Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Information about the other "scareware" lawsuits…

September 29th 2008

Here we go… the other lucky recipients of Microsoft’s attentions in the “John Doe” (which I earlier called “Jane Doe”) lawsuits are: XPdefender.comCase No. 08-2-33382-5 SEAJudge Suzanne Barnett WinSpywareProtectCase No. 08-2-33380-9 SEAJudge Joan DeBuque WinDefenderCase No. 08-2-33377-9 SEAJudge Michael J. Fox MalwareCoreCase No. 08-2-33375-2 SEAJudge Douglas McBroom Antivirus 2009Case No. 08-2-33372-8 SEAJudge Bruce Heller Microsoft […]

Read On 8 Comments

Announcement: Microsoft and the Washington Attorney General unveil several "scareware" lawsuits

September 29th 2008

Edited to update documentary links.. Washington Attorney General, Rob McKenna (whose work has been featured on this blog several times) and Richard Boscovich, Senior Attorney for Microsoft’s Internet Safety Enforcement Team, unveiled several lawsuits against malware (what they call “scareware”) pushers today.  The lawsuits are the first to be filed under the State’s recently amended […]

Read On Comments Off on Announcement: Microsoft and the Washington Attorney General unveil several "scareware" lawsuits

So, where are Esthosts/Estdomains now that Intercage/Atrivo are in such trouble?

September 27th 2008

Let’s take a look-see at where Intercage/Atrivo’s most infamous client, esthosts/estdomains, are situated – using Domaintools, cidr-report.org and bfk-de, and a smattering of Sam Spade 1.14.  I’m not using Robtex that much because I get the sense that, sometimes, its data is behind the times and it should be noted that by the time this […]

Read On 1 Comment

Atrivo/Intercage have been knocked offline again?

September 25th 2008

Surprise surprise.  Screenshot taken just a few minutes ago… http://www.cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0  

Read On 2 Comments

Atrivo/Intercage: down but not yet out…

September 22nd 2008

Don’t we love the online press?   I’ve been watching the fall-out and online reports of Atrivo’s short lived disappearance off the net, and I think this is one of the more … misinformed … articles that I have seen so far: US-Based Malware Network Shuts Down Source: Dark Reading The article says (my comments in […]

Read On 2 Comments

Internet Explorer Security levels compared… courtesy of Steve Riley

September 21st 2008

I’ve wanted to do this for ages … never did get around to it … ;o) Steve has put together a chart listing the default settings for each Internet Explorer security level (IE7 on Vista SP1) – you can find it here:http://blogs.technet.com/steriley/archive/2008/09/16/internet-explorer-security-levels-compared.aspx

Read On Comments Off on Internet Explorer Security levels compared… courtesy of Steve Riley

Atrivo/Intercage are offline, for now…

September 21st 2008

And they’re not happy… The question is, where will Atrivo/Intercage’s infamous clientele go?  The hostexploit.com study that was at the centre of this maelstrom can still be found at the URL below (a PDF, just under 2 megabytes in size): http://hostexploit.com/downloads/Atrivo%20white%20paper%20090308ad.pdf  

Read On 2 Comments

Adobe Flash and clipboard attacks – changes on the way

September 19th 2008

Adobe have blogged about changes being made to Flash to address various security issues, including the Flash clipboard attacks that received so much press attention not that long ago. Blog article here:http://blogs.adobe.com/psirt/2008/09/clipboard_attack_update.html Devnet article:http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html   The changes: In Flash Player 9, ActionScript could perform uploads and downloads at any time. With Flash Player 10 beta, […]

Read On Comments Off on Adobe Flash and clipboard attacks – changes on the way

I sense a Nesco phish approaching….

September 18th 2008

Newly registered via Directi … cid38.mobi cid38.mobi is hosting a copy of a legitimate web site – note the URL in the address bar: And here is the real site – again, note the site in the address bar:  

Read On 1 Comment

I sense a phishing storm approaching …

September 17th 2008

I’m sure my readers already know about the goings-on affecting Estdomains/Intercage and Atrivo in recent times – suffice to say that the bad guys are being chased from pillar to post and back again, and were at risk of being knocked off the Internet completely. Brian Krebs can claim credit for starting this most recent […]

Read On 2 Comments