Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Out of band security update to be released on August 2

July 30th 2010

Details here: http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx “This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on August 2, 2010. The bulletin addresses a security vulnerability in all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, that is currently being […]

Read On Comments Off

ALERT: Please treat content from aegadvancedmedia.com with extreme caution

July 29th 2010

Nokia Theatre L.A. Live (nokiatheatrelalive.com) is serving exploits via aegadvancedmedia.com Historical badness at aegadvancedmedia.com (btw, homedepotcenter.com is still serving exploits – stay away from there too): http://www.google.com/safebrowsing/diagnostic?site=aegadvancedmedia.com   Malicious content (note the 1×1 iframe):     Analysis of content from the IP address 85.234.190.13: http://wepawet.cs.ucsb.edu/view.php?hash=63e7a8a467205c6c2d6c078de506b30c&t=1280392935&type=js Historical badness at 85.234.190.13: http://www.google.com/safebrowsing/diagnostic?site=85.234.190.13 Other bad stuff in the […]

Read On Comments Off

ALERT: Please treat content from Ad-Amazing.com and associated domains with extreme caution

July 24th 2010

We already know about the comment posted to my blog about adamazing.com – now we can add ad-amazing.com (notice the added hypen) to the list. ad-amazing.com have been caught distributing tags that spoof legitimate companies in a way similar to that described in this article about subdomains. The ad-amazing.com representative supplied the following references to […]

Read On Comments Off

ALERT: Please treat content from adamazing.com with extreme caution

July 19th 2010

Brought to light via a comment on this blog. adamazing.com ICANN Registrar: Nameking.com Created 19 April 2010 Current IP: 208.73.210.28 Registrant: "Oversee Research and Development, LLC" (admin@overseedomainmanagement.com) Domain is currently "parked", but previously was hosted at IP 69.64.155.14 (Enom Incorporated). A cached copy of adamazing.com contains code that eventually leads us to this URL – […]

Read On Comments Off

Malvertizing at Tweetmeme (again)

July 15th 2010

  You may recall that Wayne Small of SBSFAQ contacted me to warn that there was malvertizing at tweetmeme back in December 2009 – well, tweetmeme have a problem again. This time I see no openx.  Instead, we bounce from ads.tweetmeme.com to y5-media.com, to 173.244.173.133 to www3. luckfind42td.in to www2. guardhere5.in (thanks to Kimberley for […]

Read On 2 Comments

Innovative Marketing – slowly the old domains fall away

July 7th 2010

I still keep an eye on known Innovative Marketing pseudonyms; information continues to trickle in about domains that they have registered in the past. Old bad domains have been expiring, and sometimes the protection of services such as Moniker Privacy Services falls away. For example, on 24 May 2010 the domains tolerli.com and vollende.com lost […]

Read On 1 Comment

A quick update regarding James Reno

July 5th 2010

In what I can only describe as a display of optimism, Reno has hired an attorney and entered a plea of "not guilty" to all counts of the indictment filed by the Special March 2010 Grand Jury which charged him, Bjorn Daniel Sundin and Shaileshkumar P Jain (aka Sam Jain) with one count of computer […]

Read On Comments Off