Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Adobe Flash Player SWF File Unspecified Remote Code Execution Vulnerability

May 28th 2008

Affected versions are and The best analysis that I’ve seen so far is at SecurityFocus:http://www.securityfocus.com/bid/29386/info The frightening thing about this alert is that the vulnerability is being actively exploited, with tens of thousands of web sites being compromised (Symantec/Security Focus think that this is happening via SQL injection), with those compromised web sites […]

Read On 2 Comments

A new look dottunes malvertizement

May 27th 2008

A new style Dot Tunes advertisement: The adopstools results are here:http://www.adopstools.net/index.asp?page=quicklink&id=r60Siyiw02bZgpaa  When the SWF is displayed on a system it hits the following URLs: traveltray.com/crossdomain.xml and traveltray.com/stats.php?u={{removed}}&campaign=ofdidactic The cross domain policy is “allow-access-from domain=”*” ” – in other words, there are no domain restrictions.  This document will help you understand the implications of such an […]

Read On 1 Comment

OK, this is NASTY!!!!

May 20th 2008

A fraudware web site that will *not* close. I see this: I try to close using Red X, I get this: I try to close using the Red X, which has always been sufficient in the past.  In this case, the dialogue box goes away but the god-damned window is still open. So, I go […]

Read On 5 Comments

I am NOT associated with bucksbill.com

May 19th 2008

Ok, there are a lot of people out there who are upset at being overcharged and defrauded by bucksbill.com.  Just check out the comments here and here. Unfortunately, people are also emailing me directly because they (mistakenly) believe that I and/or this blog are associated with the fraudsters.  For example, check out this email: “I […]

Read On 2 Comments

ALERT: Malvertizement at en.f1-live.com?

May 19th 2008

A comment has been made to this blog warnin that http://en.f1-live.com/f1/en/index.shtml has been serving malvertizements during the the past week or so.  We’re investigating.  If anybody sees anything, please let me know.  

Read On Comments Off on ALERT: Malvertizement at en.f1-live.com?

ALERT: malvertizement at boston.com?

May 19th 2008

I received this alert via email: “My girlfriend was surfing boston.com last night and she landed on some nasty code that redirected her to that classic alert bos in the lower left hand corner of the screen. This time is was for XPShield which is widely known as rogue. Anyway I had known that you […]

Read On Comments Off on ALERT: malvertizement at boston.com?

Press Release: Washington Attorney General settles case with man accused of using pop-ups to hawk software

May 19th 2008

SEATTLE – A 21-year-old Scottsdale, Ariz., man accused of coercing consumers to buy software that actually turned their computers into spamming machines agreed to a settlement that substantially restricts how he markets software in the future, the Washington Attorney General’s Office announced today. The Attorney General’s Consumer Protection High-Tech Unit sued Messenger Solutions, LLC, and […]

Read On Comments Off on Press Release: Washington Attorney General settles case with man accused of using pop-ups to hawk software

Photobucket.com – an update

May 13th 2008

I am pleased to advise that one of the malvertizements that was appearing at photobucket.com, being the Tokyo Drift malvertizement being distrubted via adbureau.net, has been removed from circulation. As far as I know, the other malvertizements, hosted by atlas-ads.com, may still be in circulation. The malvertizements are gone because we alerted adbureau.net to the […]

Read On Comments Off on Photobucket.com – an update

Photobucket are not cleaning up their act

May 12th 2008

Photobucket has been mentioned several times on this blog because of malvertizements appearing on the site.  The most recent outbreak is proving to be problematic, to say the least. Photobucket have been advised several times that there are malvertizements appearing on the web site.  Photobucket have been given sufficient information to enable them to quickly […]

Read On 9 Comments

Malvertizements on mininova.org

May 8th 2008

Several comments have been posted to my blog recently about a malvertizement problem at mininova.org: http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550824.aspx#1601871http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550824.aspx#1602159http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550824.aspx#1614547 Anyway, I went looking and found a thread that claimed the malvertizements had been identified and removed on 5 May so I didn’t take things any further (a decision which may have been a mistake)http://forum.mininova.org/index.php?showtopic=235009007 Kimberley has now identified […]

Read On Comments Off on Malvertizements on mininova.org