A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well.

I had the honor recently of moderating a virtual roundtable discussion on the top Internet security trends from 2009 and what we expect to see in the security threat landscape in 2010. Funny thing about security predictions—you hope they won’t come true, but expect them to anyway.

We are monitoring new malicious attacks that look similar to the fake "Microsoft Outlook reconfigure" spam campaign messages we have been observing for the last couple of months. That malicious campaign was followed by attacks on social networking sites, transforming from malicious code attacks into URL-based phishing attacks.

Zeus is a botnet package that allows for the easy creation and command and control of a botnet.  We've discussed Zeus previously in Zeus, King of the Underground Crimeware Toolkits.

Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need.

The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year.

On November 4, 2009, Marsh Ray published detailed information about a vulnerability that affects the TLS/SSL protocols and allows for limited man-in-the-middle (MITM) attacks.

Finally, some help with explaining internet security to my non-geek friends! The Guide to Scary Internet Stuff video series will hopefully make my life a little easier. Explaining the intricacies of Internet security is a challenging task.

Trawling the Web today we came across a Web site that has been compromised and rigged so that it is returned in search engine results for many different search terms. The site in question belongs to a UK-based company that specializes in hiring out holiday homes and is a legitimate business.

Phishing attacks jeopardize users’ personal information, including banking credentials. The huge gain that Internet miscreants receive from these attacks drives them to think of newer and more effective bait to phish users’ personal data. To carry out their plans, spammers most commonly abuse new security services/features provided by legitimate companies.