Spyware Sucks
Just another Microsoft MVPs site

More information about the Curves SWF

February 29th 2008

Well, I said I would get in touch with Doubleclick – their response was interesting – I quote: “it’s to confuse people… look you get the same results: openadstream.net/ad0.php?url=http://www.google.com/click/nxtgcbb80290000125ave/direct/wi/ai&key=V24567233828272323&c=127500043 openadstream.net/ad0.php?url=http://www.microsoft.com/click/nxtgcbb80290000125ave/direct/wi/ai&key=V24567233828272323&c=127500043″ The original URL I provided was: openadstream.net/ad0.php?url=http://ad.doubleclick.net/click/nxtgcbb80290000125ave/direct/wi/ai&key=V24567233828272323&c=127500043 Each of those URL renders the same result – a plain white white page with the text “stats=917174773″ […]

Read On No Comments

What the heck???

February 29th 2008

I received this email today via my Spyware Sucks “Contact Me” link: “At least a have a problem that i find no pleasent, i think it comes from your url, a receyve continusely messages that my pc is infected by viruses or spam.  I ask you for  all of your possibilitys no more sending those […]

Read On 12 Comments

Oxfam impersonated by Errorsafe pimps

February 29th 2008

Oxfam does fantastic work – in fact several people received “Oxfam Unwrapped” gift cards from me for Christmas (donations on their behalf) – and it makes me FURIOUS to see Oxfam’s good name taken advantage of, and a malicious advertisement featuring their name used as a conduit to fraudware. I received a sample SWF today, […]

Read On 1 Comment

A closer look at the Curves SWF

February 29th 2008

Interesting.  “openadstream.net/ad0.php?url=http://ad.doubleclick.net/click/nxtgcbb80290000125ave/direct/wi/ai&key=V24567233828272323&c=127500043″“iexplorer-security.org/?id=463400043″ iexplorer-security.org has hidden some information behind Privacy Protect, but we can find out some things. First, iexplorer-security.org is hosted by Masterhost in Russia.  Second, its nameservers are provided by the infamous eshosst.com (aka estdomains) - the list of malicious/fraudulent domains associated with Estdomains is staggering. I’ll need to get in touch with Doubleclick about their […]

Read On No Comments

Firstchoice comments on malicious banner advertisements…

February 28th 2008

Just like Skyauction, Emusic and QPAD before them, Firstchoice have advised that they have nothing to do with the malicious advertisements featuring their company. I quote the contents of an email from Firstchoice to the web site that supplied the copy of the malicious advertisement from Forceup to me for analysis: “1. Our site [is] […]

Read On 2 Comments

New malicious SWF featuring "Curves"

February 28th 2008

More later… I’m out of office at the moment and don’t have access to my normal toolset. Screenshot: Online analysis of SWF:http://www.adopstools.net/index.asp?page=quicklink&id=2526I2UFLC7Ri029 

Read On 1 Comment

Forceup.com – here is more information about the malicious Firstchoice advertisement

February 27th 2008

The SWF has been analysed.  We find this URL in the code:quinquecahue.com/statsa.php?u=1202136191&campaign=oseximious  The allowed countries for this particular malicious campaign are ZA, US and UK Banned IPs:  209.160.0.0-209.160.255.255 Hop One Internet Corporation196.36.0.0-196.36.255.255 (Internet Solutions (Pty) Ltd (South Africa) Banned cities: Johannesburg, Tukwila Kudos to Kimberley for decrypting the SWF contents.  

Read On 1 Comment
Read On 2 Comments

Pakistan hijacks YouTube…

February 25th 2008

Those of you with a technical mindset may find this explanation about what happened, and the timeline, informative:http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube.shtml Some chatter at NANOG (with a few glimmers of paranoia to add spice):http://www.merit.edu/mail.archives/nanog/threads.html#06347  

Read On No Comments

Google and Feedburner versus Extended Validation Certificates – and "this page contains both secure and non-secure items" errors

February 24th 2008

Well, the EV problem experienced at Tim Callan’s blog has been fixed – by removing Google Analytics and Feedburner tracking code from the page.  I should point out that Google’s code was removed LAST, therefore it is possible that Feedburner may be blameless – we won’t know for sure unless the site is tested with […]

Read On 4 Comments