Mea culpa: Marian is apparently male, not female. Marian Radu of the Microsoft Malware Protection Center has written about SWF being used for malware. She He states: “What I found out is that, excluding flash exploits, SWFs are mainly used as redirectors“ Yep, we know this … that is why Flash is “the Typhoid Mary […]
Courtesy of Kimberley URLs used to facilitate the hijacking: bannersrotator.com/fx22010/click.phpstl.0ups.com/stl/in.cgi?24& Note that different SWF files are served to the potential victim, depending on the version of Flash being used… I’ll also emphasise that the malicious domain is not associated with the legitimate company Metrixlab at www.metrixlab.com. AND, guess who is the ICANN Registrar…. DIRECTI. I […]
This time we see that he is tweaking the WHOIS for traveltray.com and workhomecenter.com. To recap, so far he has tweaked mydwnld.info, matchservice.com, supportsvc.com, getfreecar.com and veritylimited.com in recent times:
Details here:http://www.icann.org/en/announcements/announcement-2-29oct08-en.htm “On 28 October 2008, ICANN sent a notice of termination to EstDomains http://www.icann.org/correspondence/burnette-to-tsastsin-28oct08-en.pdf [PDF, 76K]. Based on an Estonian Court record, ICANN has reason to believe that the president of EstDomains, Vladimir Tsastsin, was convicted of credit card fraud, money laundering and document forgery on 6 February 2008. Pursuant to Section 5.3 of […]
Announcement here:http://www.icann.org/en/announcements/announcement-2-28oct08-en.htm “As the result of the de-accreditation of EstDomains, Inc. (IANA ID 832), ICANN is seeking Statements of Interest from ICANN-accredited registrars that are interested in assuming sponsorship of the gTLD names that had been managed by EstDomains. EstDomains managed approximately 280,000 gTLD registrations, including registrations in the biz, com, info, mobi, net, and […]
Well, now we know why EstDomains was posting to NANOG, and issuing press releases. Its not very often that I say that you could knock me over with a feather, but, you could knock me over with a feather. The RBN blog is the first place I saw the news (edit: it looks like […]
For those of you who may be interested: http://www.microsoft.com/downloads/details.aspx?familyid=26996ced-888d-4892-b1be-5141da8272bd&displaylang=en&tm Note: only available for download via systems that pass Windows Genuine Validation
Quote from the Patch Management Mailing List: “Microsoft has created patches for NT4 Workstation, NT4 Server, and NT4 Terminal Server, however, these patches are only available to folks who have purchased an NT4 Custom Support Agreement from Microsoft.“ There is a FAQ on the Securiteam blog, but at time of writing it doesn’t mention anything […]
I received this email today: “I bought a 64 bit HP PC with Vista Home Premium and ie7 installed. When I was at a website to view something today it said I needed an Adobe plugin and directed me to Adobe. But Adobe said it did not have a 64 bit version and to use […]
Here is just one example:http://vil.mcafeesecurity.com/vil/content/v_152898.htm Threatexploit blog:http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html You’re patching, yes? Watch out for crashes affecting svchost.exe and netapi32.dll. ISC have raised their threat level to Yellow. There are two more webcasts set up: For the Thursday, 10/23/08, 5:00 PM Webcast, customers can register at:http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032394183&Culture=en-US For the Friday, 10/24/08, 11:00 AM Webcast, customers can register at:http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032394179&Culture=en-US […]