Archive for November, 2006

HOSTS File Update

Updated the HOSTS file today … http://www.mvps.org/winhelp2002/hosts.htm Download: hosts.zip (121 kb)http://www.mvps.org/winhelp2002/hosts.zip How To: Download and Extract the HOSTS filehttp://www.mvps.org/winhelp2002/hosts2.htm HOSTS File – Frequently Asked Questionshttp://www.mvps.org/winhelp2002/hostsfaq.htm Note: the “text” version makes a great resourcefor determining possible culprits … (495 kb)http://www.mvps.org/winhelp2002/hosts.txt Sign up for HOSTS file update noticeshttp://www.mvps.org/winhelp2002/hosts.htm#contribute

VirusBursters replaces SpywareQuake

Running a check today I noticed that SpywareQuake has been dropped (no longer returns a valid DNS reply), however it has been replaced by VirusBursters which is run by the same people as Malwarewipe, Spyaxe, SpyFalcon, SpywareStrike, VirusBurst. The new version is not very well detected after running a check of the download via VirusTotal. […]

Can Sponsored Links be trusted?

Can search results Sponsored Links be trusted? … not always and a lot depends on who you use for searching. A prime example is to search for the term “antispyware” a very common subject, but the “Sponsored” results can be quite different. IE7 Live Search on page 2 shows “Winantispyware” … oh my! Or search on […]

Oh Google make up your mind

While researching a few suspicious sites I ran across a warning from Google … Ok so I visit StopBadware.org to see what harmful content is on that page and I find this: You landed on this page because members of the public reported this website to StopBadware.org as hosting or distributing badware. Though our researchers […]

Oh what a Screensaver!

Following up on a tip today about a bundled install from Relevence Marketing … let’s see what we get from their download “PuppyScreenSaver.exe” which is not really a screensaver but a Trojan Downloader that once run downloads a bundle of files … first the file was submitted to VirusTotal … oh look what we get […]

Yet another IFrame Exploit

I found another site that has been hacked and several exploits have been injected into the page. The culprit is well known for hacking sites and Forums that do not have their latest updates installed … This is a 2-prong attack using 2 IFrame entries and a malicious Javescript, the first IFrame is detected by […]

Microsoft sues Screen Saver Creator

Microsoft Files Suit Against Creators of Spyware-Bearing Celebrity Screen Saverhttp://biz.yahoo.com/prnews/061114/sftu116.html?.v=67 This suit involves one of the defendants named in this court action:Court Shuts Down Media Motor Spyware Operation Of note (from the pdf files) in the suit is the following excerpt:IDENTIFICATION OF SOFTWARE PROVIDERS IT IS FURTHER ORDERED that the Corporate Defendants and Individual Defendants […]

pcbutts1 … the saga continues …

Recently I was notified that pcbutts1 has plagiarized my HOSTS file, edited the header and is now offering it as a download via the various Newsgroups … this is not the first time he has claimed one of my files as his own.Although the header in the HOSTS file was edited he forgot to remove one […]

Another "codec" site

As fast as they get detected and shutdown, more just pop-up [:@]Hosted where else? Inhoster/EstDomains 85.255.118.155 dvdaccess(dot)netThe "Terms of Service" provides an interesting read:THIRD-PARTY SOFTWARE As the Software is freeware, the Licensor reserves the right to install third-party software in conjunction with the main Software product, if you disagree with this please do not install […]

"Rogue/Suspect Anti-Spyware Products" Revisited

It makes you wonder just how many Rogue products one company thinks is enough?At the moment it looks like "Nelroy LTD" has decided on 15! … Beware of Imposters!67.15.15.177  get.adarmor.com67.15.15.177  get.adwarebazooka.com67.15.15.177  get.adwarepunisher.com (server down?)67.15.15.177  get.breakspyware.com67.15.15.177  get.fixerantispy.com67.15.15.177  get.hitvirus.com67.15.15.177  get.razespyware.net67.15.15.177  get.remedyantispy.com67.15.15.177  get.spyanalyst.com67.15.15.177  get.spycut.com67.15.15.177  get.spydefence.com67.15.15.177  get.spyiblock.com67.15.15.177  get.spyofficer.com67.15.15.177  get.spywaredisinfector.com67.15.15.177  get.thespyguard.com (server down?)All of the above you'll find listed here: […]