Archive for June, 2007

Disney has some explaining to do

Following up on a tip from the Castlecops MIRT Team (Malware Incident Reporting and Termination) about a new entry for mcboo(dot)com. As you can see below this new entry is definately a nasty. Now what I find disturbing is that I decided to “Google” and see if there were any other new entries that I […]

When is a Image file not a Image file

When is a Image file not a Image file … when it is used to redirect the visitor to another often malicious site. You would think by now (Windows Vista) that Microsoft would have corrected this flaw, but I guess not … Look closely in the Result column at the “favicon.ico” entry above, notice the […]

SANS Warning – Active Banner Ads

Looks like my HOSTS file got a mention yesterday from SANS Internet Storm Center – warning about the evils of Active Banner Ads. Although I would disagree with the following: The innocent-looking ad contains javascript that re-directs the browser to a compromised bot, which in turn re-directs the browser to the final malware page.  Thus, a website […]

Beware of encoded URLs

I found a Forum spam post know as Spamdexing today that used a encoded URL (these are never good) … This one decodes to “xx-amateur-movies(dot)org” which then redirects to several other sites and as you can see below, the visitor ends up on a Trojan.Codec site. There are about 20 other sites related to this […]

A bogus Message Box Object Error

Landing on “sexempire(dot)biz” … a “Malicious.Links” site … the visitor is first presented with “scanner(dot)malwarealarm(dot)com” a Rogue Security Program. What’s worse is that any link clicked displays the following bogus message. Now no matter which button you click you are prompted to download a bogus ActiveX Object. freerealitympegs(dot)com then redirects to nmextensions(dot)com (already included in […]

Adware Class Action Lawsuit against ValueClick

This should be interesting if it goes forward … full story here (pdf) The suit alleges that defendants ValueClick, Inc., Commission Junction, Inc. and Be Free (collectively, “ValueClick”) have engaged in unfair business practices resulting in harm to affiliates and merchants on their affiliate networks. According to the complaints, ValueClick has failed to take reasonable […]

Local NYC New Organization Hacked

While browsing a new story via Google, landing on a news site (brooklyndowntownstar(dot)com) I discovered that their server has been hacked and several Javascripts have been injected. The javascripts decode to several Chinese registered sites, although several are no longer functioning. While I’m not sure their purpose, it looks like they are advertising related rather than […]

MVPS HOSTS File Update 06-14-07

The MVPS HOSTS file was recently updated [06-14-07] Download: (140 kb) How To: Download and Extract the HOSTS file HOSTS File – Frequently Asked Questions Note: the “text” version makes a great resourcefor determining possible culprits … (591 kb) Sign up for HOSTS file update notices

Zango/Hotbar after 1 Year

It was one year ago this week that Zango and Hotbar merged … so how are they doing? Zango (in blue) and Hotbar (in red) both seemed to have dropped in traffic flow quite a bit over the last year. Doesn’t look like things are going well … I guess someone at Zango must have […]

Bogus Media Software

Landing on “about-sexy(dot)com” or sadly about 40 other similar sites, the viewer is presented with yet another bogus message This redirects to “funcodec(dot)com” detected as: Trojan.Win32.DNSChanger.jb. Needless to say I spent quite a bit of time locating these culprits and adding them to the next HOSTS file update …