Spyware Sucks
Just another Microsoft MVPs site

ALERT: malicious content (including malware via security exploit) seen via MySpace chat

December 31st 2008

Kimberley reports on the incident. Userplane is a wholly owned subsidiary of AOL (yes, I have written to my contacts there), and Kimberley is getting in touch with the appropriate people at MySpace to try and get this shut down ASAP.   Some important notes for the curious. The advertisement itself is a simple JPEG […]

Read On 2 Comments

Is the John Sands web site cleaned up?

December 30th 2008

No. Am I surprised? No. Why haven’t they fixed the problem yet? You tell me and we’ll both know.  Maybe they *like* the fact that all of the links on their Products page are broken.  The fact that the malicious URL is not working is no excuse. According to the John Sands web site, the […]

Read On No Comments

Maybe the people responsible for the John Sands web site will finally do something about the web site’s vulnerabilities

December 28th 2008

It is all over the popular press – Websense have announced that they have found malicious script on the John Sands web site:http://securitylabs.websense.com/content/Alerts/3268.aspx I can only hope that WebSense, and all of the negative press that their announcement has triggered, will finally get John Sands to clean up their act and fix the problems with […]

Read On No Comments

koeppelinteractive.co.uk suspended

December 28th 2008

Back on 17 December 2008 I wrote about malvertizements being distributed by criminals impersonating the legitimate Koeppel Interactive (the legitimate site being koeppelinteractive.com). The fake site, koeppelinteractive.co.uk, is now inaccessible; its name servers have been changed to “ns1.suspended-domain.com” and “ns2.suspended-domain.com”. Koeppelinteractive.com have added an alert to their site warning about the impersonation. For what its […]

Read On No Comments

ALERT: malvertizement featuring Talbots

December 18th 2008

     Adopstools results:http://www.adopstools.net/index.asp?page=quicklink&id=RC567srdR4afU35z   The malicious ad hits two URLs: freegreenstats.com/c/index.php?id=<<snipped>> (79.135.187.95) and statisticsmanager.com/?cmpid=<<snipped>>  (76.74.249.30) cookie dropped for adnetserver.com From statisticsmanager.com we are redirected to: onlinestatsmanager.com/ts/in.cgi?<<snipped>> (76.74.249.9) to: scan.freescanner-proas2009.com/<<snipped>> (78.26.179.130)  <– Directi registered domain The Installer is downloaded from: files.pro-antispyware-dl.com/load/<<snipped>>.exe <— Directi registered domain   Comment: I am beginning to wonder why it is […]

Read On No Comments

Developments in the FTC versus Innovative Marketing et al lawsuit

December 18th 2008

Well well, people have been busy. Various documents were filed on the 17th, including: Entry of Appearance on behalf of Mark D’Souza by Counsel Russell D Duncan of Orrick, Herrington & Sutcliffe Entry of Appearance on behalf of Sam Jain by Counsel Edward Wisneski of Patton Boggs A joint Response to Order to Show Cause […]

Read On 6 Comments

Developments in the FTC v Innovative Marketing et al lawsuit

December 17th 2008

  “We sometimes forget that Justice wields a sword…” My regular readers will recall that the temporary restraining order won by the FTC expired on 12 December 2008 at 6.15pm, and that each individual, corporate and relief defendant was ordered to appear before the Court at 3.30pm on that same day to show due cause […]

Read On 2 Comments

ALERT: Koeppel Interactive being impersonated?

December 16th 2008

It has come to my attention that malvertizements are being sold to web sites by people using the domain koeppelinteractive.co.uk.  I’ll quote a representative of the site who was stung by somebody representing koeppelinteractive.co.uk  – they were sold malvertizements that immediately started hijacking visitors, redirecting them to fraudware sites via livestream-tds.com.  The victim says: “It […]

Read On No Comments

ALERT: Out of band security patch to be released tomorrow, 17 December at 10.00am Pacific time

December 16th 2008

Announcement here:http://blogs.technet.com/msrc/archive/2008/12/16/advance-notification-for-december-2008-out-of-band-release.aspx The patch resolves the actively exploited vulnerability that has been in the press so much in recent days, and which is the subject of this Security Advisory:http://www.microsoft.com/technet/security/advisory/961051.mspx

Read On No Comments

A quick observation regarding getmosales.com

December 16th 2008

getmosales.com stood out in my last post, because it was the only domain listed in that report to have been moved behind a WHOIS privacy protection service. A quick search for the domain using various search engines reveals that the site used to have the following text: “SoftwareProfit – affiliate software application. Earn money with […]

Read On No Comments