The site asks that “if you agree that Facebook doesn’t respect you, your personal data or the future of the Web” then you may want to join in quitting Facebook on May 31, the date it has declared as the official “Quit Facebook Day”.

The site is the creation of systems designer Matthew Milan and technologist Joseph Dee, who say that for them, “it comes down to two things: fair choices and best intentions”. Milan writes that they “just can’t see Facebook’s current direction being aligned with any positive future for the web, so we’re leaving.”

Facebook has been facing yet another backlash after announcing further changes to its privacy policy during its f8 developer conference last month. Many users take issue with the social network’s now-default opt-out inclusion of its users in new features and services and “How do I delete my Facebook account” has become a top search suggestion on Google.

But while Milan and Dee quote a number of sources on what alternatives there might be to Facebook, the reality is that few exist. We’ve all heard of Diaspora now, but do we really believe that the future of social networking lies in an alternative that needs users to have their own server and install code?

Milan has an amusing take on what he’ll do instead of continuing on with Facebook:

At this point I’d rather use 4chan to connect with my family and friends than Facebook. It might be full of pictures of prolapsed anuses and Japanese cartoon porn, but at least it has tripcodes and a healthy dialog (based in action, not words) around the evolving nature of online identity and privacy.

Milan also remains, well, realistic about Facebook’s more than 400 million users, saying that he doubts that his act will compel many others to leave, but that it will show that he cared about his data. He also writes that “when there’s a market need, it’s not long before better options appear” and “the best thing to do is to contribute to that need – and that’s what Quit Facebook Day is about.”

Sources asked Milan if he had anything to add about why he was quitting Facebook and he said “I want to reiterate is that privacy is not why I’m quitting FB – Privacy is a symptom of a set of larger issues, but for most, it’s the easiest to understand.”

The site has only been up for a couple of days, but as of right now, it has nine people signed up to quit.

If you’re ready to make the jump, simply go to QuitFacebookDay.com and enter your Twitter handle, if you have one. Otherwise, you can enter your email address and, if quitting Facebook is something you’ll need a reminder about, then QuitFacebookDay.com will send you one.

Will you make the commitment? Will you contribute to that need? While I do not agree with many of Facebook’s actions, there’s one simple reality that I look to – all of my friends are on Facebook and until that changes, that’s likely where I’ll stay.

Unlike its predecessors, however, this sample uses the file name AV.exe. If users are not into computers, they may think this is a valid antivirus application. It uses registry shell spawning as autostart technique, which means the malware is executed every time a user runs files that have the .EXE file name extension. It also uses any of the following application names:

• %1 Antispyware 2010
• Antivirus %1 2010
• %1 Guardian 2010
• %1 Guardian
• %1 Defender 2010
• %1 Antivirus
• %1 Antivirus 2010
• %1 Antivirus Pro
• %1 Antivirus Pro 2010
• %1 Internet Security
• %1 Internet Security 2010

Note that %1 refers to the OS installed on the affected machine. This makes the malware flexible in that it is able to take advantage of the features of an infected user’s OS.

Whenever an infected user attempts to access the Internet via Internet Explorer (IE) or Firefox, this malware displays warning messages saying these browsers are malicious. (Internet Explorer on the left and Firefox on the right)

This may cause the user to panic since these are two of the most commonly used browsers. Users who are tricked into purchasing the bogus product are redirected to multiple rogue antivirus domains.

This list ensures that the malware can access other domains even if some have already been taken down. Lastly, this malware does not allow users to execute files from security companies, which prevents the affected user from scanning the affected computer.

When faced with these kinds of false alarms, I would urge users to calm down and avoid purchasing rogue antivirus products. This does not help solve the problem. Instead, it makes things even worse, as this is just a waste of hard-earned money.

This is only the latest tactic seen from the perpetrators of rogue antivirus malware. Recently, advanced threats researchers spotted another FAKEAV run using Sandra Bullock’s recent marital difficulties to spread malware. If you have any questions about this type of malware, please feel free to contact me and I will be glad to answer any of your questions.

In the space of only two days, February 8 and 9, the HTML/Goldun.AXT campaign detected by Fortinet accounted for more than half the total malware detected for February, which gives some indication of its unusual scale.

The attack itself takes the form of a spam e-mail with an attachment, report.zip, which if clicked automatically downloads a rogue antivirus product called Security Tool. It is also being distributed using manipulated search engine optimisation (SEO) on Google and other providers.

Such scams have been common on the Internet for more than a year, but this particular one features a more recently-evolved sting in the tail. The product doesn’t just ask the infected user to buy a useless license in the mode of scareware, it locks applications and data on the PC, offering access only when a payment has been made through the single functioning application left, Internet Explorer.

What’s new, then, is that old-style scareware has turned into a default ransom-oriented approach. The former assumes that users won’t know they are being scammed, while the latter assumes they will but won’t know what to do about it.

The technique is slowly becoming more common — see the Vundo attack of a year ago — but what is also different is the size of this attack, one of the largest ever seen by Fortinet for a single malware campaign.

Fortinet notes that Security Tool is really a reheat of an old campaign from November 2008, which pushed the notorious rogue antivirus product Total Security as a way of infecting users with a keylogging Trojan.

“This is a great example of how tried and true attack techniques/social engineering can be recycled into future attacks,” says Fortinet’s analysis.

According to Fortinet, the “engine” pushing the spike in ransom-based malware is believed to be the highly-resilient Cutwail/Pushdo botnet, the same spam and DDoS system behind a number of campaigns in the last three years including the recent pestering of PayPal and Twitter sites.

In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

“The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,” read the advisory. “If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.”

Last week, Prodeus called the bug a “logic flaw,” and said attackers could exploit it by feeding users malicious code disguised as a Windows help file — such files have a “.hlp” extension — then convincing them to press the F1 key when a pop-up appeared. He rated the vulnerability as “medium” because of the required user interaction.

Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems — including IE6 on Windows XP — could be leveraged by attackers. Previously, Prodeus had said that users running IE7 and IE8 were at risk, but had not called out IE6.

Until a patch is ready, users can protect themselves by not pressing the F1 key if a Web site tells them to, said Microsoft. ”As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content,” said David Ross with the Microsoft Security Response Center (MSRC) engineering staff in a blog entry on Monday.

“The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key,” Ross added.

The security advisory made the same recommendation: “Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.” Users can also stymie attacks by disabling Windows Help. The advisory explained how to entering a one-line command at a Windows command-line prompt to lock down the Help system.

The company took Prodeus to task for taking the bug public, something it regularly does when researchers disclose a vulnerability or post sample attack code before a patch is available.

“Microsoft is concerned that this vulnerability was not responsibly disclosed, potentially putting customers at risk,” said Jerry Bryant, a senior manager with the MSRC, in an e-mail. By Prodeus’ account, he notified Microsoft of the flaw Feb. 1, about four weeks before publishing his findings.

Microsoft has not set a timeline for a fix, saying only that, “Microsoft will take the appropriate action to help protect our customers.” The next scheduled security patch date for the company is March 9.

Although it does not rate the severity of vulnerabilities in its advisories, Microsoft noted that hackers exploiting the VBScript flaw using Windows Help and Internet Explorer could grab complete control of a Windows system. Customers running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 are safe from such attacks, Microsoft said.

An analysis of Internet threats by Network Box in August 2009 shows that which peaked in July (when volumes increased by 300 per cent), are down again at levels seen in June (around four viruses per customer, per hour). Spam is also down slightly, averaging around 90 spam e-mails per customer, per hour (from a peak of around 120 in May).

The U.S. continues to dominate as the main source of the world’s viruses, producing 15.9 per cent of all viruses. It is followed closely by Brazil, which produces 14.5 per cent (similar levels to last month’s 14.1 per cent). Brazil continues to be the biggest source of spam, producing 11.6 per cent of all spam, followed by the US at 8.6 per cent and South Korea at 7.2 per cent.

South Korea remains the biggest source of intrusion attacks, at 17.3 per cent. Phishing attacks also remain high, at 33 per cent of all viruses. This is down slightly from last month’s 36.2 per cent, but still significantly higher than in June, when phishing attacks made up just five per cent of all viruses.

What a majority of web users today do not realize is that applying patches to their system are the number one way to prevent infections.

Network Box lowered its global alert condition to Level 2, saying it has been the lowest in nine months. This means there are limited virus/worm activities, with no major unexploited vulnerabilities or threats.

Mark Webb-Johnson, CTO of Network Box, said: “The large number of recent vulnerabilities announced by both Microsoft and Apple led to a frenzy of malware activity spearheaded by an unprecedented large number of website defacements. What we’re now seeing is that those who have already patched are protected and those that haven’t are already infected — so the number of new infections appears to have levelled off.”

Simon Heron, Internet security analyst for Network Box, added: “Businesses and individuals still need to be alert to threats through the remainder of the summer, particularly phishing attacks. We’ve seen a huge increase in SQL injection attacks so it’s important that anyone using Web-based applications or servers keeps their security up-to-date.”

While threat landscape currently remains stable, Network Box said it will continue to closely monitor and re-evaluate the situation as necessary, especially with Microsoft’s Patch Tuesday coming next week. Let this be another reminder that keeping your system up-to-date is one of the best things you can do along with using antivirus software to keep you and your system safe.

In a Federal Trade Commission (FTC) law enforcement action, the court found that the five defendants, located in Canada and St. Kitts, violated the FTC Act and CAN-SPAM Act by participating in the spam operation. The court order bars the defendants from violating the CAN-SPAM Act and from making false or unsubstantiated claims about the health benefits of any food, drug, or dietary supplement.

The FTC charged that the operation used spammers to drive traffic to Websites selling an extract of the Hoodia gordonii plant it claimed would cause significant weight loss, and a “natural human growth hormone enhancer” it claimed would reverse the aging process. The FTC alleged that these claims were false or unsubstantiated, and charged the defendants with deceptive advertising in violation of federal law. It also alleged that the spammers sent e-mail that contained false “from” addresses and deceptive subject lines, and that they failed to provide a required opt-out link or physical postal address.

The case, filed by the FTC in October 2007, marked the first time the agency invoked the US SAFE WEB Act, a federal law designed to protect consumers from cross-border fraud and deception. The legislation enhances the agency’s ability to exchange information with foreign counterparts and helps protect consumers from cross-border spam and spyware distribution, as well as Internet fraud and deception. The FTC’s complaint charged eight defendants — Spear Systems (a U.S. company), three other corporate defendants, and four individuals.

The FTC settled with three defendants in the case — Spear Systems and two individuals, one in the United States and one in Australia — in May 2008. The agency was unable to reach settlements with the remaining five defendants, who are the subject of the court order announced today: Xavier Ratelle and Abaragidan Gnanendran, of Quebec, Canada; and corporate defendants 9151-1154 Quebec, Inc., 9064-9252 Quebec, Inc., and HBE, Inc. The final orders were entered by the United States District Court for the Northern District of Illinois, Eastern Division.

Although this seems to be a win for the good guys, the bad news is that something like this doesn’t even make a small dent in the problem of spammy emails that flood our inboxes from day to day. We can only hope for more and more of these types of cases to come up because over time, people might actually start to shy away from these methods if the penalties are too high.

What makes it worse is that the people who out there making all the bad and dangerous stuff on the internet do it for a couple different reasons. A few of them being to steal your personal information (such as bank information, credit card numbers or usernames and passwords), try and scam you with bogus software, or just mess up your computer for the fun of it because they can. I like to call these people “the bad guys”.

While there are a ton of people out there making these bad programs and websites, there are also a big number of people who are on the other side writing software and various tools to help protect your computers as well as clean them if they have gotten infected.

Most users don’t realize that just having an antivirus program is not usually enough to keep you safe from all the bad things that our out there trying to get into your system. I found an great article that talks about 10 pretty simple ways to increase your online security so you don’t have to worry when browsing the web or checking your email. So lets get on to the list!

1. Augment your anti-virus tool
2. Switch to plain text mail
3. Don’t click mail links
4. Vet your email
5. Switch web browser
6. Check web sites before you visit
7. Manage your passwords
8. Screen all downloads
9. P2P basics
10. Create a virtual sandbox

These 10 things are a great start to help keep your PC safe from a majority of the threats that are out there lurking in the shadows of the internet. While these aren’t fool proof, they can help the average user stay away and avoid all together most stuff that can harm their computers.

For a description of each of these 10 ways to further protect yourself, head over to this article on techradar.com to read up on each of these steps.

Microsoft has been preparing users for IE8 for a good year now, stressing performance improvements, better support for Internet technology standards, the addition of new features to help people keep track of most visited sites and favorite sources of information, and of course, security, as highlights of the new browser. According to the report Microsoft released Thursday, based on research conducted by NSS Labs, IE8′s Release Candidate 1 was 69 percent effective at catching malware before it did damage to a user’s system. Mozilla Firefox 3.07 came in second with a 30 percent effectiveness rate, with Apple Safari’s 3 in third place with a 24-percent rate and Google’s Chrome 1.0.154 in fourth place with 16 percent effectiveness rate

NSS Labs said in the report that the data was collected from tests conducted in just over 12 days from Feb. 26 through March 10 in its labs in Austin, Texas. During the course of the test, the company said it monitored connectivity to ensure the browsers could access the live malware sites being tested, and performed 141 discrete tests. The margin of error of the tests was 3.76 percent, according to NSS Labs. Amy Barzdukas, a senior director at Microsoft, acknowledged that it might be a conflict of interest for Microsoft to sponsor a report in which IE8 came out on top in terms of security. However, she encouraged people to “look closely at the results” before making a judgment call on the validity of the report.

IE8 will be included as part of the Windows 7 OS. However, for the first time since adding browser technology to its operating system, Microsoft will give users the ability to turn off IE8 as a feature in the system. This decision was outlined in a blog post on the Engineering Windows 7 blog. Microsoft is under pressure from an ongoing antitrust case in the European Union to give users more browser choice in Windows.

Vulnerability Protection

An advance notification of the patch published Tuesday describes it as protection for a “remote code execution” vulnerability. The move follows Microsoft’s security advisory posted last Wednesday and updated Monday explaining the vulnerability and suggesting temporary “workarounds” for protection.

Serious Flaw

The flaw can be used to let attackers steal personal data such as passwords if a user visits a compromised Web site, of which at least 10,000 are thought to already exist. Thus far, the vulnerability has been used primarily for grabbing gaming passwords for black market sales. The hole could, however, potentially also be used to steal more sensitive information such as banking passwords and other private information.

Some security analysts had gone as far as to suggest all IE users switch to a competing browser (such as Firefox of Chrome) until Microsoft found a suitable fix.

Getting the Patch

Microsoft’s emergency security patch will become available Wednesday at 1 p.m. EST at the Microsoft Update site as well as at the Microsoft Download Center. All users of IE5, 6, and 7 are advised to install it. A separate patch is expected to be made available for users of IE8 Beta 2. Expect to see far more detail by midday Wednesday when Microsoft officially issues its security bulletin.