Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

TRUSTe changes from not-for-profit to for-profit

July 15th 2008

Edited to fix typographical errors   The news is out – TRUSTe is now a for-profit, instead of a not-for profit. As I am sure all of you have noticed, I have been silent about TRUSTe since I started working with them on 16 July 2008.  But now, I think, the time has come to […]

Read On 2 Comments

A malvertizement featuring XE Radio rears its head again

July 14th 2008

Interestingly, the malvertizement features the same campaign as the MediaMan malvertizement that Kimberley found on isuisse, iquebec, ibelgique and ifrance back on 10 July. Screenshots of the XM Radio malvertizement: We see various domains when hit by a malicious redirect, including:   stathisranch.net/crossdomain.xml stathisranch.net/c/index.php?<<removed>> profitabill.com/?cmpid=asbarrator (this is the same as the MediaMan malvertizement mentioned above) […]

Read On Comments Off on A malvertizement featuring XE Radio rears its head again

New malvertizement featuring Levis, myownpursuit.com (Lexus) and the re-emergence of Lady Speedstick

July 14th 2008

There have been several malvertizements in circulation, being:   unicastads.com/<removed>/728×90.swf (the original malicious ad has already replaced with a ‘clean’ one)   unicastads.com/<removed>/300×250.swf (the original malicious ad has already replaced with a ‘clean’ one)    trueffect-cdn.com/<removed>/300×250.swf   trueffect-cdn.com/<removed>/728×90.swf   pointroll-ads.com/<removed>/300×250.swf?   unicastads.com is registered via Estdomains, as is trueffect-cdn.com and pointroll-ads.com.   At time of […]

Read On Comments Off on New malvertizement featuring Levis, myownpursuit.com (Lexus) and the re-emergence of Lady Speedstick

Watch out for these malvertizements…

July 14th 2008

I have not seen a malvertizement featuring this site before – muchmusic.com   dreammates.com – this one dumped me at virusremover2008.com (domain created on 20 May 2008)

Read On 2 Comments

Developments in the malvertizing world – a new distribution conduit involving MySpace

July 14th 2008

Kimberley writes about a new distribution conduit that she has found – in this example it is an old malvertizement with a currently inactive campaign. Details here:  Bluetack Forum In short, funmunch.com is offering a “MySpace Banner” for download that is, in fact, a malvertizement (an old one, but still a malvertizement). Here’s the question […]

Read On Comments Off on Developments in the malvertizing world – a new distribution conduit involving MySpace

Off topic: World’s oldest blogger dies…

July 13th 2008

How sad, even though it is an event that comes to us all. An Australian lady credited as being the oldest blogger in the world, Olive Riley, died on Saturday – her blog was a lovely thing to read. Although her blog, www.allaboutolive.com.au, seems to no longer exist (there is no A Record and according […]

Read On 1 Comment

The Sun Java installer still sucks….

July 9th 2008

I was prompted to install the latest update to Sun Java a short while ago, and the installer still sucks. The installer still triggers a UAC prompt. The installer still does NOT remove old versions of Java – old versions that take 136 megabytes per version. The option to install Open Office is still enabled […]

Read On 9 Comments

ALERT: new malvertizement protocols, courtesy of Kimberley

July 9th 2008

As always, Kimberley’s report makes for fascinating reading: http://www.bluetack.co.uk/forums/index.php?s=&showtopic=18064&view=findpost&p=88026 What is especially interesting is that the advertisement in question that started the whole thing was NOT a SWF – it was a GIF – hosted by 247mediadirect.com.  The end target, a malicious SWF, is hosted at the same IP. Hosted (again) in Malaysia, a Robtex […]

Read On Comments Off on ALERT: new malvertizement protocols, courtesy of Kimberley

ALERT: malvertizement featuring classmates.com

July 8th 2008

Campaign URLS (you will note that the campaign is identical to the one for the Skype malvertizement): waytotheprofit.com/?cmpid=contangogostation-appraisals.com/c/index.php?id=<<removed>>

Read On Comments Off on ALERT: malvertizement featuring classmates.com

ALERT: Malvertizement featuring Skype

July 8th 2008

No company is safe from impersonation…. Campaign URLS: waytotheprofit.com/?cmpid=contangogostation-appraisals.com/c/index.php?id=<<removed>>   The waytotheprofit URL leads us to an adverdaemon.com URL, and from there to the fraudware site – I ended up at a German site, being sicherheitstool.com. Robtex reports that “sicherheitstool.com is a domain controlled by two nameservers at sicherheitstool.com themselves. They are on the same […]

Read On 2 Comments


Archives