Archive for April, 2007

Microsoft releases Security Intelligence Report

Microsoft Security Intelligence Report (July – December 2006)Overview: An in-depth perspective of software vulnerabilities, malicious code threats, and potentially unwanted software, focusing on the second half of 2006. What I found interesting in their research is the WinFixer group is listed twice in the top six of Rogue Security products. Ever wonder why you never […]

WinFixer and ValueClick in the UK

Browsing to winfixer.co.uk we find yet another connection between WinFixer and ValueClick. As you can see clicking the “Download Now” button routes you thru “adfarm.mediaplex.com” (ValueClick) Once you click the button you end up on a (secure HTTPS) site where as you can see ValueClick supplies a WebBug (1×1 hidden image) to obtain a commission […]

More on WinFixer and ValueClick

Landing on “gaylovetwinks(dot)com” we find yet another adult site that generates it’s revenue from linking to known Trojan.Codec sites. What is disturbing is again we find the WinFixer gang (Warning banner for go.sexprofit link) involved with this type activity. What’s even worse … is when the McAfee SiteAdvisor bot scanned the same site we find another […]

More on WinFixer

Following a tip from one of my fellow Security researchers … winpornvids(dot)com This is yet another Trojan.Codec site where clicking on a image the viewer is presented the bogus message “Windows Media Player is unable to play movie file.” While this is nothing new, what I find interesting is here again we find the WinFixer […]

Are Advertisers promoting Malware?

I was going to blog about another Trojan.Codec site I found, but truthfully this is getting boring … instead I thought I’d do a follow-up on something I saw at Sunbelt’s blog … Looking at the image SunBelt provided I saw oemtop(dot)com at the bottom. Now this is yet another “Google Warning” site … so […]

Yet Another bogus Image ActiveX Object Error

Landing on freeimageheaven(dot)com the visitor is presented with the following … (bogus error) This is another one of these sites that trap the visitor … no matter which button you click you can not get out. If you click OK you are presented with a Trojan.Zlob file from imagemediasource(dot)com. However you can close the browser […]

HOSTS File Update 04-08-07

The MVPS HOSTS file was recently updated [04-08-07]http://www.mvps.org/winhelp2002/hosts.htm Download: hosts.zip (133 kb)http://www.mvps.org/winhelp2002/hosts.zip How To: Download and Extract the HOSTS filehttp://www.mvps.org/winhelp2002/hosts2.htm HOSTS File – Frequently Asked Questionshttp://www.mvps.org/winhelp2002/hostsfaq.htm Note: the “text” version makes a great resourcefor determining possible culprits … (555 kb)http://www.mvps.org/winhelp2002/hosts.txt Sign up for HOSTS file update noticeshttp://www.mvps.org/winhelp2002/hosts.htm#contribute

Patch available for the ANI exploit

Everyone should make sure they have patched their system against this very nasty exploit! The ANI exploit (Vulnerability in Windows Animated Cursor Handling) is still live in many places either by design or a hacked site. Working on a tip from Kat H about hornys-place(dot)com I found Google has already placed a warning about this […]