According to Kaspersky’s Senior Virus Analyst Alexander Gostev, in an unusual turn of events, October’s online threat list shows stability that Kaspersky has not seen before. Three malicious programs managed to retain the same positions as they had last month, and only five malicious programs are new to the rankings; something that Gostev notes is "an unprecedentedly low figure for our most volatile statistics."

On the side of email threats, two mass mailings reared their heads at the end of October. According to Kaspersky, these threats, a Fraud.ay phishing attack and a PDF-based threat known as Exploit.Win32.PDF-URI.k, turned out to be among the biggest mass mailings seen in the last few months, especially on the Russian Internet. The reports are available now on Kaspersky Lab’s Viruslist site.

The Federal Trade Commission, which has declared war on Internet scams, warned consumers on Monday not to open a bogus email that appears to come from its fraud department because it carries an attachment that can download a virus.

The email says it is from "frauddep@ftc.gov" and has the FTC’s government seal. But it was not issued by the agency and has attachments and links that will download a virus that could steal passwords and account numbers, the agency said.

A hacker has released attack code that could be used to exploit a critical bug in some versions of Windows. Microsoft patched the flaw, which affects older versions of Windows, on October 9. When the Image Viewer tries to open a maliciously encoded TIFF file, it can be tricked into running unauthorized software on the PC.

A sample of the exploit was posted Monday to the Milw0rm Web site. The code has not yet been used in online attacks, according to Symantec, which issued an alert Monday.

Filtering spam messages is a thankless job for software. For every 100 spam emails, one message usually gets through, an irritating pitch with links to Web sites selling questionable drugs or sketchy Rolexes.

The links contained within spam are one indicator in determining whether it should be blocked. Often after a large spam run, the addresses of spammy Web sites will be added to blocklists that are used by antispam software to cull future messages with those links.

To get around it, spammers construct emails with links that can’t be identified by filters but still are valid in the messages, said Christopher Fuhrman, a professor of software engineering in the Department of Software and IT Engineering at the University of Quebec.

Microsoft continued its efforts to stop people from pirating or using pirated versions of its software. The company launched a Web site and also revealed that it has filed 20 more lawsuits against people it claims are dealing counterfeit or pirated software in 13 states.

The new Web site provides information for how customers can tell whether software is genuine. It shows examples of suspicious packaging and other clues that can help alert users if they’re buying the real deal or a fake copy of Windows or other Microsoft software.

A federal judge Tuesday gave Microsoft, state regulators, and the Department of Justice more time to argue whether the company should be held to its antitrust settlement until 2012. U.S. District Court Judge Colleen Kollar-Kotelly approved a motion filed by Microsoft, the DOJ, 17 states and the District of Columbia that pushed the extension decision out as far as Jan. 31, 2008. Originally, Kollar-Kotelly was expected to rule next Tuesday on whether major sections of the consent decree that Microsoft and regulators signed in 2002 would expire Nov. 12.

Help is on the way for developers struggling with using the Visual Studio 2005 development platform with Windows Vista, a Microsoft official stressed at the Microsoft SOA and Business Process Conference in Redmond, Wash., on Tuesday. During a question-and-answer panel session, an audience member characterized the experience of using Visual Studio 2005 with Vista as "miserable." He wondered if the upcoming Visual Studio 2008 upgrade would be an improvement.

Time Warner’s AOL Internet division said on Wednesday that it would let users opt out of online advertisements that are presented to individuals based on the Web sites they have visited. Such behaviorally targeted ads use "cookies," information that identifies a computer, to keep track of where the user has visited online and send that person commercial messages accordingly.

Internet publishers say this system lets users get ads for products they may be interested in rather than sending useless information, but consumer advocates say it is yet another potential violation of privacy online. AOL’s program will point consumers to the right place to block such ads. Choosing to opt out sends a cookie to a user’s computer that blocks the ads from appearing. AOL’s system prevents the deletion of the opt-out cookie.

Nine privacy groups asked the Federal Trade Commission on Oct. 31 to implement a Do Not Track list to prevent consumers from having their online activities unknowingly tracked, stored and used by marketers and advertising networks. Based on the FTC’s popular Do Not Call list, the Do Not Track list would require advertising firms that place persistent tracking technologies on consumers’ computers to register with the FTC all domain names of the servers involved in such activities. Developers of browser applications would be encouraged to create plug-ins allowing users to download the list onto their computers.

The groups’ call for the Do Not Track list comes on the eve of a two-day FTC conference on "Ehavioral Advertising: Tracking, Targeting and Technology."

Malware posing as cute holiday greetings sent by email is as old as the concept of email itself. And yet today, Halloween 2007, a Storm Worm variant is spreading under the auspices of an animated Halloween greeting card that features skeletons cutting a rug to the Venga Boys’ "Boom Boom Boom." According to several vendors announcing the new scam, emails arrive with subject lines including: Happy Halloween; Dancing Bones; The most amazing dancing skeleton; Show this to the kids; Send this to your friends; Man this rocks.

By downloading the Janglin’ Bones Show, users will be mildly amused, or simply distracted, for approximately eleven seconds. During this time, their PCs will be infected with a variant of the Storm Worm, a persistent and resilient bot that allows remote control of the PC and has been used largely to mass-distribute spam. In fact, it’s likely that Storm was used to distribute the e-mail, which was timed perfectly, according to Graham Cluley, a vice president at Sophos anti-virus.