Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

What do you do when Alex Eckelberry writes to you and says "we have a new major problem"?

November 26th 2007 in Uncategorized

You start sounding the alarm, that’s what you do.  I urge you to read this link, and spread the word.


http://sunbeltblog.blogspot.com/2007/11/breaking-massive-amounts-of-malware.html


Take a close look at the URLs for the malware links; they are all random collections of letters and numbers, and they’re all Chinese domains.  Users of Google (and other web search engines) need to pay close attention to the links that are being offered, and avoid anything that just doesn’t look right, and certainly avoid ‘nonsense’ domains like those in the Sunbelt screenshots.


FWIW, a quick check using Windows Live Search does *not* result in a slew of malicious sites.


If Google wants to be the Sun around which we all revolve then they are going to have to clean up their act, and fast.  I admit, Google do try to flag sites that they know are dangerous, but *none* of the malware links in the screenshots are flagged as malicious.


 


3 comments to...
“What do you do when Alex Eckelberry writes to you and says "we have a new major problem"?”

Bob
wrote on November 27th, 2007      

I see this only on Google. MSN and Yahoo seem to be clean. Have you seen it on any other search site?



Mike
wrote on November 28th, 2007      

I can’t see it on Google. Maybe they’re getting their act together on it?

This guy is doing the rounds of message boards: http://www.google.co.uk/search

Despite the .cn the IP seems to resolve to Chicago.



harry
wrote on November 28th, 2007      

Excellent advice by Sandi on what to look out for … Some additional updates on this threat can be found here:

http://msmvps.com/blogs/harrywaldron/archive/2007/11/28/thousands-of-malicious-web-page-redirects-be-careful-with-internet-searches.aspx


Alex Eckelberry of Sunbelt has been in touch with me to advise that he has contacted AdOn Network about the malicious SWF that we have been studying on this blog over the past day or so – something I am ashamed to admit I had not done yet.
AdOn advise that they have removed the advertiser, […]

Previous Entry

A new version (1.1) of FiddlerCap is available at http://www.fiddlercap.com.
The new version includes a checkbox that controls whether or not cookies and form POSTs are stored within the .SAZ file.
Fiddlercap is proving to be absolutely invaluable in the fight against malicious banner advertisements – Fiddlercap makes it easy for even the most inexperienced computer user […]

Next Entry

Archives