F-Secure has released a patch for a serious flaw in its antivirus products, the second time this week a security company has warned of a risk in its software. The security hole in the antivirus library affects 18 products for desktops, servers and gateways, with the network products at "critical" risk, F-Secure said in a bulletin Thursday. By creating a specially crafted ARJ archive file, an intruder could use a buffer overflow to run arbitrary code on an unpatched machine, said Tony Magellanez, a systems engineer at F-Secure.

Microsoft on Friday forced its millions of MSN Messenger users to download a new version of the software to plug a vulnerability discovered earlier this week. The mandatory upgrade began early Friday morning after a security company posted a how-to guide describing how the vulnerability can attack computers. MSN Messenger users were then greeted with a notice to upgrade before they could open their instant messaging clients.

A previously unknown vulnerability in Mailman, a popular open-source program for managing mailing lists, has led to the theft of the password file for a well-known security discussion group. The theft, discovered this week and reported in an announcement to the Full Disclosure security mailing list on Wednesday, casts uncertainty on the security of other discussion groups that use the open-source Mailman package. By specially crafting a Web address, an attacker can obtain the password for every member of a discussion group.

India and China will be the main winners from an increase in offshoring, but Eastern Europe is also set to benefit, according to CEO Briefing, a report published by the Economist Intelligence Unit. The report, which includes a new ranking of 60 global offshoring environments and a survey of 500 senior executives, concludes that companies will redistribute more service functions to Asia and Eastern Europe over the next three years. Only a few developed markets emerge as attractive offshoring locations, with Canada leading the way.

Microsoft has urged customers to apply its latest security patches, after several companies published "proof of concept" attacks that exploit the flaws that the updates fix. In a notice posted to its Web site late Thursday, the software giant highlighted proof-of-concept documentation, or sample software code to illustrate how a flaw might be used to attack a system, from two security software makers: Finjan Software and Core Security Technologies.

Apple Computer’s board authorized a two-for-one stock split that will increase its authorized share count to 1.8 billion from 900 million. The Cupertino-based computer maker said each share held on Feb. 18 will get an additional share. The company plans to start trading on a split-adjusted basis at the end of February.

Yahoo said late Wednesday that it has released a test version of its toolbar for the Mozilla Firefox Web browser. Toolbars from companies such as Yahoo enable users to go directly to particular services, such as email or Web search, by simply clicking on an icon. Yahoo says on its download page that people can customize and access the toolbar from any PC.

Virus writers have created a malicious program that can disable Microsoft’s new anti-spyware application, security experts warned on Wednesday. Antivirus experts, who are calling the Trojan "Bankash-A," say it is the first piece of malicious software to attack Windows AntiSpyware, which is still in beta.

EarthLink said Wednesday that it has filed four new lawsuits against alleged spammers in California, Florida, Nevada, and Washington state. The Internet service provider said that all four claims, which were filed in the U.S. District Court of Atlanta during January, charge defendants with violating the Can-Spam Act, the federal Computer Fraud and Abuse Act, and the Georgia Computer Systems Protection Act, in addition to state and federal racketeering laws.

Security experts are advising that spyware that targets browsers from the Mozilla Foundation has been spotted–a threat that could worsen as its Firefox browser takes market share from Microsoft. Stu Sjouwerman, the founder of Sunbelt Software, said on Tuesday that the anti-spyware company has discovered what it believes is the first spyware to take aim at surfers using Mozilla browsers.