Security company AVG is upgrading a component of its antivirus software so as not to place an undue traffic load on the Web sites it scans.

The company has already released a patch for LinkScanner, part of its Anti-Virus Free Edition 8.0, and will release a patch for the paid versions of the software on Tuesday, said Lloyd Borrett, marketing manager for AVG in Australia and New Zealand.

The behavior of AVG’s LinkScanner caused much animosity toward the Czech-based company, including a Web site dedicated to the issue, despite the popularity of its free security software.

Web site owners complained LinkScanner was hitting their sites repeatedly, using up the bandwidth they paid for and causing their Web analytics programs to suddenly record high numbers of visitors. AVG acquired LinkScanner’s maker, Exploit Prevention Labs, in December 2007.

Cybercriminals are exploiting a bug in software used by Microsoft’s Access database program in a new online attack, Microsoft warned Monday.

The flaw lies in the Snapshot Viewer ActiveX control, which ships with “all supported versions of Microsoft Office Access except Microsoft Access 2007,” Microsoft said in a security advisory, published Monday.

Microsoft released few details of how the bug is actually being exploited, but said that it is investigating an ongoing computer attack that takes advantage of the problem. “The attack appears to be targeted, and not widespread,” wrote Bill Sisk, a Microsoft spokesman, in a blog posting.

Attackers are trying to lure victims to a specially crafted Web page that tries to run the attack code within Internet Explorer. The bug gives attackers a way to run their malicious software on the victim’s machine.

Some new statistics just came out regarding Browser Security, this is more in terms of which users are most likely to apply patches and be using the most secure version.

I would have thought Firefox would have been pretty high since the newer series prompt automatically new patches. My only guess is a lot of people are still using 1.5x series which didn’t have that feature.

It turns out, that Internet Explorer is the ‘most secure’. Well that’s very subjective as IE doesn’t show sub versions like the other browsers do..and Windows Updates pushes out patches quite agressively. It also depends which set of data you look at as both conflict, one says Firefox users are more secure and one says IE.

Traditionally, a web spider system is tasked with connecting to a server, pulling down the HTML document, scanning the document for anchor links to other HTTP URLs and repeating the same process on all of the discovered URLs. Each URL represents a different state of the traditional web site. In an AJAX application, much of the page content isn’t contained in the HTML document, but is dynamically inserted by Javascript during page load. Furthermore, anchor links can trigger javascript events instead of pointing to other documents. The state of the application is defined by the series of Javascript events that were triggered after page load. The result is that the traditional spider is only able to see a small fraction of the site’s content and is unable to index any of the application’s state information.

As predicted, hackers tried to trick users into downloading the Storm bot Trojan Friday by unleashing a flood of Fourth of July spam bearing links to malicious sites, several security companies reported.

The spam campaign, anticipated earlier in the week by MX Logic Inc., used messages with subject headings ranging from “Amazing firework 2008” and “Celebrating Fourth of July” to “Light up the sky” and “Spectacular fireworks show,” said U.K.-based Sophos Plc. in an alert posted to the Web Friday.

Links in the spam led to hacker-controlled sites that trumpeted a video clip worth downloading. “Colorful Independence Day events have already started throughout the country,” the malicious sites claimed. “The largest firework happens on the last weekday before the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework just click on the video and run it.”

The file pitched to users was an executable: “fireworks.exe.”