Yesterday the Spanish security researcher, Ruben Santamarta, posted Proof-of-Concept exploit code for a vulnerability in Apple's QuickTime Player.

He demonstrated how a nine year old unused parameter in QuickTime Player, known as _Marshaled_pUnk, could be used to take full control over Windows-based system with Live Messenger installed, and execute program code remotely.

Analysts agree that this is not a standard vulnerability in the
sense of non-secure programming, but rather an oversight as program
code used during development was left in the released program version
(and still is there nine years after).

Only minutes before this advisory was written, exploit code was added to the open source Metasploit project, which is popular among security researchers as well as more dubious elements. 

As of this writing there are no available security updates for QuickTime Player.

This security advisory will be updated when more information is availbale.

Back Up and Share Your Holiday Memories

Aug 31, 2010:

The new version of F-Secure Online Backup makes it easier than ever to
keep precious photos and videos safe, and to share them with family and
friends.

Helsinki,
Finland – August 31, 2010: Whether it’s the trip of a lifetime, a fun
holiday spent with friends or the children’s first visit to the beach,
holiday photos and videos bring back precious memories for years to
come. With F-Secure Online Backup™ all the photos and videos collected
on your computer are backed up in a secure location on the Internet,
also making it easier than ever to share your memories with family and
friends.

Symantec has observed a new spam tactic being used in which fake
surveys are seeking users' opinions or views on features provided by
their social networking site. The sample shown below is one such spam
email targeting Facebook:

Various “Subject” lines of this spam are as follows:

Subject: Take our online survey and receive a new gaming unit!
Subject: Take our social networking survey and get a gift card!
Subject: Give your opinion on social networks and choose your prize!
Subject: Receive a hot new MP#3 player for your opinions!

Upon clicking the link provided in the message, the user is
redirected to a fake survey page where the user has to answer questions
related to features provided by social networking site. Upon completion
of survey, the users are promised exciting gifts.

Spammers are trying to demonstrate the legitimacy of the scam by
notifying users of a few required terms and conditions, such as:

1) Participants must be a U.S. resident at least 18 years of age or older.
2) Users must register with valid information.

The sample shown below is a screenshot of one such fake survey:

Antivirus software awarded for high scores in the categories of protection, repair and usability

Today BitDefender®, an award-winning provider of innovative internet security solutions, announced that BitDefender Internet Security 2010 successfully passed the AV-Test Certification Criteria for the second quarter of 2010.

The test recognizes BitDefender Internet Security 2010 for its
excellent ease of use, high protection rates and strong ability to
repair infections. The test analyzed effectiveness, behavior and speed
of security solutions and this quarter the certification was given to
only 13 out of the 25 products tested. BitDefender showed exceptionally
strong results in two important categories: the performance test, which
reflects how a computer is used on a daily basis, and detecting
actively running toolkits – known to be particularly damaging to
systems. The complete results are available at ww.av-test.org.

Study reveals that 81 percent of a large social network’s users
would accept the friendship request of and confide in a test profile
created for the study without taking many precautions

BitDefender®, an award-winning provider of innovative internet security
solutions, today warned social networking devotees to be careful when
accepting friend requests and to be conscious of the data they share.

According to a new study conducted by BitDefender over a two week
period, social network users do not appear to be preoccupied with the
real identity of the people they meet online or about the details they
disclose while chatting with total strangers. The study revealed that
94 percent of those asked to “friend” the test profile, an unknown,
attractive young woman, accepted the request without knowing who the
requester really was.

A spammed message supposedly from Newegg, a popular online
computer hardware/software seller has been found in the wild. It
informs users that their online purchase has been charged to their Visa
card. It also contains two clickable links that point to the same
malicious page, an example of which is http://{BLOCKED}nthenet.net/1.html. Clicking the link leads to a series of redirections that ultimately land users on a FAKEAV-hosting site where TROJ_FAKEAV.FNZ may be downloaded.