Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Neowin.net announces a new version of Spybot Search & Destroy, but…..

June 29th 2008

Neowin says: “Spybot – Search & Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. Spyware silently tracks your surfing behavior to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies. If you see new […]

Read On Comments Off

Report: Malvertizements that have been circulating

June 28th 2008

XM Radio Exposed domain: aboutstat.net   XM Radio again     Exposed domains: waytotheprofit.com/?cmpid=weannalist and officialstat.com/c/index.php, both of which are known malvertizement domains. waytotheprofit.com/?cmpid=weannalist leads us to an adverdaemon.com URL which then leads on to diskretter.com.   adverdaemon.com is hosted by PEER1, with name servers supplied by none other than securehost in the Bahamas.  Lots […]

Read On Comments Off

Report: Malvertizements that are currently circulating

June 28th 2008

perfectmatch.com   Domains exposed: profitabill.com/?cmpid=cancrineso stat-diagnostic-imaging.net/c/index.php   profitabill.com Hosted by Plusserver, Germany.  Administrative contact is the infamous Serg Moon – WHOIS details are, of course, unhelpful. Note: WHOIS notes that registration services are provided by NameCheap.com, which shares IP indirectly via cnames with davidrohlf.com, georgerohlf.com, kristinerohlf.com and therohlfs.com. Registar is the well known Enom, Inc […]

Read On Comments Off

Report: Malvertizements that are currently circulating

June 28th 2008

First Choice in French (we have seen malvertizements featuring First Choice before – eg: this one in English) This malvertizement exposes a domain to us, waytotheprofit.com/?cmpid=atrecreant and click.adlbrite.com.  adlbrite.com is hosted by nine.ch in Switzerland (yes, the same nine.ch that has hosted domains used by malvertizements in the past). click.adlbrite.com is also sharing name servers […]

Read On Comments Off

OSX.Trojan.PokerStealer Trojan Horse

June 23rd 2008

Information courtesy of Intego, a company specializing in security products for the Mac. Intego has released a security memo describing a trojan horse for the Mac – a poker game that, when run, harvests the username, password and IP address of the victim and transmits it to a server, as well as enabling ssh on […]

Read On Comments Off

Off topic: there is nothing like starting the day with a laugh …

June 23rd 2008

:o) Source: http://ars.userfriendly.org/cartoons/?id=20080623

Read On 1 Comment

Microsoft Security Intelligence Report (July through December 2007) – Key Findings Summary (Australia, Canada, Germany, Japan, Netherlands and Norway)

June 22nd 2008

Downloadable here:http://www.microsoft.com/downloads/details.aspx?familyid=671355c2-4002-4671-8619-95c96c8a897f&displaylang=en&tm The worldwide average was malware removal from 1 out of every 123 Windows-based computers in the second half of 2007. Summary – Australia During each month in the second half of 2007, the Microsoft Malicious Software Removal Tool (MSRT), on average, removed malware from 1 out of every 204 Windows-based computers it was executed […]

Read On Comments Off

New malvertizement featuring gifttree.com

June 20th 2008

I have received a copy of a new malvertizement featuring gifttree.com. Analysis reveals two malicious URLs, being: waytotheprofit.com/?cmpid=itlocationstation-appraisals.com/c/index.php? The waytotheprofit.com URL leads us to an adnetserver.com URL which in turns leads us to a german language fraudware site, being diskretter.com (which, by the way, shares IP with A-records and mail servers with several domains including […]

Read On Comments Off

ALERT: Spyware Sucks may go offline for a few days

June 16th 2008

Details here:http://msmvps.com/blogs/bradley/archive/2008/06/16/houston-we-have-a-problem.aspx Update: We’ll be offline until as late as Friday:http://msmvps.com/blogs/bradley/archive/2008/06/16/offline-for-a-couple-of-days.aspx  

Read On Comments Off

Sandi joins Truste

June 13th 2008

I am pleased to announce that I have joined Truste as an Online Compliance Researcher.  The Press Release is here:http://www.truste.org/about/press_release/06_12_08.php I am very excited about this new opportunity.  It has always been my dream to be able to focus all of my energies on studying, and tracking down the distributors of, spyware and malware and […]

Read On 8 Comments