Affected versions are 9.0.124.0 and 9.0.115.0. The best analysis that I’ve seen so far is at SecurityFocus:http://www.securityfocus.com/bid/29386/info The frightening thing about this alert is that the vulnerability is being actively exploited, with tens of thousands of web sites being compromised (Symantec/Security Focus think that this is happening via SQL injection), with those compromised web sites […]
A new style Dot Tunes advertisement: The adopstools results are here:http://www.adopstools.net/index.asp?page=quicklink&id=r60Siyiw02bZgpaa When the SWF is displayed on a system it hits the following URLs: traveltray.com/crossdomain.xml and traveltray.com/stats.php?u={{removed}}&campaign=ofdidactic The cross domain policy is “allow-access-from domain=”*” ” – in other words, there are no domain restrictions. This document will help you understand the implications of such an […]
A fraudware web site that will *not* close. I see this: I try to close using Red X, I get this: I try to close using the Red X, which has always been sufficient in the past. In this case, the dialogue box goes away but the god-damned window is still open. So, I go […]
Ok, there are a lot of people out there who are upset at being overcharged and defrauded by bucksbill.com. Just check out the comments here and here. Unfortunately, people are also emailing me directly because they (mistakenly) believe that I and/or this blog are associated with the fraudsters. For example, check out this email: “I […]
A comment has been made to this blog warnin that http://en.f1-live.com/f1/en/index.shtml has been serving malvertizements during the the past week or so. We’re investigating. If anybody sees anything, please let me know.
I received this alert via email: “My girlfriend was surfing boston.com last night and she landed on some nasty code that redirected her to that classic alert bos in the lower left hand corner of the screen. This time is was for XPShield which is widely known as rogue. Anyway I had known that you […]
SEATTLE – A 21-year-old Scottsdale, Ariz., man accused of coercing consumers to buy software that actually turned their computers into spamming machines agreed to a settlement that substantially restricts how he markets software in the future, the Washington Attorney General’s Office announced today. The Attorney General’s Consumer Protection High-Tech Unit sued Messenger Solutions, LLC, and […]
I am pleased to advise that one of the malvertizements that was appearing at photobucket.com, being the Tokyo Drift malvertizement being distrubted via adbureau.net, has been removed from circulation. As far as I know, the other malvertizements, hosted by atlas-ads.com, may still be in circulation. The malvertizements are gone because we alerted adbureau.net to the […]
Photobucket has been mentioned several times on this blog because of malvertizements appearing on the site. The most recent outbreak is proving to be problematic, to say the least. Photobucket have been advised several times that there are malvertizements appearing on the web site. Photobucket have been given sufficient information to enable them to quickly […]
Several comments have been posted to my blog recently about a malvertizement problem at mininova.org: http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550824.aspx#1601871http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550824.aspx#1602159http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550824.aspx#1614547 Anyway, I went looking and found a thread that claimed the malvertizements had been identified and removed on 5 May so I didn’t take things any further (a decision which may have been a mistake)http://forum.mininova.org/index.php?showtopic=235009007 Kimberley has now identified […]