AUSTIN, Texas--Privacy is not dead in the era of online social networking. It just needs careful curation.

That was the message Saturday from Danah Boyd, a social-media expert who works for Microsoft Research and who was Saturday's keynote speaker at the South by Southwest Interactive (SXSWi) festival here.

SXSW's Saturday keynote speaker Danah Boyd.

(Credit: Danah Boyd)

Boyd is one of the original social-media researchers, having spent years studying the dynamics of how systems like MySpace and Facebook impact teens and youth culture, and how that culture is impacting such services. But she also has demonstrated over the years a keen sense of how people across all age groups use social networks, and her talk touched on many different communities.

The Troyak ISP, which has been linked to the Zeus botnet, was briefly taken down this week. The takedown occurred on the heels of the RSA Conference last week, where there was much talk about the "cat-and-mouse" game of trying to squelch cybercrime. Otherwise, things got a little testy at the ICANN meeting in Nairobi, and iPad pre-orders got rolling. Oh, and the Internet was nominated for a Nobel Peace Prize. Seriously.

1. Zeus botnet dealt a blow as ISP Troyak knocked out, Shutdown of Zeus botnet controller has researchers wondering and After takedown, botnet-linked ISP Troyak resurfaces: The Troyak ISP (Internet service provider), which has been linked to the nasty Zeus botnet, was taken offline, which prompted sighs of relief that, alas, did not last long.

(Credit: Microsoft )

Microsoft said on Friday it is testing a patch to fix a new hole in Internet Explorer 6 and IE 7 following the release of exploit code on the Internet.

With the announcement it seems increasingly likely that the company will be issuing a patch for the hole before the next Patch Tuesday in about four weeks, if the testing of the patch goes quickly.

Microsoft warned about the hole, which it said was being targeted in attacks and could allow an attacker to take control of a computer, in an advisory on Tuesday. The next day, Israeli researcher Moshe Ben Abu released exploit code for the vulnerability after using clues in a McAfee blog post to find existing exploit code and pinpointing the weakness from there.

WASHINGTON (AFP) – Losses from cybercrime and online scams more than doubled in 2009 to 559 million dollars as Internet criminals used more sophisticated techniques, an FBI-led task force said Friday.

The report from the Internet Crime Complaint Center (IC3), said losses in the United States linked to online fraud shot up 110 percent from 265 million in 2008, when losses were up just 11 percent.

"The figures contained in this report indicate that criminals are continuing to take full advantage of the anonymity afforded them by the Internet," said Donald Brackman, director of the National White Collar Crime Center, which runs the IC3 with the Federal Bureau of Investigation.

Matt Drudge and Michael Arrington found themselves this week in an unpleasant position when visitors to their respective Drudge Report and TechCrunch sites were targeted by malware that appeared to have come from ads.

While Drudge vehemently denied it and blamed accusers of playing politics, Arrington acknowledged on Thursday that there had been malware-laden ads on TechCrunch on Wednesday. It's unclear which ad network served up the malware and what type of malware it was, although it was determined to be an ad running JavaScript, he said.

A browser warning that popped up for a blogger at Phat1.com on Wednesday said the TechCrunch ad contained elements from a site that appeared to be hosting malware. A Web search on the name of that site produced a result that said the site was associated with a virus, according to a post on Phat1.com.

The world's largest botnet, Zeus, has had its traffic disrupted by repeated disconnections of a Kazakhstani ISP, but a series of reconnections has revived its banking Trojan activity, according to security researchers.

The botnet mainly pushes out the Zeus banking Trojan, an information-stealing keylogger that relays sensitive data back to its controllers. The Kazakhstani Internet service provider AS Troyak provides network connectivity to six other ISPs that host Zeus botnet command-and-control servers. On Wednesday, the upstream connectivity to AS Troyak was cut by unidentified agents.

This disconnection resulted in the shutdown of 25 percent of the Zeus botnet, said security company ScanSafe, which is part of Cisco Systems.

Read more of 'Zeus botnet shaken by ISP cutoffs' at ZDNet UK.

BEIJING (AFP) – China on Friday warned Google it would face "consequences" if it stopped filtering its search results, after the firm threatened to leave the country over cyberattacks and web censorship.

The comments from the minister of industry and information technology, Li Yizhong, came after the US Internet giant said it was prepared to leave the world's largest online market if Beijing continues to insist on its censoring its web searches.

"We support (Google) to expand its business and market share in China," Li told reporters at a briefing on the sidelines of the annual session of the National People's Congress, the country's parliament.

published exploit code for the latest Internet Explorer zero-day flaw on the Web and Microsoft is warning that more attacks against the unpatched vulnerability can be expected in-the-wild. One thing seems to be more apparent with each passing Internet Explorer (IE) vulnerability: its time to upgrade the Web browser.

This zero-day exploit of Internet Explorer is just the most recent demonstrating that IE8 is more secure than its predecessors--especially IE6. Security aside, Web hosts and developers generally despise IE6 as well. For evidence of this fact you need look no further than the extensive list of supporters displayed on the IE6nomore.com site.

BEIJING (AFP) – Google said Thursday that it was in talks with China on the future of the US Internet giant in the Asian nation, after the firm threatened to leave over cyberattacks and state web censorship.

"We are indeed in active discussions with the Chinese government but we are not going to engage in a running commentary about those conversations," Google China spokeswoman Marsha Wang told AFP.

"We've been very clear that we are no longer going to self-censor our search results."

Moshe Ben Abu announced his Internet Explorer exploit on Twitter.

(Credit: Twitter)

An Israeli security researcher has published exploit code for an unpatched hole in Internet Explorer that Microsoft disclosed two days ago.

Microsoft had warned in an advisory that a new vulnerability in IE 6 and IE 7, which could allow an attacker to take control of a computer, had been targeted in attacks .

Releasing the exploit code publicly increases the chances of attacks on the zero-day hole and could pressure Microsoft to issue a patch before its next scheduled Patch Tuesday in four weeks.

LimeWire's peer-to-peer file-sharing network has been notorious as a malware ghetto, where distributed files that have legitimate-sounding names turn out to be Trojan horses hiding pernicious threats. In an effort to attract more users to the LimeWire premium upgrade and to protect those users better, the company signed a deal with AVG on Tuesday to extend download file scanning and blocking to LimeWire Pro users.

By integrating AVG's anti-virus SDK engine, all files that a LimeWire Pro users downloads will now be scanned before they run. A pop-up will appear letting users know when a file has been scanned or blocked.

(Credit: Twitter)

Twitter is launching a new service designed to stop users of the social-media site from getting duped by phishing links that steal their login credentials and other attacks.

The company will route all links submitted to the site through a filter created to catch links that lead to malware, the company said on the Twitter blog on Tuesday.

'A couple weeks ago, Biz [Stone, Twitter co-founder] explained how Twitter users were being victimized by phishing scams spread primarily through links in direct messages,' the post said. 'Basically, people click the link and bad things happen. My team can only detect these scams after malicious links have already been sent out.'

LimeWire, one of the biggest peer-to-peer networks, has announced that the company is integrating AVG anti-malware protection into its LimeWire Pro service.

The $34.95/year Pro service also adds many other perks, such as faster downloads, a video player, access to BitTorrent and Gnutella as well as tech support. Users will see a "Protected by AVG" message whenever a downloaded file is scanned and cleaned. Users of the free LimeWire Basic software do not get the AVG protection.

P2P networks have become a major source for the spread of malware. Some analysts have been predicting that they would be the largest medium of malware distribution this year. LimeWire+AVG should help their network, but probably won't do much systemically because of the lack of support for Basic. LimeWire couldn't get me numbers on what percentage of their users have Pro, but it has to be relatively small. TO some extent the protection will radiate out from Pro users who serve to Basic users. Anyway, that's the optimistic point of view.

(Credit: WhitePages.com)

WhitePages.com has stopped ad networks from delivering ads to its site after they were found to contain fake antivirus malware.

'On Monday morning WhitePages received reports from users [about] malware in the form of a fake antivirus upsell program that we believe originated (against our terms) from a third-party advertising network serving ads on our website, in addition to other websites,' a WhitePages spokeswoman said in an e-mail late Tuesday.

'We immediately suspended the networks in question at which time the reports from users subsided,' she wrote. 'We are working diligently to prevent this from happening in the future.'

LifeLock CEO Todd Davis

(Credit: LifeLock)

LifeLock has agreed to pay $12 million to settle charges that the company failed to protect customers against identity fraud as advertised and put customer data at risk.

The company was known for its bold marketing tactics, including one that backfired after Chief Executive Todd Evans put his Social Security number in ads to promote the company's service and then had someone use his identity to take out a loan in 2007.

The U.S. Federal Trade Commission and 35 state attorneys general had accused the Tempe, Ariz., company of deceptive business practices for making false claims to promote its identity theft protection services, for which it charged $10 a month. It is one of the largest FTC and state-coordinated settlements on record, the FTC said in a statement on Tuesday.