Archive for November, 2007

Another bogus movie player site

As you can see below this site is designed to look like a “click to play” movie site … however in this case no movie is ever played. Instead after several redirects the visitor is prompted with the fake ActiveX prompt … Notice how both images imitate a video player … folks don’t fall for […]

What’s in your holiday/family incident response toolkit

The folks over at The SANS™ Institute have an excellant article on “what’s in your toolkit”It’s nice to see the MVPS HOSTS file is included … Personally I like to load my tools on several USB sticks, as this prevents having to use the Internet to download any needed utilities until the machine is cleaned […]

MVPS HOSTS File Update 11-19-07

The MVPS HOSTS file was recently updated [11-19-07]http://www.mvps.org/winhelp2002/hosts.htm Download: hosts.zip (144 kb)http://www.mvps.org/winhelp2002/hosts.zip How To: Download and Extract the HOSTS filehttp://www.mvps.org/winhelp2002/hosts2.htm HOSTS File – Frequently Asked Questionshttp://www.mvps.org/winhelp2002/hostsfaq.htm Note: the “text” version makes a great resource for determining possible culprits … (631 kb)http://www.mvps.org/winhelp2002/hosts.txt Sign up for HOSTS file update noticeshttp://www.mvps.org/winhelp2002/updates.htm

Bogus Flash Player prompt

 Landing on the below site the visitor is presented with the following bogus Flash Player prompt … While this is a new face on an old trick (bogus ActiveX prompts) it results in the same type infection – Trojan.ZlobClicking any of the above button traps the visitor with no way out … however you can […]

Symantec detects suspicious entries in the MVPS HOSTS file

Well here we go again … another security program with a poorly written detection … seems Symantec added a new update SecurityRisk.URLRedir which they describe as “detection for suspicious entries added to the hosts file“ The following entries are (falsely) detected as suspicious: dl.jiangmin.comads.mcafee.comdirectads.mcafee.comsdc.mcafee.comsdc.ca.comsdc.mcafee.comwdcs.trendmicro.comom.symantec.comtc.symantec.com Looks like they are detecting anything related to a Antivirus program […]

DoubleClick serves up DoubleSpeak

eWeek has an article “DoubleClick Serves Up Vast Malware Blitz” which describes problems with DoubleClick serving up malicious content related to none other than the WinFixer Group … however a few of (DoubleClick) their comments struck me as nothing more than doublespeak … “DoubleClick officials told eWEEK that they have recently implemented a security monitoring […]

Bogus Video Player Error

Landing on “pornflash(dot)tv” the viewer will see the following bogus error … Simply visiting this page with olders Windows versions you will get whacked automatically from “zerocodec(dot)com” which is detected as another varient of Trojan.Win32.DNSChanger. Matter of fact “zerocodec(dot)com” is registered to the same person, (although the Whois info is most likely bogus also) as in […]

A new approach from the Codec gang

Landing on the following site you’ll see the (bogus) message … “may require special application to run” … yeah right! Scanning at VirusTotal: Result: 10/32 (31.25%) = Trojan.Win32.DNSChanger.qb … sadly this is better than usual … vivacodec is hosted at Cernel, which hosts about 90% of the codec sites.

MVPS HOSTS File Update 11-01-07

The MVPS HOSTS file was recently updated [11-01-07]http://www.mvps.org/winhelp2002/hosts.htm Download: hosts.zip (144 kb)http://www.mvps.org/winhelp2002/hosts.zip How To: Download and Extract the HOSTS filehttp://www.mvps.org/winhelp2002/hosts2.htm HOSTS File – Frequently Asked Questionshttp://www.mvps.org/winhelp2002/hostsfaq.htm Note: the “text” version makes a great resource for determining possible culprits … (629 kb)http://www.mvps.org/winhelp2002/hosts.txt Sign up for HOSTS file update noticeshttp://www.mvps.org/winhelp2002/updates.htm