The Microsoft BlueHat conference is a semi-annual event that brings together internal Microsoft security professionals and external security researchers to network and share ideas.

BlueHat v8 was held October 16–17. It consisted of two full days of presentations from internal and external security experts. 

To see session descriptions, speaker bios, and to watch video from the sessions, visit Microsoft BlueHat Security Briefings: Fall 2008.

BlueHat v9 will be held on October 22-23, 2009.

For more information, visit the BlueHat TechNet site, or the BlueHat blog.

The New York Times recently posted an article about a team at Microsoft that works in a "windowless room" investigating how programs skulk around the Internet turning computers into zombies.

We thought this sounded a little scarier than it really is, and that a little more detail might help.

In the world of computer security, bot is short for robot. Bots are software programs that criminals can control remotely to infect your computer without you knowing it.

When criminals send out bots to do their bidding, they typically use them to infect large numbers of computers (known as zombies). These zombies create a network, or a botnet.

Criminals use these botnets to send out spam e-mail messages, spread viruses, attack other computers and servers, and commit other kinds of crime and fraud. If your computer becomes a part of a botnet, you are inadvertently helping these criminals.

For more information and ways to help protect your computer from becoming a zombie in a botnet, see Zombies and botnets: Help keep your computer under control.

To find out more about how Microsoft's Internet Safety Enforcement Team works to control botnets, see the New York Times article, A Robot Network Seeks to Enlist Your Computer.

According to research from North Carolina State University, even sophisticated Internet users can't tell the difference between real and fake warnings about Internet security.

These fake warnings, which might appear in pop-up windows as you surf the Web, are designed to trick you into downloading malicious software. They’re known as rogue security software, and they can appear under many different fake product names.

According to Microsoft's latest Microsoft Security Intelligence Report, rogue security software sightings are increasing as social engineering becomes a more popular vehicle for fraud.

To learn more and to see an example or one of these warnings, see Beware of rogue security software.

Microsoft releases security updates on the second Tuesday of every month. This month Microsoft released 2 security updates.

Get the updates

To download the updates, visit the Microsoft Update Web site. If you have automatic updating turned on, your computer will update and install these security updates.

Read more about the updates

To find out more about the updates, see Microsoft security updates for December.

Get technical information about the updates

For technical details, visit Microsoft TechNet.

Criminals are taking advantage of the confusion over recent bank mergers in the United States to send out fake e-mail messages in an attempt to steal your personal information.

You've probably heard of phishing scams: fraudulent e-mail messages or fake Web sites designed to steal your identity. Scam artists "phish" in an attempt to persuade people to disclose sensitive information.

According to the U.S. Federal Trade Commission, new bank merger scams might say something like this:

“We recently purchased ABC Bank. Due to concerns for the safety and integrity of our new online banking customers, we have issued this warning message... Please follow the link below to renew your account information.”

Or this:

“During our acquisition of XYZ Savings & Loan, we experienced a data breach. We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below to confirm your identity.”

If you click these links, you might be taken to a fake Web site designed for the purpose of identity theft.

For more information about this scam, see Consumers Warned to Avoid Fake E-mails Tied to Bank Mergers.

To help avoid phishing scams:

1. If you think you're received a phishing scam, do not respond to it.
2. Approach links in e-mail with caution.
3. Don't trust the sender information in an e-mail message.

 For more guidance see:

• Recognize phishing scams and fraudulent e-mail
• How to handle suspicious e-mail
• What to do if you've responded to a phishing scam

This week Microsoft released the latest Security Intelligence Report (SIR) based on information gathered from hundreds of computers around the world and from some of the busiest services on the Internet.

 Volume 5 of the SIR provides detailed analysis about the current security threats to your computer, including:

·        Security vulnerability disclosures from Microsoft and third-party software

·        Security and privacy breaches

·        Malicious and potentially unwanted software trends, including local data for more than a dozen different countries.

Download the full version of SIR Volume 5.

Or visit the SIR portal to download the key findings summary, the executive summary, a video by Microsoft experts talking about what's important about the SIR, and more.