Eight Microsoft fixes coming in tomorrow's December Patch Tuesday
Microsoft will deliver eight security updates next week, six of them marked "critical," to plug holes in Windows, Internet Explorer, Office and other products. Two of the eight updates will patch Windows, another two are aimed at Office, while the remaining four target Internet Explorer (IE), SharePoint, Windows Media Player, and Visual Basic and Visual Studio, Microsoft said Thursday in its monthly advance warning of what to expect next Tuesday. Computerworld, 12/04/2008.

Microsoft's December advance advisory
**********

Five new patches from Mandriva:

ClamAV (denial of service)

libsamplerate (buffer overflow, code execution)

Apache2 (denial of service)

vim (multiple flaws)

Mozilla Thunderbird (multiple flaws)
**********

Two new updates from Debian:

linux-2.6.24 (denial of service, privilege escalation)

ClamAV (multiple flaws)
**********

Two new fixes from Ubuntu:

nfs-utils (security bypass)

AWStats (cross scripting attack)
**********

Today's malware news:

Facebook worm refuses to die
A worm program that has been tricking Facebook users into downloading malicious software since July has resurfaced. Criminals have released a new variation of the worm, known as Koobface, Facebook said Friday. The program is spreading via Facebook messages that look as if they're videos. IDG News Service, 12/05/2008.

Also: Koobface On The Prowl Again

Creating MS08-067 Exploits
We are seeing fair amounts of infections using the MS08-067 vulnerability. Most of these belong to a worm family that goes by the names Downadup, Conficker, or Kido. We have also discovered several Chinese tools that are being used by the underground to create files that exploit this vulnerability. F-Secure, 12/05/2008.

Firefox users targeted by rare piece of malware
Researchers at BitDefender have discovered a new type of malicious software that collects passwords for banking sites but targets only Firefox users. The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in Firefox's add-ons folder, said Viorel Canja, the head of BitDefender's lab. The malware runs when Firefox is started. IDG News Service, 12/04/2008.

Classmates dot com Fast Flux Malware
The Gozi infostealer is running around, this time using new domains and a new lure: a "video invitation from your classmates". This has been going on all week, too. In an email purporting to be from Classmates.com, you're told to go look at a web page and join up. To view the video you need to .. you guessed it, download a new Flash player. Don't worry, they’ll help you out. Security to the Core, 12/05/2008.
**********

From the interesting reading department:

Adobe admits new PDF password protection is weaker
Adobe made a critical change to the algorithm used to password-protect PDF documents in Acrobat 9, making it much easier to recover a password and raising concern over the safety of documents, according to Russian security firm Elcomsoft. IDG News Service, 12/05/2008.

FTC has a message for vishing victims
The e-mail looks important: "National 1st Credit Union temporarily suspended your account. Reason: Billing failure." Further down, it tells you to call this number to reactivate: 201.... The e-mail is a scam, sent by criminals who are trying to trick you into divulging sensitive information such as your bank account number and password. But in this case, victims have caught a break. Instead of reaching scammers, people who dial this number get a message from the U.S. Federal Trade Commission. IDG News Service, 12/06/2008.

FBI: Criminals auto-dialing with hacked VoIP systems
Criminals are taking advantage of a bug in the Asterisk Internet telephony system that lets them pump out thousands of scam phone calls in an hour, the U.S. Federal Bureau of Investigation warned Friday. IDG News Service, 12/06/2008.

Distributed SSH Brute Force Attacks
Recently a couple of news reports have come in that suggest that someone has changed how they do SSH brute force attacks. The change is this: instead of the hosts from the SSH botnet pounding away as fast as possible from the same IP over and over and over again, where you see it failing and failing and failing, these guys have moved to what they should have been doing, coordination. They’re only trying one or two logins from a single IP before moving on; another IP from the botnet tries a new login. Security to the Core, 12/05/2008.

Windows users indifferent to patch alarm, says researcher
When Microsoft issued an emergency patch for a critical Windows bug six weeks ago, it warned that attacks were in progress and told users to patch immediately. The message didn't sink in, a security company claimed today. Computerworld, 12/05/2008.

Macs are totally secure out of the box?
While there is much less malware out there for Macs, they definitely exist, and Mac users are as likely to fall victim for traditional email based phishing attacks as PC users. F-Secure, 12/05/2008.

Jason Meserve is multimedia editor at Network World.