Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Spot the similarities

November 28th 2008

What I am trying to do is show my readers not only where malvertizements are coming from and what they look like, what they do and how they work, but also reveal the ties that bind between the various domains associated with the facilitation of malvertizing.  You would be surprised how often the same names, […]

Read On Comments Off on Spot the similarities

ALERT: change of domain details – newstat.net

November 28th 2008

Those of us who are regular readers of my blog will know that newstat.net has been associated with malvertizing in the past.  Its WHOIS details have recently been changed. Old details: SergMoonmoon.serg@gmail.comKrokus str.AmsterdamNL31 334558757 New details: John Brisbone  (larsonown@gmail.com)Active Solutions8255 S Michigan Ave  Chicago, IL  60608US5676876812 John Brisbone is associated with 3 other domains: aboutstat.net, […]

Read On Comments Off on ALERT: change of domain details – newstat.net

Directi has taken over Estdomains’ Registrar operations

November 25th 2008

  Announcement:http://www.icann.org/en/announcements/announcement-25nov08-en.htm It is important to note that Estdomains designated Directi as its successor.  This is despite the fact that Directi apparently dumped Estdomains as a client a while back (see “Historical Stuff” below). It will be very interesting to watch developments going forward.  What Registrar will the fraudsters use from now on?  Will Directi […]

Read On Comments Off on Directi has taken over Estdomains’ Registrar operations

ALERT: Malvertizement at Expedia.com

November 23rd 2008

Expedia have been alerted. Details here:http://www.mikeonads.com/2008/11/23/malvertisement-on-expediacom/ It looks identical to the malvert at allrecipes.com discussed here:http://www.bluetack.co.uk/forums/index.php?s=6152c183e90c1f780588775106ba8be6&showtopic=18064&st=180&p=89945&# Some of the same domains are used, prolinar.com and clicksoverview.com.  The fraudware domain is also the same, antivirusdefense.com. prolinar.com ICANN Registrar: ESTDOMAINSCreated: 18 November 2008NS57.1AND1.COMNS58.1AND1.COM IP: – United States – 1&1 Internet IncRegistrant: Thomas Schultz (ts8317@googlemail.com) vernariostar.com ICANN […]

Read On 2 Comments

The Julie Amero saga is finally over

November 21st 2008

But, she had to agree to plead guilty to a misdemeanor charge of “disorderly conduct”, to finally see an end to her nightmare.  She had to pay a fine of $100 and give up her license to teach in Connecticut. Cite: http://sunbeltblog.blogspot.com/2008/11/breaking-julie-amero-horror-is-over.html The Prosecutor, David Smith, added insult to injury by saying to the Court […]

Read On Comments Off on The Julie Amero saga is finally over

Fraudware detected on 994,061 computers

November 20th 2008

As reported by Microsoft:http://blogs.technet.com/mmpc/archive/2008/11/19/msrt-review-on-win32-fakesecsen-rogues.aspx The figures relate to what Microsoft has labelled “Win32/FakeSecSen”.  That figure does not (I think) encompass all of the fraudware (fake security software) products that are out there. Just imagine, if you will, if just 1% of the owners of those detected machines were fooled into buying the fraudware software at […]

Read On Comments Off on Fraudware detected on 994,061 computers

ALERT: Malvert at allrecipes.com

November 20th 2008

Kimberley isn’t happy… and I can understand her frustration:http://www.bluetack.co.uk/forums/index.php?s=7d7ef61461f02f49b016aa0af2e61fce&showtopic=18064&st=180&p=89945&#entry89945

Read On Comments Off on ALERT: Malvert at allrecipes.com

Update about plans for Internet Explorer 8

November 19th 2008

This announcement was posted to the IE Team Blog a short while ago: “We will release one more public update of IE8 in the first quarter of 2009, and then follow that up with the final release. Our next public release of IE (typically called a “release candidate”) indicates the end of the beta period. […]

Read On 1 Comment

Software Package Supplied By Lenovo Contained Malware

November 19th 2008

Yep, yet another quality assurance/security procedure breakdown. Via Cyberinsecure:http://cyberinsecure.com/software-package-supplied-by-lenovo-contained-malware/ And ZDNET:http://blogs.zdnet.com/security/?p=2203 “The malicious file was identified by Microsoft as Win32/Meredrop, a Trojan dropper that is used to install and execute multiple malicious executables on an infected computer. Other anti-virus vendors are detecting the threat as a virus or a porn dialer.”

Read On Comments Off on Software Package Supplied By Lenovo Contained Malware

ALERT: Two malvertizements seen at Spaces (not skydrive) and Hotmail…

November 18th 2008

Edit: BTW, it is Spaces and Hotmail – I haven’t seen the malvert at Skydrive yet. Kimberley saw the first one, a malvertizement featuring perfectmatch.com: I have discovered another malvertizement featuring IMIN – we have seen this advert several times in recent days in different places: Details of hijack: IMIN malvertizement undetectable using adopstoolshttp://www.adopstools.com/index.asp?page=quicklink&id=j5WPzf37aZeMUVbT Encrypted […]

Read On 2 Comments