As you can see below this site is designed to look like a “click to play” movie site … however in this case no movie is ever played. Instead after several redirects the visitor is prompted with the fake ActiveX prompt … Notice how both images imitate a video player … folks don’t fall for […]
2 Comments »
Filed under: Uncategorized
The folks over at The SANS™ Institute have an excellant article on “what’s in your toolkit”It’s nice to see the MVPS HOSTS file is included … Personally I like to load my tools on several USB sticks, as this prevents having to use the Internet to download any needed utilities until the machine is cleaned […]
Comments Off on What’s in your holiday/family incident response toolkit
Filed under: Uncategorized
The MVPS HOSTS file was recently updated [11-19-07]http://www.mvps.org/winhelp2002/hosts.htm Download: hosts.zip (144 kb)http://www.mvps.org/winhelp2002/hosts.zip How To: Download and Extract the HOSTS filehttp://www.mvps.org/winhelp2002/hosts2.htm HOSTS File – Frequently Asked Questionshttp://www.mvps.org/winhelp2002/hostsfaq.htm Note: the “text” version makes a great resource for determining possible culprits … (631 kb)http://www.mvps.org/winhelp2002/hosts.txt Sign up for HOSTS file update noticeshttp://www.mvps.org/winhelp2002/updates.htm
Comments Off on MVPS HOSTS File Update 11-19-07
Filed under: Uncategorized
Landing on the below site the visitor is presented with the following bogus Flash Player prompt … While this is a new face on an old trick (bogus ActiveX prompts) it results in the same type infection – Trojan.ZlobClicking any of the above button traps the visitor with no way out … however you can […]
2 Comments »
Filed under: Uncategorized
Well here we go again … another security program with a poorly written detection … seems Symantec added a new update SecurityRisk.URLRedir which they describe as “detection for suspicious entries added to the hosts file“ The following entries are (falsely) detected as suspicious: dl.jiangmin.comads.mcafee.comdirectads.mcafee.comsdc.mcafee.comsdc.ca.comsdc.mcafee.comwdcs.trendmicro.comom.symantec.comtc.symantec.com Looks like they are detecting anything related to a Antivirus program […]
3 Comments »
Filed under: Uncategorized
eWeek has an article “DoubleClick Serves Up Vast Malware Blitz” which describes problems with DoubleClick serving up malicious content related to none other than the WinFixer Group … however a few of (DoubleClick) their comments struck me as nothing more than doublespeak … “DoubleClick officials told eWEEK that they have recently implemented a security monitoring […]
Comments Off on DoubleClick serves up DoubleSpeak
Filed under: Uncategorized
Landing on “pornflash(dot)tv” the viewer will see the following bogus error … Simply visiting this page with olders Windows versions you will get whacked automatically from “zerocodec(dot)com” which is detected as another varient of Trojan.Win32.DNSChanger. Matter of fact “zerocodec(dot)com” is registered to the same person, (although the Whois info is most likely bogus also) as in […]
Comments Off on Bogus Video Player Error
Filed under: Uncategorized
Landing on the following site you’ll see the (bogus) message … “may require special application to run” … yeah right! Scanning at VirusTotal: Result: 10/32 (31.25%) = Trojan.Win32.DNSChanger.qb … sadly this is better than usual … vivacodec is hosted at Cernel, which hosts about 90% of the codec sites.
Comments Off on A new approach from the Codec gang
Filed under: Uncategorized
The MVPS HOSTS file was recently updated [11-01-07]http://www.mvps.org/winhelp2002/hosts.htm Download: hosts.zip (144 kb)http://www.mvps.org/winhelp2002/hosts.zip How To: Download and Extract the HOSTS filehttp://www.mvps.org/winhelp2002/hosts2.htm HOSTS File – Frequently Asked Questionshttp://www.mvps.org/winhelp2002/hostsfaq.htm Note: the “text” version makes a great resource for determining possible culprits … (629 kb)http://www.mvps.org/winhelp2002/hosts.txt Sign up for HOSTS file update noticeshttp://www.mvps.org/winhelp2002/updates.htm
Comments Off on MVPS HOSTS File Update 11-01-07
Filed under: Uncategorized