Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Waiting for an Apple lawsuit….

September 27th 2009

  … or maybe a lawsuit by the makers of “iSnack Cyber Chips” or the “iSnack Energy Bar”. Yes, Kraft really did choose to name their new Vegemite “iSnack 2.0”.  The name was “invented” (and I use that term very loosely) by Dean Robbins, a 27 year old West Australian and graphic and web designer. […]

Read On Comments Off

ALERT: Please treat content from extrabanner.com with extreme caution

September 20th 2009

  Regular readers will recognize the domains t.banner09092.com and blackwater-cuprumworks.net – they were the domains used to attempt infection of computers via various security exploits: http://msmvps.com/blogs/spywaresucks/archive/2009/09/12/1722754.aspx Luckily, the domain blackwater-cuprumworks.net is not responding at the moment. extrabanner.com ICANN Registrar: Godaddy.com, Inc Created 30 July 2009 NS47.DOMAINCONTROL.COM NS48.DOMAINCONTROL.COM IP: – Arizona, Scottsdale, Godaddy.com, Inc (shares […]

Read On Comments Off

Added to the “the Victorian Police are looking for WHAT???” file

September 17th 2009

  “SOS issued for original ABBA jumpsuit VICTORIA Police have issued an SOS to help find a white jumpsuit originally worn by ABBA songstress Agnetha Faltskog. The jumpsuit, which Agnetha is pictured wearing on the cover of the Swedish pop group’s fourth album, Arrival, is believed to have been taken from a Melbourne house and […]

Read On Comments Off

Ponderings about the New York Times malvertizing incident

September 15th 2009

It has been all over the popular press – the New York Times web site had been tricked into accepting a malvertizement that was hijacking some visitors to that site and dumping them at a web site touting fake security software.  And, in a move that is kind of unusual, the New York Times web […]

Read On Comments Off

ALERT: Please treat content from trendbanner.com with extreme caution

September 12th 2009

  It has been implicated in the facilitation of malvertizing that attempts to infect computers via PDF exploit The way it works is as follows: ad.trendbanner.com uses document.write to load the JS content at banner.pushbanner769.info banner.pushbanner769.info displays an advertisement, but also loads content from content from t.banner08092.com. t.banner08092.com simply redirects to blackwater-cuprumworks.net blackwater-cuprumworks.net includes a […]

Read On Comments Off

Alert: please treat content from kennedales.com with extreme caution

September 10th 2009

I have received information that kennedales.com has been implicated in a malvertizing incident.  I noted in my last blog post that kennedales.com shares IP address with two other domains that have already been caught facilitating malvertizing but at that time had not received intelligence indicating that kennedales.com was also involved. Now we know that it […]

Read On Comments Off

Another two bad domains: newadsresults.com and waveadvert.com

September 9th 2009

Seen distributing malvertizing at starnewsonline.com: http://forums.starnewsonline.com/eve/forums/a/tpc/f/6431032365/m/7121097019/r/9841029019 And collegehumor.com: http://www.facebook.co.za/CollegeHumor And tigerdroppings.com: http://www.tigerdroppings.com/rant/messagetopic.asp?p=14780012&pg=1 And basilmarket.com (page doesn’t load, but you can find it in Google cache): http://www.basilmarket.com/forum/1184277/2   newadsresults.com ICANN Registrar: BIZCN.COM, INC. Created 21 July 2009 NS1.EVERYDNS.NET NS2.EVERYDNS.NET IP: (Luxembourg, Root Esolutions) Shares IP with two other domains, kennedales.com and waveadvert.com Registrant: RJ Rita […]

Read On 2 Comments

ALERT: The gogomediacenter.com incidents continue

September 6th 2009

    I have a few more domains for you… mediadison.com ICANN Registrar: BIZCN.COM, INC Created 6 July 2009 IP:, Luxembourg, Root Esolutions Sharing IP with the following domains, all of which should be treated with extreme caution: 2ez4clicks.com, denrifiox.com, monsteradhost.com, newage-advertising.com, profitgainerz.com, ranparetc.com, s7atwola.com, scheuvronts.com, smartadvertisment.net, westernadrix.com Registrant: Solaris Co Jack Thompson (jthompson@yahoo.com) […]

Read On Comments Off

What can I say … but…

September 6th 2009

Ouch.  I haven’t seen a mess this bad since IE7 first came out in beta… (yes, IE8’s Compatibility View fixes the display issues).

Read On Comments Off

ALERT: Please treat the domains gogomediacenter.com, sys17media.com and praharesorts.cn with extreme caution

September 4th 2009

It is very interesting to watch the modus operandi that the bad guys are using change. This malvertizement was NOT seen on a web page; rather it was being displayed by an advertising supported freeware application. The trouble starts when an ad.yieldmanager.com GET retrieves content, in an iframe, from the domain "gogomediacenter.com".  The content served […]

Read On Comments Off