Archive for May, 2007

Bogus Connection Software

Landing on “advertising(dot)trafioko(dot)kapo(dot)bestpage-com(dot)biz” the viewer is presented with the following: Hopefully you should know better than to fall for this trick/scam … but sadly some still do … “Tested 100% virus free” liar liar! Now IE7 / Vista running in “Protected Mode” blocks the instant install of this trojan … this is why it is […]

Bogus Video Codec Extension

 Working off a tip from the MIRT Team … landing on hqmovieclub(dot)com you see the following bogus message … However this one is not your basic codec infection rather you end up with: Trojan.Win32.Agent.ahpThere are over 40 other (adult) sites associated with “WmvMediaLease” all cross-linked with each other.

ValueClick cuts ties with the WinFixer Group

There has been no official notice yet but it looks like ValueClick has severed it’s ties with the WinFixer Group. I have checked quite a few of the links that I had previously mentioned [1] [2] [3] and they now no longer redirect to “adfarm.mediaplex.com”. hxxp://go.winantispyware.com/NTY2Mg==/2/3345/ax=1/ed=1/ex=1/af6/now redirects to: (URLs disabled)hxxp://www.winantispyware.com/download/2007/index.php?mtrt=swp_was_common&aid=swp_was7&lid=3345&affid=pp_1594734724&p=was&ax=1&ed=1&ex=1 Although it took 25 days […]

When Hosting Services fail to act

Recently Brian Krebs wrote an article that mentioned a disturbing fact … There is no “notice and takedown” law specifically requiring ISPs and Web hosts to police their networks for sites that may serve malicious software. Well there should be! Now I know not much can be done about foreign ISPs, however the majority of […]

When Giants Collide

Over the last few months there has been a big change in the Internet Giants. Google buys YouTube and then DoubleClick. To a lesser extent Yahoo buys RightMedia, and now Microsoft buys aQuantive … For Google, DoubleClick was a good fit as they were already in use at YouTube, and why pay for your advertising […]

MVPS HOSTS File Update 05-21-07

The MVPS HOSTS file was recently updated [05-21-07]http://www.mvps.org/winhelp2002/hosts.htm Download: hosts.zip (135 kb)http://www.mvps.org/winhelp2002/hosts.zip How To: Download and Extract the HOSTS filehttp://www.mvps.org/winhelp2002/hosts2.htm HOSTS File – Frequently Asked Questionshttp://www.mvps.org/winhelp2002/hostsfaq.htm Note: the “text” version makes a great resourcefor determining possible culprits … (565 kb)http://www.mvps.org/winhelp2002/hosts.txt Sign up for HOSTS file update noticeshttp://www.mvps.org/winhelp2002/hosts.htm#contribute

ValueClick turns to the Dark Side

Following up on my previous post, I found a post that better describes the damage that Trojan.Zlob.N does. Sometimes the (boring) technical descriptions do not quite convey what really occurs. I recently had a worm/virus attack that took control of IE6 and inserted a tool bar called ‘Security Toolbar’ that takes you to the above […]

ValueClick involved with Trojan.Zlob.N

Following up on a recent Symantec security article Trojan.Zlob.N … notice that several of the posted images show one or more programs from the WinFixer group. Of particular interest is the following: The Trojan will then connect to the following Web site and attempt to download other potentially malicious files: lbgate(dot)com Ok, so I venture […]

Google warns 10 percent of sites are dangerous

Recently Google released a report that states 10% of sites are dangerous … ouch! [pdf here] Let’s take a look at one of these and see what we find … browsing to bestfamilysex(dot)info Now let’s see what’s behind the warning … oh my! there are several IFrame Exploits (highlighted in red)Note: the Result entries listed […]

Who is behind all these Codec sites?

While investigating yet another Trojan.Zlob codec site passtosites(dot)net … it makes you wonder what is behind all these sites as they seem to appear and disappear as fast as I can add them to the HOSTS file. Previously I had mentioned Videoscash as one culprit, (they offer $0.44 per install) and now I see AviCash have […]