Archive for September, 2008

Bogus Adobe Flash Player extension

Landing on the following, the visitor is presented with several click-able adult images … that once clicked results in the bogus Adobe Flash Player prompt … Naturally there is no such thing as a “HD H.264 Extension” … however still some people fall for these bogus prompts.The download “AdobeFlashPlayerExt.exe” is detected as: Trojan.Win32.Obfuscated.gx [VirusTotal results] […]

MVPS HOSTS File Update September-23-2008

The MVPS HOSTS file was recently updated [September-23-2008]http://www.mvps.org/winhelp2002/hosts.htm Download: hosts.zip (142 kb)http://www.mvps.org/winhelp2002/hosts.zip How To: Download and Extract the HOSTS filehttp://www.mvps.org/winhelp2002/hosts2.htm HOSTS File – Frequently Asked Questionshttp://www.mvps.org/winhelp2002/hostsfaq.htm Note: the “text” version makes a great resource for determining possible culprits … (604 kb)http://www.mvps.org/winhelp2002/hosts.txt Sign up for HOSTS file update noticeshttp://www.mvps.org/winhelp2002/updates.htm

A bogus MP3 Audio Codec prompt

Landing on the following site the visitor automatically sees a bogus prompt … not only that as you can see in the “Information Bar” a file was automatically downloaded. So users with older browser versions may find themselves infected without any interaction … “download-soft-free4all(dot)net” was only registered yesterday … and hosted at Noc4hosts Inc (Tampa […]

Klikdomains suspended

Just days after Security Fix exposed “Klikdomains” and the connection to “VIVIDS MEDIA GMBH” … the following sites were suspended: klikdomains.com – Status:SUSPENDED [whois info]Note: This Domain Name is Suspended. In this status the domain name is InActive and will not function. klikvipsearch.com – Status:SUSPENDED [whois info]kliksoftware.com – Status:SUSPENDED [whois info] However don’t be fooled […]

Directi and EstDomains continue to suspend thousands of malware sites

I have been keeping a close watch on the amount of suspended sites in the MVPS HOSTS file … rescanning everyday lately and removing the sites that no longer return a valid DNS … the number is huge yet again … Strangely enough not all of these domains are related to EstDomains … but who’s […]

Hundreds more malware domains suspended

As I reported the other day about the thousands of suspended domains … it appears that even more domains have been suspended. After I removed the huge list of previously suspended domains from the MVPS HOSTS file … I waited a day or two and rescanned the file to validate the entries. Much to my […]

More fallout on the suspended malware sites

Knujon News reports “Directi is now severing ties with Estdomains amid complaints that the Eastern European company makes it too easy to register sites that are used by spammers and scammers. “Just the reputation loss and the confusion because of these linkups has been more detrimental to us than the commercial gain from that one-off […]

Another fake Security prompt

Now this is one (bogus prompt) that you don’t see every day … check the page title … Naturally if you click the (made to look like a Microsoft Security prompt) “click here to get full real-time protection” … yeah right!The only thing you’ll get is a real-time infection … As you can see the […]

Yahoo hosting Fraudware on their servers

While tracking down several new fake Antispyware sites … I happened to notice the below are all hosted by Yahoo. # [Yahoo via various][68.180.128.0 - 68.180.255.255]68.180.151.16  antivirus-2008.org68.180.151.17  antivirus-2008-noadware.com #[Win32/Adware.PowerAntivirus]68.180.151.16  bestantivirus2009.com #[Win32/Adware.PowerAntivirus]68.180.151.18  officialantiviruslab.com #[Win32/Kryptik.E]68.180.151.18  onlineantivirus2009.com #[Win32/Kryptik.E] VirusTotal result for the download from “antivirus-2008.org” [here]MY AV (NOD32 v3) detects the downloads from the other sites as either […]

InterCage suspends thousands of malware related sites

Only a few days after an article in the Washington Post and a detailed report by HostExploit [PDF] [Video] they (InterCage) have suspended thousands of malware related sites. Which is good news … but it makes you wonder if these sites will simply be transfered elsewhere, or the criminals will just register thousands of new sites […]