When I opened my email this evening and got bombarded with several suspicious PDF attachments, that's exactly how it felt - a PDF Spam Attack. My first inclination was to consider there might be a new exploit about. So I went searching for clues and came across Nick Kelly's (McAfee) blog post from earlier today.

Imagine opening your email inbox and reading a message from an alleged assassin - claiming you're the target. It sounds like something out of a horror movie, but it's been happening in real life to hundreds of people. The gist of the email - pay the hitman thousands of dollars, or die. The FBI reports receiving 115 separate complaints since the hitman spam was first spotted in early December 2006.

Last Thursday, Mary Winkler was convicted of voluntary manslaughter for the March 2006 murder of her husband, Matthew Winkler. The day prior to the murder, bank officials had placed a call to Mary Winker for alleged check kiting. Reports claim Winkler had fallen victim to advance fee fraud and was floating the checks to cover-up those losses.

Scams, in general, are the new malware delivery method. Social engineering is the norm. Falsifying a link is the hallmark of phishing scams, seeded downloader Trojans, and other web-based malware. To understand how trivially easy it is for a malicious person to falsify a link, see: "Ferreting out a Fake".

Criminal emailers are increasingly exploiting MS04-013, an MHTML URL Processing vulnerability which allows a remote attacker to automatically and surreptitiously download and execute arbitrary code via miscreant websites or email. In many cases, the scammer uses a common phishing technique, composing an email that masquerades as correspondence from a legitimate financial institution. As with phishing scams, the email claims there is a problem with the user's account in an attempt to entice them to click the link and visit the spoofed website. Once on the site, the phishing scam ends and the malware takes over - a downloader Trojan is forced onto the victim's computer and executed, which in turn can be exploited to download other malicious code.

System Safety Monitor from System Safety adds a much needed extra layer of defense against today's malware attacks. The behavior and rules based controls provide critical insight into the otherwise invisible workings that - left undetected - can too often allow infection to occur. Learning mode can help clean systems stay clean and comprehensive reporting can help ferret out and block malware on already infected systems. Manufacturer's Site Pros

Most everyone realizes that antivirus and firewalls are must-have protection. But when protection interferes with online gaming, it can be sorely tempting to disable that protection in favor of uninterrupted play. These antivirus scanners tackle the unique problems of gamers so you can play without sacrificing performance or protection. In addition to being game friendly, each of the scanners below has demonstrated superior detection capabilities through certification bodies such as Virus Bulletin, ICSA Labs, and Checkmark, as well as independent testing from AV-Test.org and AV-Comparatives.org.

There are millions of bot-infected PCs on the Internet. In September 2006, a McAfee study placed the number of machines unwittingly joined to botnets at approximately 12 million - a population larger than the country of Greece. The FBI calls botnets a growing threat to national security and Symantec VP Rowan Trollope warns that those infected with bots risk "having their own identity or personal information stolen" and their PCs being used to carry out "large scale criminal activities." Any way you slice it, botnets are a huge problem and it's a problem that's only getting worse.

McAfee SiteAdvisor is a free online safety service that provides safety rankings for sites you visit or sites that appear in search engine results.

Chances are, there are dozens of security vulnerabilities waiting to be exploited on your system. And while it's easy enough to set automatic updates for Windows, it's not so easy keeping other software up-to-date. Secunia Software Inspector truly takes the pain out of patching, providing a one stop shop to quickly check for - and patch - vulnerable software. From Apple to Sun and nearly everything in between, Secunia Software Inspector detects, reports, advises, and instructs you every step of the way.