail . He was arrested late Monday at his parents home in Arizona City.

Videos here at KVOA.com

Related info:
http://www.perverted-justice.com
(contains some very harsh material - but keep in mind this stuff is out there every day on the net)

I can’t say it enough: Get the PC out of your kids bedroom and get some parental control or filtering software (like Bsafe Online).