Malicious destination URL: security-scan-pc.com Malicious campaign URL: adservdb.com/ads/?id=d3 The id=d3 URL completes various checks (browser version mostly) and then redirects to this URL: adservdb.com/tmp01.asp The tmp01.asp URL sets a cookie, and completes various checks (Year, Month, Date, Hours, Minutes, Milliseconds, browser version) and, if the PC passes the test, we are redirected to this URL: […]
Enjoy:http://www.microsoft.com/windows/internet-explorer/beta/ Upgrading notes: PLEASE READ THE RELEASE NOTES!!! Compability issues: HP Smart Web Printing (some versions); Google Toolbar (some versions); DriveLetterAccess (Roxio) (some versions); Skype add-in (some versions); Visual Studio .NET Version 7; Real Player 11; Windows Live Mail; Netflix; VB6.0 ActiveX Controls; Window-Eyes; Hotmail log-off – details are in the Release Notes, but […]
admarketcenter.com have been implicated in the distribution of malvertizements. AdMarketCenter.com – IP: 216.195.62.169 Registrar: Godaddy.comDate created: 15 November 2006 WHOISRegistrant, admin and technical contact: bert_205@hotmail.com hostnames sharing ip with a-records: excursionglobe.commypussyworld.com sharing mailserver IP: Nil sharing name server:lots Excursionglobe.com is a known bad actor. See this blog entry:http://msmvps.com/blogs/spywaresucks/archive/2008/01/13/1459605.aspx Note that the script mentioned in that […]
Created using Fuse.
I received three separate samples of a mediamate malvertizement today, all with different names. First sample This time it hit googiesindication.com – IP: 217.150.254.47 Registrar: TLDS, LLC DBA SRSPLUSCreation date – 26 November 2007 Registrant, administrative and billing contact: Jon Lod (mail@googiesindication.com) domains sharing nameservers (there are some old names here – all known […]
How cute is my little nephew? He is reading THE most important section of the newspaper – Cars for Sale – he’s going to be a car fan, just like his daddy (no, that’s not his daddy in the picture, that’s one of his uncles). He’s the only almost-3-year-old I know who, when asked what […]
Love the title Jesper! http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/ Jesper’s article includes a description of a browser hijack intended to dump its victim at a fraudware site. It also takes a close look at the fraudware itself – its installation, its behavior after install, and how it tries to convince victims to part with their hard earned cash by […]
Not confirmed, but suspicious – generated using Fuse:
I received this email a few days ago: Dale’s email is certainly worth answering; I’ll do my best ;o) Fraudware such as XP Antivirus 2009 (or 2008) and its myriad stablemates does not come in strictly via the Clipbook vector. On the contrary, my opinion is that the clipboard trick is one of their […]
Featuring…. Careerbuilder.com… (hits newstat.net, profitabill.com and adverdaemon.com) Skype (hits statsgroup.net, profitabill.com and adverdaemon.com) mediaman (hits statsgroup.net, profitabill.com and adverdaemon.com as well as stats.sellmosoft.net and stats2.reliablestats.com) nielsen and bighip