Archive for March, 2008

Spamdexing and another YouTube look-alike

A little background … I have this blog set to “Approve” most content that is added via the “Comments” link. Now I usually get a few Spam entries that I simply ignore … but this one caught my eye and I thought I’d follow the link posted to see where it went … Notice the content […]

Watch out for the coordinated attack

 Landing on the following site not only get you a Codec/Zlob prompt, but my AV (NOD32 v3) jumps up and announces there is also an IFrame attack (JS/TrojanDownloader.Psyme.AAW) from several sites … Although unusual for several exploits to be on the same (Codec) site … it’s nothing new … as you can see below you […]

Follow-up on Comodo and XpAntivirus2008

The other day I reported that Comodo had revoked all certificates issued to WinFixer/SetupAHost … as you can see below this is the report IE displays when the error occurs … kudos to Comodo! … Sandi has another example here Now to follow-up on XpAntivirus2008 that I wrote about … looks like they have been […]

Comodo kicks SetupAHost to the curb

Good news gang … I was informed by Comodo that they have revoked all certificates issues to the WinFixer/SetUpAHost … I know it’s only a small victory but it causes them to look elsewhere, and I’m sure it won’t take them long to establish another bogus setup … In other related news … remember how […]

Beware of YouTube look-alikes

Following up on an email tip from John who states “while reading comments on i came across this site“Well sure enough it looks like Digg is the latest recipient of malicious Spamdexing … Although the text states “Real video on YouTube” … look closely at the link … which is not YouTube but clearly […]

Another new Codec site

Following up on a email tip from Kathi H … we land on the following … “Your Player is inactive” ??? what in the world kind of message is that? … surely you can think up a better one than that … As you can see there are several culprits involved … the download is […]

Another WinFixer clone using Comodo

Landing on the below site the visitor is presented with yet another fake scan from a known Rogue product …Symantec describes this as “The program reports false or exaggerated system security threats on the computer“   When I clicked the link to [sic] purchase the product … as you can see this is another “WinFixer/SetupAHost” […]

MVPS HOSTS File Update [MAR-09-2008]

The MVPS HOSTS file was recently updated [MAR-09-2008] Download: (151 kb) How To: Download and Extract the HOSTS file HOSTS File – Frequently Asked Questions Note: the “text” version makes a great resource for determining possible culprits … (661 kb) Sign up for HOSTS file update notices

ZDNet Asia and TorrentReactor Compromised

Looks like both sites have been compromised by a malicious IFrame … [details here] what happens is you get redirected to yet another Rogue Antispyware (xpantivirus2008) Naturally these are bogus results since no scan really occured … however this is a new avenue of attack and hopefully these compromised sites will get things cleaned up […]