A new variant of the Russian Trojan Gozi is circulating on the Web, this time armed with a keylogging function and the ability to scramble itself so it is difficult to detect by anti-virus software.

The Trojan is believed to have been spreading since April 17. Like the original, which was discovered earlier in 2007, the new version of Gozi steals data from encrypted SSL (Secure Sockets Layer) streams.

The latest variant was uncovered May 7 by Don Jackson, a security researcher at SecureWorks in Atlanta. Jackson also found one data cache from the Gozi variant that contained 2,000 new victims and several thousand account records, including bank and credit card account numbers, Social Security numbers, and other personal information.

Microsoft is launching a slew of initiatives to help Web sites identify visitors.

First, the company is kicking off four open-source projects to support the development of ID cards for online users. Microsoft is also releasing one of its identity management specs, Identity Selector Interoperability Profile, under its OSP (Open Specification Promise), meaning the specification is clear of licensing fees or patent worries.

Finally, Microsoft is responding to users’ requests for better direct synchronization of identity information between Active Directory and the OpenLDAP Directory using Microsoft ILM (Identity Lifecycle Manager) 2007 by collaborating on an open-source project with Kernel Networks and Oxford Computer Group to create an OpenLDAP adapter for Microsoft ILM 2007.

More than a third of UK bloggers risk the sack by posting derogatory or damaging details about their workplace, boss or colleagues, a survey claims.

Human resources company Croner, which commissioned the study, warned that such bloggers could be sacked from their job for gross misconduct.

BioFoundry, a division of OSS Nokalva, announced the availability of Java support in its standards-based biometric SDK. Using the BioFoundry SDK, Java biometric applications can be developed on any platform supported by J2SE 5.0 (e.g., Windows, Linux, Solaris). The BioFoundry SDK architecture allows these Java applications to make use of native biometric components that run on one or more Windows machines.

DYS Analytics, whose products and services manage today’s top enterprise messaging platforms, will define the key success factors for corporate email migrations during a panel discussion at next week’s INBOX: The Messaging Industry Event. Using five case studies as examples, DYS will outline the top considerations necessary for consolidation success–and provide a cheat sheet for enterprises that are planning email platform changes.

With the recent debut of Microsoft Server 2007 and upcoming Lotus Notes and Domino 8, many enterprises are considering email upgrades and migrations, which naturally triggers them to evaluate the merits of server consolidation. Such moves can either be brilliant cost-savers, or flops that leave users with poor email/IM performance and invoke the ire of everyone including management. While server consolidations can improve efficiency and cost-savings, they also can dramatically increase WAN network traffic and demands on the consolidated servers. In general, platform vendors’ load estimators only offer generic answers which often greatly miscalculate WAN traffic and server storage/routing requirements.

This instructional session details recent Microsoft Exchange and IBM Notes Domino migrations, including their approach to up-front capacity planning, pre-migration cleanup, the placement of users on specific servers, and overall time to completion. Using the experience of these major firms, the talk reviews the two main approaches to consolidations, and the pros and cons of each. The session concludes by providing attendees with concrete steps on how to best plan, implement and validate the success of an email migration or upgrade project.

When Robin Raskin started in this business, the sign of a true tech-addiction was the ability to imitate a modem’s sound. Or to log in from anywhere, including a pay telephone. And, when you came home you immediately logged into CompuServe or Prodigy–even before going to the bathroom.

Today the signs of addiction are more nuanced, but equally demented. You know you’re an addict if…

In their third effort to enact a federal law targeting spyware, members of the U.S. House of Representatives on Tuesday overwhelmingly approved criminal penalties aimed at anyone implanting certain types of malicious software on computers.

The bill, called the Internet Spyware Prevention Act, or I-Spy for short, punishes anyone who intentionally causes software "to be copied onto" a computer–and damages it or steals personal information–with fines and up to five years in prison.

Microsoft has just patched another critical hole in Vista that it has known about as long ago as last Christmas. The delay was similar to its lag in patching the animated-cursor flaw.

The new problem involves the way that the OS’s Client/Server Run-time Subsystem handles error messages, and it affects Windows 2000 SP4 and Windows XP too. This flaw may not be as severe as the cursor problem, as Microsoft says you’d have to perform certain unspecified "actions" on a malicious Web site before an assault could succeed.

Microsoft announced plans to create a project to develop an open-source translator project between China’s Unified Office Format and the Ecma Open XML File Formats, which are closely tied to Microsoft Office.

The software company will also release the beta for its translation tools for PowerPoint and Excel that support the OpenDocument Format, or ODF.

Symantec’s decision to file lawsuits against eight companies it accuses of selling pirated software was the latest move in the industry’s continuing struggle against counterfeit products.

That it was a top-tier security software provider also highlights the dangers to users who install pirated security products onto their systems.

The eight separate lawsuits, filed over the past several months in U.S. District Court in California and announced May 16, seek more than $55 million in damages from the companies, which include several in California, as well as others in New York, Texas, Florida and Canada.