Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

New malvertizements featuring diamondharmony.com

June 13th 2008

Screenshot of diamondharmony.com malvertizement  

Read On Comments Off on New malvertizements featuring diamondharmony.com

Press Release: Attorney General McKenna’s new laws go into effect Thursday

June 11th 2008

The full press release is below.  The section most relevant to this blog is the new laws related to spyware.  A change that I anticipate will have a great impact is that the new laws “Create[s] liability for web hosting services who ignore violators’ use of their products“.  I believe that this new law will encourage web hosting services to […]

Read On Comments Off on Press Release: Attorney General McKenna’s new laws go into effect Thursday

Circulating malvertizements: driveway and dreammates

June 11th 2008

First, driveway: waytotheprofit.com/?cmpid=comedogeni&adid=intl statgroup.net/c/index.php?id=WmhuaHhDTEFpUXm7NkiZmOVpYVnd4cGtoPTEyMDgxNjk3MDUmcG56Y252dGE9cGJ6cnFidHJhdgYNkiDgNmYNkiDgNm Next, dreammates: waytotheprofit.com/?cmpid=comedogeni&adid=intl stat-diagnostic-imaging.net/c/index.php?id=eklscHhaSzFya3JIUElYNjNm7NkiZeUloPTEyMTIwNzc5MjYmcG56Y252dGE9cGJ6cnFidHJhdgYNkiDgNmYNkiDgNm     You can see that both malvertizements use the same waytotheprofit campaign URL. I ended up at goldenantispy.com on one occasion, and antispyarewaremaster on another and performanceoptimizer.com on another. You will end up at different sites depending on what country you reside in. goldenantispy and antispywaremaster […]

Read On Comments Off on Circulating malvertizements: driveway and dreammates

ALERT: Malvertizements at disney.fr

June 10th 2008

These criminals, whoever they are, have absolutely no shame.  I thought that they were the scum of the earth when they impersonated Oxfam; now they are getting their malvertizements onto popular chidren’s sites. As reported by Kimberley – the malvertizements have been reported to RealMedia: openad.tf1.fr/RealMedia/ads/Creatives/OasDefault/AUTOPROMO_DISNEY_SKY_CINEMA_NOW/cinemanow_120x600.swf adoptserver.info/_stat029.gif?url=[removed]windowsxp-privacy.net/?id=987650098xponlinescanner.com/soft.php?aid=024217&d=2&product=XPAxponlinescanner.com/2008/2/freescan.php?aid=77024217 openad.tf1.fr/RealMedia/ads/Creatives/OasDefault/AUTOPROMO_DISNEY_MEGA_CINEMA_NOW/cinemanow_728x90.swf adoptserver.info/_stat029.gif?url=[removed]windowsxp-privacy.net/?id=987650097xponlinescanner.com/soft.php?aid=024218&d=3&product=XPAxponlinescanner.com/2008/3/freescan.php?aid=77024218    

Read On Comments Off on ALERT: Malvertizements at disney.fr

New "surveys" malvertizement

June 7th 2008

Adopstools.com was not able to analyse the sample that I have, but there is more than one way to get things done. The malicious SWF exposes victims to two different URLs: impressiontracker.com/url/sc_6.php and yourredirect.com/soft.php?aid=000417&d=3&product=XPA The yourredirect.com URL redirects to a fraudware site, being: onlinescannerxp.com/2008/3/freescan.php?aid={removed} yourredirect.com was created on 4 April 2008 and is protected by […]

Read On 1 Comment

Another eBooks malvertizement

June 5th 2008

Regular readers may recall the new eBooks malvertizement highlighted the other day – this one: Here’s another version, slightly tweaked. You’ll notice the different wording and different font:  

Read On Comments Off on Another eBooks malvertizement

Mark Russinovich: The Case of the Random IE and WMP rashes

June 3rd 2008

I have just finished glancing over Mark Russinovich’s latest blog entry, in which he described how he tracked down the cause of, and fix for, crashes affecting Internet Explorer on his Vista x64 gaming system, as well as crashes affecting Windows Media Player. The diagnostic steps that Mark uses make for fantastic reading for the […]

Read On Comments Off on Mark Russinovich: The Case of the Random IE and WMP rashes

malvertizement featuring eBooks

June 3rd 2008

Screenshots (had to smile at the appearance of the word “malware”): I’m also seeing a steady stream of ringtone: and American Singles malvertizements:

Read On Comments Off on malvertizement featuring eBooks