Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

More smoke and mirrors by the bad guys

December 15th 2008

They can run, but they can’t hide…   The most recent WHOIS manipulation by the bad guys is… “noo” (moon.serg@gmail.com) to “Netfinanceconsult Inc”, Linda A Dingman (netfinancecon@yahoo.com) automated-search.com, automationfind.com, under-search.com   “Billy A Schmitt” aka “John Brisbone” (larsonown@gmail.com) to “Moniker, Privacy Services” getmosales.com   “Serg Moon” (moon.serg@gmail.com) to “John Brisbone” (larsonown@gmail.com) statworld.net, officialstat.com, statgroup.net, stathisranch.com, […]

Read On Comments Off on More smoke and mirrors by the bad guys

Lawyers given permission to serve debtors with default judgement through Facebook

December 15th 2008

“TWO friends who defaulted on a six-figure loan are about to find out through their Facebook page a mortgage lender’s lawyers are on their trail. In an Australian and possibly world first, two lawyers have won a court order to allow them to serve a default judgment through Facebook. After failing to serve the court […]

Read On Comments Off on Lawyers given permission to serve debtors with default judgement through Facebook

safepaymentsonline.com – down the rabbit hole we go…

December 14th 2008

I have been taking a look at the site safepaymentsonline.com because a report of naughtiness was received.  Here is what I found: Current WHOIS: ICANN Registrar: TLDS, LLC DBA SRSPLUSDomain created: 8 April 2008NS1, 2, 3, 4.SAFEPAYMENTSONLINE.COMIP: 216.195.56.148 (Oregon – Portland – Aps Telecom)Registrant: Markus Simpson (further details hidden behind SRSPlus Private Registration) Sharing IP […]

Read On 1 Comment

This is interesting – did McColo’s demise lead to a massive drop in retail fraud?

December 14th 2008

Thanks to Fergie for the tip… Brian Krebs has reported that Ori Eisen, founder of 41st Parameter, has told Brian that Ori’s company experienced a massive drop in the fraudulent activity affecting its customers on the very day that McColo was shut down – a drop that Ori values at close to a quarter of […]

Read On Comments Off on This is interesting – did McColo’s demise lead to a massive drop in retail fraud?

ALERT: Treat all content from Servedad with extreme caution

December 13th 2008

I have said it before, but I’ll say it again – PLEASE TREAT ALL CONTENT FROM SERVEDAD WITH EXTREME CAUTION!! They look innocent enough *today* if you check their WHOIS.  The ICANN Registrar is listed as Regtime, the domain created in June 2007, Registrar is a “Tom Reber” (tomasreber@yahoo.com) and the name is not associated […]

Read On Comments Off on ALERT: Treat all content from Servedad with extreme caution

ALERT: IE7 Zero Day security exploit

December 11th 2008

Update: Attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Windows Internet Explorer 5.01 Service Pack 4, Windows Internet Explorer […]

Read On 4 Comments

ALERT: malvertizement featuring Best Western

December 10th 2008

Detectable by adopstools:http://www.adopstools.net/index.asp?page=quicklink&id=OTfPElP8UO2czuD9 The malvertizement hits the following domains: profitabill.comab-outstat.net I also see hits on: onlinestatsmanager.comprotected-web-space.comscan.freeantispyware-scanner.comsystem-scanner.org               profitabill.com —–ICANN Registrar: ENOM, IncCreated 25 March 2008NS1,2,3,4.PROFITABILL.COMIP: 213.189.9.228- Noord-holland, Amsterdam, Trancepitt ServicesRegistrant: “noo”, Serg Moon, moon.serg@gmail.com (associated with 104 domains)—– ab-outstat.net —–ICANN Registrar: ENOM, IncCreated 10 October 2008NS1,2.AB-OUTSTAT.NETIP: 79.135.187.70 – Turkey, […]

Read On 4 Comments

Announcement: the FTC goes after those behind "Winfixer" fraudware

December 10th 2008

The FTC has announced that it has filed a lawsuit targeting the miscreants behind the fraudware/scareware commonly known as “Winfixer”.  The FTC are suing Innovative Marketing, Inc., also d/b/a Billingnow, BillPlanet PTE Ltd., Globedat, Innovative Marketing Ukraine, Revenue Response, Sunwell, Synergy Software BV, Winpayment Consultancy SPC, Winsecure Solutions, and Winsolutions FZ-LLC; ByteHosting Internet Services, LLC; […]

Read On 3 Comments

More movement from Serg Moon to John Brisbone

December 9th 2008

officialstat.net, stat-diagnostic-imaging.net, staticglobalsources.com, staticglobalsources.net, station-appraisals.com, statsla.net

Read On Comments Off on More movement from Serg Moon to John Brisbone

Malvertizing at variety.com?

December 9th 2008

Cite: http://www.google.com/support/forum/p/Webmasters/thread?tid=612707351ed6b298&hl=en I disagree with the theory being espoused by some in that thread (that the site is hacked and/or htaccess has been manipulated).  This is because: the thread author is complaining that the redirects are occurring as he browses the site it is not affecting anybody else who has posted to the thread Such […]

Read On Comments Off on Malvertizing at variety.com?


Archives