Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

SWF for malware deployment

October 31st 2008

Mea culpa: Marian is apparently male, not female. Marian Radu of the Microsoft Malware Protection Center has written about SWF being used for malware.  She He states: “What I found out is that, excluding flash exploits, SWFs are mainly used as redirectors“ Yep, we know this … that is why Flash is “the Typhoid Mary […]

Read On Comments Off

ALERT: please treat all content from metrixlab-tds.com with extreme caution

October 30th 2008

Courtesy of Kimberley URLs used to facilitate the hijacking: bannersrotator.com/fx22010/click.phpstl.0ups.com/stl/in.cgi?24& Note that different SWF files are served to the potential victim, depending on the version of Flash being used… I’ll also emphasise that the malicious domain is not associated with the legitimate company Metrixlab at www.metrixlab.com. AND, guess who is the ICANN Registrar…. DIRECTI. I […]

Read On Comments Off

Serg Moon hides a little more….

October 30th 2008

This time we see that he is tweaking the WHOIS for traveltray.com and workhomecenter.com.     To recap, so far he has tweaked mydwnld.info, matchservice.com, supportsvc.com, getfreecar.com and veritylimited.com in recent times:

Read On Comments Off

Estdomains termination stayed: I knew this would happen :(

October 29th 2008

Details here:http://www.icann.org/en/announcements/announcement-2-29oct08-en.htm “On 28 October 2008, ICANN sent a notice of termination to EstDomains http://www.icann.org/correspondence/burnette-to-tsastsin-28oct08-en.pdf [PDF, 76K]. Based on an Estonian Court record, ICANN has reason to believe that the president of EstDomains, Vladimir Tsastsin, was convicted of credit card fraud, money laundering and document forgery on 6 February 2008. Pursuant to Section 5.3 of […]

Read On Comments Off

Request For Information: ICANN Seeks Expressions of Interest from Registrars to Receive Bulk Transfer of Names from De-Accredited Registrar EstDomains

October 29th 2008

Announcement here:http://www.icann.org/en/announcements/announcement-2-28oct08-en.htm “As the result of the de-accreditation of EstDomains, Inc. (IANA ID 832), ICANN is seeking Statements of Interest from ICANN-accredited registrars that are interested in assuming sponsorship of the gTLD names that had been managed by EstDomains. EstDomains managed approximately 280,000 gTLD registrations, including registrations in the biz, com, info, mobi, net, and […]

Read On 1 Comment

Estdomains is to be terminated by ICANN – effective 12 November 2008

October 29th 2008

  Well, now we know why EstDomains was posting to NANOG, and issuing press releases. Its not very often that I say that you could knock me over with a feather, but, you could knock me over with a feather. The RBN blog is the first place I saw the news (edit: it looks like […]

Read On Comments Off

Windows 7 Preview Video

October 27th 2008

For those of you who may be interested: http://www.microsoft.com/downloads/details.aspx?familyid=26996ced-888d-4892-b1be-5141da8272bd&displaylang=en&tm   Note: only available for download via systems that pass Windows Genuine Validation

Read On Comments Off

MS08-067 and NT Servers

October 25th 2008

Quote from the Patch Management Mailing List: “Microsoft has created patches for NT4 Workstation, NT4 Server, and NT4 Terminal Server, however, these patches are only available to folks who have purchased an NT4 Custom Support Agreement from Microsoft.“ There is a FAQ on the Securiteam blog, but at time of writing it doesn’t mention anything […]

Read On Comments Off

Vista x64 and Internet Explorer

October 24th 2008

I received this email today: “I bought a 64 bit HP PC with Vista Home Premium and ie7 installed. When I was at a website to view something today it said I needed an Adobe plugin and directed me to Adobe. But Adobe said it did not have a 64 bit version and to use […]

Read On Comments Off

MS08-067 is being actively exploited…

October 23rd 2008

Here is just one example:http://vil.mcafeesecurity.com/vil/content/v_152898.htm Threatexploit blog:http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html You’re patching, yes? Watch out for crashes affecting svchost.exe and netapi32.dll. ISC have raised their threat level to Yellow. There are two more webcasts set up: For the Thursday, 10/23/08, 5:00 PM Webcast, customers can register at:http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032394183&Culture=en-US For the Friday, 10/24/08, 11:00 AM Webcast, customers can register at:http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032394179&Culture=en-US […]

Read On Comments Off