Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Malvertizement featuring americansingles.com

October 15th 2008

Malicious URL:mystats.com/crossdomain.xml mystats.com – IP 208.87.33.150 – Bahamas – Secure Hosting LtdICANN Registrar: FABULOUS.COM PTY LTDCreated 23 July 1997NS: NS1.HITFARM.COMNS: NS2.HITFARM.COMNS: NS3.HITFARM.COM Reverse IP – reverse DNS – wc40-main.medialogik.com1,156,828 domains at the same IP address!!!! 208.87.33.% – 1,156,841 domains !!! medialogik.com – 72.51.27.100 – British Columbia – Vancouver – Nameview Inc ICANN Registrar: Nameview IncCreated […]

Read On Comments Off on Malvertizement featuring americansingles.com

Malvertizement featuring Suzuki…

October 15th 2008

            Malicious URL:track.megaplexer.com/statsa.php?campaign=<<snipped>> ICANN Registrar: Estdomains, IncCreated: 7 April 2003NS: NS1.MEGAPLEXER.COMNS: NS2.MEGAPLEXER.COMRegistrant:Vasil pentykovich(leonardo126@gmail.com – associated with 22 domains)Ny tipa normalnij addressShobloOther,20365PRTel. +023.2569856Fax. +023.5565599 Domain suspended – previous IP 64.15.157.119 64.15.157.119 – Canada Iweb Dedicated Cl

Read On Comments Off on Malvertizement featuring Suzuki…

Malvertizement featuring Skype – again

October 15th 2008

Malicious URLS: s-tatetstr.com/crossdomain.xml s-tatetstr.com/c/index.php?id=<<snipped>> s-tatetstr.com – 92.62.100.27 – – Estonia – Starline Web ServicesICANN Registrar – TLDS, LLC DBA SRSPLUSCreated: 25 September 2008NS: NS1.S-TATETSTR.COMNS” NS2.S-TATETSTR.COMRegistrant:        Sagent Group (adminsagent@gmail.com) associated with about 86 other domains        Sagent Group Ltd.        Guzel street, 45          Belize City, NONE  NONE        BZ        698-456-324 IP currently listed in Spamhaus:http://www.spamhaus.org/SBL/sbl.lasso?query=SBL66912 Sharing IP range […]

Read On 1 Comment

A quick update about some bad Directi registered domains

October 15th 2008

The bad guys were mentioned here:http://msmvps.com/blogs/spywaresucks/archive/2008/10/14/1650776.aspx quicktds.name – 216.240.134.211 – California – Irvine – Go2online CorpICANN Registrar – Directi Internet SolutionsCreated 16 September 2008NS: NS1.STARTED.RU (now NS1.SUSPENDED-DOMAIN.COM)NS: NS2.STARTED.RU (now NS2.SUSPENDED-DOMAIN.COM)Registrant: Previously hidden behind privacyprotect.orgWHOIS now reveals: Registrant:     Vladislav A. Ternov (vladislavternov@googlemail.com) – email address associated with 4 domains.    Dimeevskaya 20 kv.134    Odessa    Odess’ka,65000    UA    […]

Read On 1 Comment

Flash Player 10 has been released – please install

October 15th 2008

Announced just a short while ago:http://blogs.adobe.com/psirt/2008/10/security_bulletin_for_flash_pl.html As my regular readers know, there are security changes in Flash 10 that *may* impact on the ever problem malvertizements that have been a too-regular topic on this blog (btw, I received an email this morning from an AV company contact to warn me that bloomberg.com has been affected […]

Read On 3 Comments

ZoneAlarm may block internet access when security update MS08-066 is installed

October 15th 2008

Heads up – this is the affected patch MS08-066: Vulnerability in the Microsoft Ancillary Function driver could allow elevation of privilegehttp://support.microsoft.com/kb/956803 Yes, this has happened before. See this ZoneAlarm announcement:http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html From what I understand, ZA 7.0.483.000 is not affected. Thanks to Susan, Robear and Bill 🙂

Read On Comments Off on ZoneAlarm may block internet access when security update MS08-066 is installed

FTC Shuts Down, Freezes Assets of Vast International Spam E-Mail Network

October 14th 2008

Quote: “A U.S. district court has ordered a halt to the operations of a vast international spam network that peddled prescription drugs and bogus male-enhancement products. The network has been identified as the largest “spam gang” in the world by the anti-spam organization Spamhaus. The Federal Trade Commission has received more than three million complaints […]

Read On Comments Off on FTC Shuts Down, Freezes Assets of Vast International Spam E-Mail Network

Go and get thee patched

October 14th 2008

Here are the October patches. Cumulative Security Update for Internet Explorerhttp://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx The IE cumulative update address several vulnerabilities, 4 of which are rated as critical.  The critical patches affect Windows 2000 SP4 with IE5.01 SP4 and IE6 SP1, as well as XPSP2, XPSP3, XPx64 and XPx64 SP2 (IE6) Vulnerability in Microsoft Office Could Allow Information […]

Read On Comments Off on Go and get thee patched

ALERT: a malvertizement redirect that does not use malicious advertising…

October 14th 2008

The details are below – you will see that a lot of information is redacted. That is because the bad guys *DO* read this blog, and I don’t like to make things too easy for them. The site owner asked for help and has been sent advice on what to look for and what to […]

Read On 1 Comment

Clipboard hijackings continue – incidents seen at photobucket.com and forums.guru3d.com

October 12th 2008

Kimberley pinged me about the incidents -she has a write-up here:http://www.bluetack.co.uk/forums/index.php?s=&showtopic=18064&view=findpost&p=89528 I haven’t been able to reproduce the problem so can’t confirm what the source is.  There are a couple of things to bear in mind when examining incidents such as this one. If affected by the clipboard hijack, you will not regain control of […]

Read On 1 Comment


Archives