An unpatched buffer overflow vulnerability in an ActiveX control used by Microsoft DirectShow is being actively exploited in-the-wild. A large number of websites in China have been compromised and are being used to distribute the exploit. Malicious ads targeting game sites are also employing the zero day exploit. The exact malware that results depends on the attack vector encountered, but thus far consist of a range of data theft and password-stealing trojans.

According to Shavlik Technology, the problem-causing ActiveX control "doesn’t serve any purpose within Internet Explorer" - which makes it even more alarming that Microsoft has known about the problem for over a year and neglected to fix it.

To workaround the problem while awaiting a patch, Microsoft recommends setting a kill-bit for the offending ActiveX control - a protection method that can lead to application problems and has a not-insignificant failure rate (as in, it may not protect you).

My recommendation: switch to Firefox with NoScript. Now.

Just got an email from a PR agency which reads in part:

Given the emergence of online consumer tech support services over the past year we thought a trend story about how these new services are offering consumers a cost-effective and highly efficient way to resolve home computing security issues (and much more) would be very timely.

To substantiate the need for the service, the same email includes a Consumer Report estimate that "U.S. consumers spent $7.8 billion over the last two years for computer repairs, parts and replacements".

The PR message offers, "...for a more in-depth service review we'd be happy to provide you with access to BluePhone -- let us know and we will have the company set it up."

I looked up BluePhone and discovered they charge between $30-$100 per incident. Flat rate is $200 a year. The population of the U.S. is approximately 306 million, so the estimated $7.8 billion over two years works out to less than $15 a year per citizen.

How exactly is going from less than $15/yr to paying $200/yr considered cost effective?

Sometimes mistakes happen. Whether the result of a false positive from antivirus software or a misunderstanding of a file's function, on occasion a valid system file can be inadvertently deleted or quarantined. Sometimes, the results can seem disastrous - a looping blue screen each time you try to boot up the PC. Other times, a stop error with a cryptic message may be the result. Here's how to replace the missing file(s) to get your system operational again. >> How to Restore System Files

Attackers commonly use greeting card scams to foist trojans on the unsuspecting. In recent weeks, the rate of greeting card scams appears to have been increasing. Fortunately, there are some tell-tale signs and tips to follow that can help you avoid becoming a victim. >> Greeting Cards Bearing Trojans