Archive for December, 2007

Bogus Video Plugin Error

Landing on the following site (trooperporn(dot)com) the viewer is presented with yet another bogus error prompt … If you click [choke] Continue … well I didn’t get far as NOD32 v3 jumped up with the following … There are several other sites involved … including “results-google(dot)info” which tries to load a script, which generates a pop-up […]

Another malicious IFrame Exploit

Landing on the following site NOD32 v3 immediately jumps up and cancels the connection … The culprits in this case are well known (Attackers target unpatched QuickTime flaw) and already exist in the HOSTS file. So off I go to Google to see what else I can find … seems Google has determined this is […]

MVPS HOSTS File Update 12-10-07

The MVPS HOSTS file was recently updated [12-10-07]http://www.mvps.org/winhelp2002/hosts.htm Download: hosts.zip (145 kb)http://www.mvps.org/winhelp2002/hosts.zip How To: Download and Extract the HOSTS filehttp://www.mvps.org/winhelp2002/hosts2.htm HOSTS File – Frequently Asked Questionshttp://www.mvps.org/winhelp2002/hostsfaq.htm Note: the “text” version makes a great resource for determining possible culprits … (633 kb)http://www.mvps.org/winhelp2002/hosts.txt Sign up for HOSTS file update noticeshttp://www.mvps.org/winhelp2002/updates.htm

More on Innovative Marketing

Thought I’d show the Hosting services that are affilated with the Innovative Marketing Group … As you can see they spread out into quite a few areas … other known affiliates: LocusSoftware, IncUnited Kingdom LocusSoftware sites hosted via Eukhost_ltd91.186.30.75  sale.trustedantivirus.com91.186.30.80  secure.systemerrorfixer.com LocusSoftware sites hosted via Euroaccess85.12.60.123  shop.pcprivacytool.com85.12.60.30  winpcdoctor.comwinspycontrol.comwinsecureav.com LucasSoftware sites hosted via Setupahost (Toronto)204.16.204.56  protect.trustedantivirus.com204.16.204.56  clean.systemerrorfixer.com204.16.204.56  privacy.securepccleaner.com204.16.204.56  […]

LimeLight Networks and connecting the dots

Often times you have to look hard to connect the dots … however it now seems LimeLight has been affiliated with the “Innovative Marketing Group” (aka WinFixer) for some time. And as of today they are still hosting files that almost every major Antivirus/Antispyware programs detect as malware … Landing on the below site you can […]

Limelight Networks serving up Malware

Landing on the following bogus “Security Center” page the visitor is presented with (typical) bogus scare tactics, etc. Clicking any link on that page the visitor is redirected (several times) and then lands on this prompt … What’s interesting is the players involved (WinFixer related) in this scam … “SecurityOnPage” is paid a commission to […]

Bogus Streaming Video Playback Error

I’ll say one thing for these culprits … they sure are inventive with their (bogus) error prompts … There are several different culprits involved in this one … The download from “somcompany” is detected as: Trojan-Downloader.Win32.Zlob.extWhich is hosted at Ukrtelegroup Ltd via ESTDOMAINS/PrivacyProtect … it appears that “Inhoster Hosting” has renamed this IP block recently […]

Is Spamdexing on the rise?

There has been a lot of media coverage lately on this subject … while it’s (finally) nice to see this problem is getting the attention it deserves … this is nothing new. Spamdexing has been going on for years … “Spamdexing or search engine spamming is the practice of deliberately and dishonestly modifying HTML pages […]