Here's one to make you smile. An underground malware and hacking forum got a taste of its own medicine when it was itself hacked by a digital vigilante.

A post from F-Secure says the underground pakbugs.com forum drew malicious hackers who bought and sold malware, stolen credit card numbers and the like. That is, until someone going by "Catch Them" broke into the site and gathered the full list of registered users, including their forum passwords and e-mail addresses, which the vigilante then posted to the Full Disclosure security mailing list. The F-Secure post includes screen shots of the pakbugs site and the users list.

A triple-payload e-mail attack that uses a fake shipping confirmation notice with a supposed attached label is making the rounds, according to Webroot.

A write-up from the company describes a social engineering ruse designed to nail someone who wasn't paying close attention, with a .zip file attachment that contains an executable disguised with an Excel file icon. The text of the e-mail tells the recipient to open the attachment to print a shipping label (one big clue that this is a scam).

The NYTimes.com site warned Sunday that it had inadvertently displayed an "unauthorized advertisement" over the weekend that tried to use fake malware warnings to trick viewers into installing scareware.

The various analyses of this attack point to a browser hijack, which uses Javascript to display the fake scan warnings in modified browser windows. As long as you're not tricked into downloading any software, security experts say this type of attack is relatively harmless. But fake malware warnings can also signal an existing malware infection on your PC.

Firefox users, get ready for the Update Available pop-up: New versions for the 3.0 and 3.5 browser lines that fix critical security holes are now available.

One serious bug in the "BrowserFeedWriter" could be hit with malicious Javascript code to run an attacker's command with elevated privileges. A second critical TreeColumns dangling pointer vulnerability, along with a third set of critical issues in the browser engine, could allow a bad guy to crash Firefox and run "arbitrary code," which might be to install malware, on a vulnerable computer.

A new security vulnerability involving the Server Message Block protocol, used for Windows file-sharing, can allow a remote attacker to take control of a vulnerable Vista, Server 2008 or Windows 7 RC computer, in addition to causing it to crash as previously reported.

Security researchers found that the bug could be hit to cause the venerable Blue Screen of Death computer crash if a PC has file sharing enabled. But in Security Advisory 975497, released yesterday, Microsoft wrote that "an attacker who successfully exploited this vulnerability could take complete control of an affected system. Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart."

Today's Patch Tuesday fixes from Microsoft include six critical bulletins that head off potential attacks involving poisoned media files and Web pages, along with wireless and TCP/IP security holes. An under-attack FTP flaw remains unfixed.

Two patches, MS09-045 and MS09-046, fix vulnerabilites that could allow attack code hidden on a Web page to run any command on a vulnerable computer. The first shores up multiple versions of the JScript Scripting Engine and is rated critical for Windows 2000, XP, Server 2003, Vista and Server 2008 (except for Windows Server R2 for x64 and Itanium systems). The second closes a hole in the DHTML Editing Component ActiveX control, and is considered critical for Windows 2000 and XP, and moderate for Windows Server 2003. Windows Vista and Server 2008 aren't affected by the ActiveX flaw.

Here's a sneaky one for you. According to Sophos, a piece of spyware is masquerading as a Flash player plug-in for Firefox. Its installation screen looks legit (per examples in the Sophos post), and it will even show up thereafter in the list of Firefox extensions as "Adobe Flash Player 0.2."

But you don't get video with this plugin -- instead, it will spy on your Google searches and send the data to a "remote server," and will also insert ads onto Web pages you view.

A critical flaw in the FTP component of Microsoft Internet Information Service (IIS) can allow an attacker to execute malicious commands on a server, Microsoft warned in a new security advisory.

According to a Microsoft Security Research & Defense post, if a vulnerable IIS 5.0 (Windows 2000), 5.1 (XP) or 6.0 (Server 2003) FTP service attempts to list a "long, specially-crafted directory name," a stack overflow will occur that can allow for remote code execution. IIS 7.0 (Vista, Server 2008) is not vulnerable, according to the post.

The Swiss creator of a Skype Trojan that can intercept calls made using the VoIP program has released the Trojan's source code online in an attempt to allow for its widespread detection.

In a translated interview with gulli.com, Ruben Unteregger says that with the Trojan's publication, "it will get analysed... signature patterns will be created by antivirus companies, the malware will be detected, blocked and deleted, if it tries to infect a system."

A new version of Google Chrome currently pushing out via auto-update closes high-risk security holes in how the browser handles Javascript and XML.

The first fix for the browser's Javascript engine heads off a problem that could allow malicious Javascript on a poisoned Web site to steal data or "run arbitrary code," which usually translates to "install malware." Google says a (currently unavailable) post with more info on the bug will be made public "once a majority of users are up to date with the fix."

A relatively mild virus that spreads by infecting the Delphi programmer tool, and thereby infecting any program created with that tool, has been recently identified in some popular downloads.

According to Kaspersky, the Induc virus doesn't carry a malicious payload, and is therefore likely low risk. But the virus has not been detected until recently, and spreads by first infecting versions 4 through 7 of Delphi. Instructions for manually identifying infected Delphi versions are available from delphipraxis.net.

Flash cookies placed by many of the most popular Web sites are being used to track site visitors, even going so far as to re-create http tracking cookies after they're deleted by privacy-conscious surfers.

A new study released by researchers at the University of California, Berkeley, and other universites found that the Flash cookies, or local shared objects, are used on 54 of the top 100 Web sites, as ranked by Quantcast. The Flash cookies are stored in a different location than regular http cookies, and are not removed if you delete cookies from within your browser. Per the report, "even the ‘Private Browsing' mode recently added to most browsers such as Internet Explorer 8 and Firefox 3 still allows Flash cookies to operate fully and track the user."