What I am trying to do is show my readers not only where malvertizements are coming from and what they look like, what they do and how they work, but also reveal the ties that bind between the various domains associated with the facilitation of malvertizing. You would be surprised how often the same names, […]
Those of us who are regular readers of my blog will know that newstat.net has been associated with malvertizing in the past. Its WHOIS details have recently been changed. Old details: SergMoonmoon.serg@gmail.comKrokus str.AmsterdamNL31 334558757 New details: John Brisbone (larsonown@gmail.com)Active Solutions8255 S Michigan Ave Chicago, IL 60608US5676876812 John Brisbone is associated with 3 other domains: aboutstat.net, […]
Announcement:http://www.icann.org/en/announcements/announcement-25nov08-en.htm It is important to note that Estdomains designated Directi as its successor. This is despite the fact that Directi apparently dumped Estdomains as a client a while back (see “Historical Stuff” below). It will be very interesting to watch developments going forward. What Registrar will the fraudsters use from now on? Will Directi […]
Expedia have been alerted. Details here:http://www.mikeonads.com/2008/11/23/malvertisement-on-expediacom/ It looks identical to the malvert at allrecipes.com discussed here:http://www.bluetack.co.uk/forums/index.php?s=6152c183e90c1f780588775106ba8be6&showtopic=18064&st=180&p=89945&# Some of the same domains are used, prolinar.com and clicksoverview.com. The fraudware domain is also the same, antivirusdefense.com. prolinar.com ICANN Registrar: ESTDOMAINSCreated: 18 November 2008NS57.1AND1.COMNS58.1AND1.COM IP: 74.208.131.124 – United States – 1&1 Internet IncRegistrant: Thomas Schultz (ts8317@googlemail.com) vernariostar.com ICANN […]
But, she had to agree to plead guilty to a misdemeanor charge of “disorderly conduct”, to finally see an end to her nightmare. She had to pay a fine of $100 and give up her license to teach in Connecticut. Cite: http://sunbeltblog.blogspot.com/2008/11/breaking-julie-amero-horror-is-over.html The Prosecutor, David Smith, added insult to injury by saying to the Court […]
As reported by Microsoft:http://blogs.technet.com/mmpc/archive/2008/11/19/msrt-review-on-win32-fakesecsen-rogues.aspx The figures relate to what Microsoft has labelled “Win32/FakeSecSen”. That figure does not (I think) encompass all of the fraudware (fake security software) products that are out there. Just imagine, if you will, if just 1% of the owners of those detected machines were fooled into buying the fraudware software at […]
Kimberley isn’t happy… and I can understand her frustration:http://www.bluetack.co.uk/forums/index.php?s=7d7ef61461f02f49b016aa0af2e61fce&showtopic=18064&st=180&p=89945&#entry89945
This announcement was posted to the IE Team Blog a short while ago: “We will release one more public update of IE8 in the first quarter of 2009, and then follow that up with the final release. Our next public release of IE (typically called a “release candidate”) indicates the end of the beta period. […]
Yep, yet another quality assurance/security procedure breakdown. Via Cyberinsecure:http://cyberinsecure.com/software-package-supplied-by-lenovo-contained-malware/ And ZDNET:http://blogs.zdnet.com/security/?p=2203 “The malicious file was identified by Microsoft as Win32/Meredrop, a Trojan dropper that is used to install and execute multiple malicious executables on an infected computer. Other anti-virus vendors are detecting the threat as a virus or a porn dialer.”
Edit: BTW, it is Spaces and Hotmail – I haven’t seen the malvert at Skydrive yet. Kimberley saw the first one, a malvertizement featuring perfectmatch.com: I have discovered another malvertizement featuring IMIN – we have seen this advert several times in recent days in different places: Details of hijack: IMIN malvertizement undetectable using adopstoolshttp://www.adopstools.com/index.asp?page=quicklink&id=j5WPzf37aZeMUVbT Encrypted […]