Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

OK, this is NASTY!!!!

May 20th 2008 in Uncategorized

A fraudware web site that will *not* close.

I see this:

image

I try to close using Red X, I get this:

image

I try to close using the Red X, which has always been sufficient in the past.  In this case, the dialogue box goes away but the god-damned window is still open.

So, I go have to go to Task Manager and shut down the IE window process:

image

I shut down the correct iexplorer.exe process and the window is FINALLY gone,taking along with it other Windows that were open:

image

What URLs hosted a link that led to this nasty experience (that’s right, it wasn’t a malvertizement).   I’m not telling because it seriously is NASTY!

So, where is “antivirus-scanner.com” hosted?  At securehost (we are not surprised, are we).


5 comments to...
“OK, this is NASTY!!!!”

Doug Woodall

Ouch, I’d a been pissed if I was doing something important online when this happened.
So many ripoff site like this, sad.



Erik

Clicking on the red X in the dialog is equivalent to choosing Cancel, which, as the dialog clearly states, means you will stay on that page. Just press OK, ok?



sandi

@Erik,

Are you nuts?  By clicking on “OK” you are approving the installation of fraudware.  

Sandi



YahoooAnswers

I had that problem before. You need to get a powerful anti-virus software to scan and remove it. Also download Firefox and uninstall IE, trust me, it worked! If you still have that issue, contact me via email or at my website at <<removed>>



sandi

@YahooAnswers

1.  Firefox is of no protection.

2.  The fact that you think that is possible to “uninstall IE” indicates a lack of basic technical knowledge.  Web site removed from your post for that reason.


Ok, there are a lot of people out there who are upset at being overcharged and defrauded by bucksbill.com.  Just check out the comments here and here.
Unfortunately, people are also emailing me directly because they (mistakenly) believe that I and/or this blog are associated with the fraudsters.  For example, check out this email:
“I dont know […]

Previous Entry

A new style Dot Tunes advertisement:
The adopstools results are here:http://www.adopstools.net/index.asp?page=quicklink&id=r60Siyiw02bZgpaa 
When the SWF is displayed on a system it hits the following URLs:
traveltray.com/crossdomain.xml
and
traveltray.com/stats.php?u={{removed}}&campaign=ofdidactic
The cross domain policy is “allow-access-from domain=”*” ” – in other words, there are no domain restrictions.  This document will help you understand the implications of such an open cross domain policy:http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html
     

Next Entry