It appears that the bug has been used by hackers since at least June 9. Attack code can easily be found on the Web to exploit this vulnerability. In fact, researchers at IBM reported the flaw to Microsoft last year. Microsoft could not or would not say why they had not fixed this problem earlier. But they are no doubt trying to come up with a patch in time for the regular monthly update on July 14.

A researcher at AVG Technologies thinks this bug has the potential to be another Conflicker, or worse. Conflicker exploits a flaw in Windows that was repaired long ago, so all you have to do is keep your Windows up to date. However, this latest threat has no fix yet.

What to do now? Well, you can get the Microsoft tool to disable the ActiveX control here. It sets a whole bunch of kill-bits in the Windows Registry, which turn off the control. You can also switch to IE8, Firefox or Chrome.

The attack apparently relied on a keylogger Trojan, which somehow got onto the county’s computers. The Trojan created a direct connection between the infected Windows computer and the attackers. In this way, the hackers were able to log into the county’s bank account over its own Internet connection.

This is important, because together with some other email trickery, it made the bank think the remote attacker’s computer was newly authorized to access the county’s bank accounts and conduct business.

The important point for us in this cautionary tale of woe is those 25 accomplices. They were initially recruited to edit text and correct grammar (sound familiar?). Then they were gradually led into the illegal money transfer scheme. Many are out thousands of dollars, as their banks froze their accounts and demanded the return of the money transfers.

Do not, repeat not, open or read spam emails. What exactly is spam? Good question. It is simply email you were not expecting, or where you do not recognize the From address. Never click on links in a spam email. You could end up on a malicious site that will damage your computer.

Do not get involved in these kinds of deals requiring money transfers. If in doubt, show the email to your bank.

The Canadian Competition Bureau is warning that victims are losing millions of dollars a month to this type of fraud. But these are just the people who report they have been scammed, usually because they have lost a fairly large sum of money. The real losses could be five to ten times higher. In 2008, over 11,000 victims said they lost almost $10 million to this fraud.

Losses from identity theft, promises of employment, lottery and other fraud are much larger. Even so, please remember that you do not have a long-lost relative in Nigeria, no one left you millions of dollars, and you are not going to get an instant windfall. No matter how difficult your personal situation is right now, do not fall for these scams. It will just make things worse.

Take a look at your update settings by clicking (in Windows XP) Start, Control Panel, System, Automatic Updates. My preferred selection has always been the third option, “Notify me but don’t automatically download or install them”.

If a patch download is interrupted for some reason, your update settings might get changed, or you might not see the notification on the bottom right of your screen. Then the next time you shut down or reboot your PC, updates may suddenly and unexpectedly install.

Even if you select option three as above, updates may automatically download and install. Some users claim this problem has been going on for months.

Microsoft is aware of the problem, and is working on a fix. Others claim that certain popular security programs or a malware infection changes the AU settings. It is important to know when the updates are downloaded and installed on your computer, because they can sometimes cause problems. For example, a year ago a Microsoft patch cut the Internet connection of users who had the ZoneAlarm firewall installed.

Until we get the fix, before shutting down or rebooting, you can go to the Microsoft Update site and download and install all the updates you want. Cancel notification for the remaining ones. That should hopefully prevent any surprises.

Of course this is a phishing scam, so do not fall for it, even if it is a little more polished and sophisticated than usual. Microsoft does not send out emails advising you of updates. You have to go get them at the update site.

Mozilla has released version 3.5 of its Firefox browser. Firefox is now supposed to be more stable, and much faster than earlier versions. As usual, I suggest you wait a while before updating, to see if any bugs or incompatibilities turn up.

Microsoft has announced that Windows 7 will be released to the public on Oct. 22. What to do if you need a new computer now? No problem. Go to your favorite computer store, and find a special offer for a free upgrade to Windows 7 if you buy certain Vista PCs now.

It works like this: You get a check in the mail, and you are asked to deposit it in your account. The check is supposedly for some kind of payment, lottery win, deposit, rent, etc.

Then suddenly the sender pretends to have a change of heart, or discovers the whole thing is an error, and asks for part or all of the money back. That is when you should STOP, take a deep breath, and go talk to your bank or a lawyer.

You are very probably being scammed, because after you return the money you will invariably find the original check was fake. You are now on the hook to your bank for the whole amount.

You should know that it actually takes weeks for a check to clear, or establish that it is in fact good. It may take even longer for overseas checks. Lawyers, business people and Internet experts have been roped in by these schemes, and their endless variations. Do not be one of them.

And that, in turn, means he could seize control of your PC. Update now, if you use Chrome, if it has not updated itself automatically already.

Rather, the object of the exercise seems to be to get you to reply, so that the spammer can grab your email address. Then you will receive much more spam. It could even lead to identity theft.

Other more dangerous emails and Web sites can be expected, of course, so be on guard. If you want information on the late singer, search for it yourself in a search engine or go to a news site.

Initially, so many people were searching on Michael Jackson that Google crashed. However, everything should be OK now.

There is no official patch for this problem yet. We may get one on the next Patch Tuesday, which is July 14, 2009. Meanwhile, Microsoft does have a temporary workaround. Go here, and click the “Fix it for me” tab.

Read and follow the instructions. Should you run into problems, you can easily undo what you have done.

Adobe recommends that you immediately uninstall Shockwave from your computer. Click Start, Control Panel, Add or Remove Programs. Find Adobe Shockwave Player (if you have it) and click it. Click Change/Remove. Follow the steps to remove the program.

Then go to http://get.adobe.com/shockwave/ and reinstall the latest version, which is 11.5.0.600.