Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Fiddlercap has been updated

November 27th 2007

A new version (1.1) of FiddlerCap is available at http://www.fiddlercap.com. The new version includes a checkbox that controls whether or not cookies and form POSTs are stored within the .SAZ file. Fiddlercap is proving to be absolutely invaluable in the fight against malicious banner advertisements – Fiddlercap makes it easy for even the most inexperienced computer […]

Read On 1 Comment

What do you do when Alex Eckelberry writes to you and says "we have a new major problem"?

November 26th 2007

You start sounding the alarm, that’s what you do.  I urge you to read this link, and spread the word. http://sunbeltblog.blogspot.com/2007/11/breaking-massive-amounts-of-malware.html Take a close look at the URLs for the malware links; they are all random collections of letters and numbers, and they’re all Chinese domains.  Users of Google (and other web search engines) need […]

Read On 3 Comments

National Geographic: a quick update

November 26th 2007

Alex Eckelberry of Sunbelt has been in touch with me to advise that he has contacted AdOn Network about the malicious SWF that we have been studying on this blog over the past day or so – something I am ashamed to admit I had not done yet. AdOn advise that they have removed the […]

Read On Comments Off on National Geographic: a quick update

Still working on NatGeo…

November 25th 2007

 HTTP capture of a visitor to the National Geographic website being hijacked and redirected to scanner2.malware-scan.com.  As we know, we’ve traced the guilty advertisement as far back as 66.179.234.173/images/1847_560766_7006263_90_728.html  

Read On Comments Off on Still working on NatGeo…

Malicious SWF advert captured on NationalGeographic.com

November 25th 2007

I only have time to post screenshots at the moment – the malicious advertisement can be seen at:66.179.234.173/images/1847_560766_7006263_90_728.html A Google search reveals that the IP address 66.179.234.173 has a history of involvement with malicious banner advertisements:http://www.google.com/search?q=66.179.234.173&rls=com.microsoft:en-us&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1 The SWF itself is being pulled from:rmedia.adonnetwork.com/images/560766_90_728_200711011430_tubesnow_728x90.swf With javascript being pulled from:rmedia.adonnetwork.com/adon_flash_v2.js  and I’ll post more specific details in roughly […]

Read On 3 Comments

While we’re dealing with the topic of how to interact with IT support…

November 23rd 2007

Posted to Shark Bait not long ago [:)]http://sharkbait.computerworld.com/?q=node/1902

Read On Comments Off on While we’re dealing with the topic of how to interact with IT support…

Not even my immediate family is safe from malware….

November 23rd 2007

There’s my Dad, searching the net for an update to a particular specialist programme on his system; he finds what he wants, he downloads, he starts to install (we don’t know if he closed his Web browser first – I’m bettting not), he’s prompted to update *DirectX* and whammo, he’s hit with spyware.cyberlog-x. Unfortunately: he […]

Read On Comments Off on Not even my immediate family is safe from malware….

Sometimes I wonder why I don’t just give up.

November 22nd 2007

Check out this URL:http://www.itnews.com.au/News/NewsStory.aspx?story=65660 See this quote towards the very end: “In Australia earlier this month, a majority of Sensis websites including Whitepages, Telstra Bigpond and Yellowpages had to remove advertising on their site after a local security professional and Microsoft MVP discovered malicious malware embedded in the ads.” For whatever reason, IT NEWS decided […]

Read On 14 Comments

Danger on the Internet – it can be anywhere at any time…

November 22nd 2007

Malware found on LaoAirlines.com, travellers beware of other sites “Sophos has warned Australian travellers looking to book flights to South East Asia to make certain their anti-virus software is up to date before going online after yesterday intercepting malware on Lao Airlines.com. Users who simply embark on the site will automatically be redirected to another […]

Read On 5 Comments

You receive non-delivery reports (NDR) when you send e-mail attachments that are larger than a specific size in Exchange Server

November 22nd 2007

This one is interesting to my alter-ego… Consider the following scenario. In a Microsoft Exchange Server organization, the Exchange Server server has no size restrictions for e-mail attachments and no quota settings on mailboxes. Additionally, size restrictions are set on the firewall. In this scenario, you may receive non-delivery reports (NDR) when you send e-mail […]

Read On 1 Comment


Archives