Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Estdomain Press Release: aka "we’re good guys, honest"

October 23rd 2008

  Here’s the Press Release:http://www.prweb.com/releases/2008/10/prweb1504344.htm An Esthost representative also posted a message to NANOG a while back – as far as I know, there was only one public response:http://www.gossamer-threads.com/lists/nanog/users/109300 Do I believe that Estdomains/Esthost are innocent victims?  Nah… too much has happened for too long.  Let’s not forge these Washington Post articles: Part 1:http://voices.washingtonpost.com/securityfix/2008/09/estdomains.html Part […]

Read On Comments Off on Estdomain Press Release: aka "we’re good guys, honest"

ALERT: Please install critical out-of-band security patch

October 23rd 2008

  Edit: A detailed description of the vulnerability has been published here:http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx  Of particular importance is this quote: “This is a serious vulnerability and we have seen targeted attacks using this vulnerability to compromise fully-patched Windows XP and Windows Server 2003 computers so we have released the fix “out of band” (not on the regular […]

Read On 3 Comments

ADVANCE NOTIFICATION – October 23, 2008 (Out-of-Band) MSRC Security Bulletin Release

October 22nd 2008

Quote: Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in all currently supported versions of Windows. The bulletin is scheduled for release at approximately 10 A.M. Pacific Time on Thursday, October 23, 2008. This security update will be released outside of the usual monthly security bulletin release cycle in an […]

Read On 3 Comments

It happens to the best of us…

October 22nd 2008

What do you get when you combine a busy evening, an ongoing IM chat and a moment of inattention?  You get what you see to left of screen. Note that I declined the download… don’t play with with fire by downloading the virus, even if you know what it is and just want to experiment. […]

Read On 4 Comments

Internet Explorer 8 Guidebook

October 21st 2008

Its all marketing spiel, but somebody may find it useful ;o)http://www.microsoft.com/downloads/details.aspx?familyid=75973693-9a7f-4a42-9ddd-8b029361e766&displaylang=en&tm

Read On 1 Comment

ALERT: Malvertizement at allmusic.com and billboard.com

October 20th 2008

  Note: the incident has been reported to a contact at allmusic. Originally discovered by Kimberley. Malicious SWF: web.checkm8.com/Ads/435513/bill_300x250-border.swf Encrypted dynamic text within malvertisement:       From web.checkm8.com we hit clickmatter.net, which loads a “static.gif” which is actually an SWF.  From there I was bounced to windows-scannercenter.com to onlinetds.info and forcedscan.com. web.checkm8.com were involved […]

Read On 2 Comments

Adobe Flash 10 does NOT stop malvertizement hijacking

October 20th 2008

Adobe Flash keeps its title as the “Typhoid Mary of the Internet“. Kimberley has put in some hard yards, and posted a comprehensive article that proves that Flash 10 is NOT stopping SWF malvertizement hijacks. You can read all about it here:http://www.bluetack.co.uk/forums/index.php?s=f3bfcacbac0c1eba459283546fb127e9&showtopic=18064&st=150&p=89649&# “A perfect Flash file is the one that is never loaded by your […]

Read On 6 Comments

Malvertizing domains: go-scan-pro.com (and friends)…

October 19th 2008

Hit this one today: go-scan-pro.com - -Latvia, Vdhost LtdICANN Registar: REGTIME LTD.Created on: 7 October 2008NS: NS1.SITELUTIONS.COMNS: NS2.SITELUTIONS.COMRegistrant:   Petr Bernatzik   Email: feetecho@gmail.com   Organization: Bernatzik Co   Address: Dobevska 877/4   City: Praha   State: Kamyk   ZIP: 14300   Country: CZ   Phone: +420.60176712    Fax: Shared IP:1.  Cokiran.com 2.  Go-iascan.com 3.  Go-scan-pro.com 4.  Goscanpc.com 5.  Ia-free-scanner.com 6.  Ia-install-pro.com 7.  Ia-installs.com […]

Read On 3 Comments

Fraudware via SQL injection?

October 19th 2008

Nope, no surprise there. Cite: http://blogs.technet.com/mmpc/archive/2008/10/17/sql-injection-new-approach-for-win32-fakexpa.aspx Check out the exploits being used: * MDAC remote code execution (MS06-014)* ShockwaveFlash.ShockwaveFlash.9 exploit* WebViewFolderIcon setSlice() exploit (MS06-057)* Msdds.dll exploit (MS05-052)* Microsoft Works exploit (MS08-052)* Creative Software AutoUpdate Engine exploit* Online Media Technologies NCTsoft NCTAudioFile2 ActiveX buffer overflow* Ourgame GLWorld GLIEDown2.dll exploit* DirectAnimation.PathControl buffer overflow (MS06-067)    As for […]

Read On Comments Off on Fraudware via SQL injection?

Another Directi registered fraudware domain

October 16th 2008

It seems to me that Directi is not even close to cleaning up its act, and they certainly don’t seem to be keeping away from domains that are used to facilitate the distribution of fraudware.  Just over the past few days I have encountered quicktds.com (which had been registered since 16 Sept), pcvirusbuster.com (registered 7 […]

Read On 3 Comments