Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Dynamoo finds malvertizing at ebuddy.com

January 18th 2010

    Cite: http://www.dynamoo.com/blog/2010/01/zoombannercom-yieldmanager.html   The domain cited by Dynamoo as the end of the legitimate chain, zoombanner.com, is worth a closer look.  It may be registered to “Domain Owner” (trafficbuyer.@gmail.com) of 15156 SW 5th of Scottsdale, Arizona *now*, but it used to be registered to a name with a far older, nefarious, history – […]

Read On Comments Off

bootcampmedia – some problems have been cleaned up, but others continue

January 14th 2010

Cite: http://www.dynamoo.com/blog/2010/01/more-malvertisment-domains.html   Dynamoo noticed that bonnapet.com is not resolving at the moment   Check out the Host names sharing ip (217.20.114.40) with a-records – what do you think the chances are that any of those sites are legitimate? *.p2doctors.com *.p2drugstore.com *.p2eudrugs.com *.p2menhealth.com *.p2peoplehealth.com *.p2pharmacy.com *.p2ultram.com *.p2usadrugs.com *.p2usapills.com *.p2versus.com *.p2womanhealth.com *.p2yourpills.com ad115.unix-server.com mail.bonnapet.com mail.fairhyip.com ns1.bonnapet.com […]

Read On Comments Off

Attack of the psycho server

January 13th 2010

  Hmm, it seems that my mail server has learned a foreign language – that or it is swearing at me ;o) Ok, so what’s the diagnosable problem?  0x800CCC6C SMTP_452_NO_SYSTEM_STORAGE No space to store >sigh<  I blame the IMAP accounts.  

Read On Comments Off

Malvertizing at boingboing.net

January 13th 2010

Original source: Dynamoo http://www.dynamoo.com/blog/2010/01/boingboingnet-bootcampmediacom-ad-leads.html We have seen problems at bootcampmedia for a LONG time (at least a year) – Jamie Dalgetty needs to start cleaning up bootcampmedia. Historical evidence: http://www.google.com/cse?cx=007665253733268001951:qtjb7x6vodw&ie=UTF-8&q=bootcampmedia&sa=Search&siteurl=www.google.com/cse/home%3Fcx%3D007665253733268001951:qtjb7x6vodw   Now, I’ve been able to reproduce Dynamoo’s findings, but I saw a different advertisement (I’m sure I’ve seen that fake craigslist advert before), and […]

Read On 3 Comments

An excellent improvement to Adobe Reader security

January 12th 2010

The most important piece of advice that is generally given to users of Adobe Reader to protect them from malicious exploits in PDF documents is to disable JavaScript, but it has always been an “all or nothing” situation – the chances that somebody would heed our advice, disable JavaScript, only to need to turn it […]

Read On Comments Off

softwarespam.net and stablemates

January 12th 2010

A friend was hit by a redirect to softwarespam.net when she clicked on a Google search result for timesheets compatible with MYOB – the site exhibited classic scareware/fraudware behavior.   Domain details: softwarespam.net ICANN Registrar: Key-Systems GMBH Created: 21 December 2009 IP: 93.190.140.165 – Netherlands, Wordstream Shares IP with softwareanti.com, softwarejar.com, softwarerising.com, softwaresecure.net, softwarespyware.net, softwarethe.net, […]

Read On Comments Off

“GodMode”?

January 5th 2010

  There is some “excitement” over at CNET, thanks to an article about the so-called “GodMode” published by Ina Fried: http://news.cnet.com/8301-13860_3-10423985-56.html Ina Fried says that “Windows enthusiasts are excited over the discovery” (well, this one isn’t, thank you).  Putting aside the fact that the information has actually been around since 2008 or so (sorry Ina), […]

Read On Comments Off

Alert: please treat these domains with extreme caution

January 2nd 2010

Originally spotted via this blog entry (you’ll see SpywareSucks cited in the comments). Putting aside the fact that the author of the blog is completely wrong to claim that Google was blocking biggovernment.com because of “bad publicity”, we can be grateful that the author has brought some malvertizing domains to our attention. Ironically, redstate.com has […]

Read On Comments Off