Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Internet Explorer 8 Release Candidate 1 has been released

January 26th 2009

So far, so good on my systems. The install was quick, although there was a disconcertingly long period, during the restart after RC1 was installed, when my primary system displayed a black screen. The nervous or impatient could conceivably do some damage if they powered down the system during that time. As always, don’t forget […]

Read On Comments Off on Internet Explorer 8 Release Candidate 1 has been released

DIRECTI responds re inaccurate WHOIS complaint time frames

January 26th 2009

15 days, so they say:   My response? “This is not good enough.  The domains can be used to facilitate fraud for 15 days? At the very least, posnerpromotion.com should have been isolated before now. posnerpromotion.com redirects to posneradv.com, AND posneradv.com is displaying an alert warning that posnerpromotion.com is being used to impersonate posneradv.com.  This […]

Read On 1 Comment

Unhelpful error message….

January 26th 2009

    Uh, thanks for that (software name obscured to protect me from the not-so-innocent)  ;o)

Read On Comments Off on Unhelpful error message….

Irritating advertisement!!!

January 26th 2009

Seen (and heard) at 123greetings.com:   Not only does the pictured advertisement flash and bounce, it DINGS, and it keeps on DINGING, sounding exactly like the Windows Error sound effect.  The sound is so intrusive that my husband came in to my office from another room to ask me what was wrong with my computer!  […]

Read On 2 Comments

Oh dear, oh dear, oh dear…

January 26th 2009

Its amazing what we find sometimes… WARNING: I am assuming that my readers are smart enough to *NOT* visit the victim site, or the malicious URLs, without hefty protection in place, yes?  In fact, don’t go there at all unless you are willing to reformat your computer, potentially without being able to back up your […]

Read On Comments Off on Oh dear, oh dear, oh dear…

DIRECTI finally agree to act

January 22nd 2009

  I sent an email to DIRECTI on the same day that I wrote this blog post: http://msmvps.com/blogs/spywaresucks/archive/2009/01/21/1663955.aspx The email said, essentially, the same thing that I said in that blog post. As you can see, they have initiated a “whois inaccuracy complaint” against the domains quigley-simpson.net, hyundai-inc.com, mediavest-corp.com, posnerpromotion.com & singlesnet-inc.com. Frankly, they should […]

Read On 9 Comments

DIRECTI responds to my complaint about the impersonation of domains/businesses

January 20th 2009

  As you can see from their email, DIRECTI advise that they suspended prolinar.com on 19 January for “Inaccurate whois details”.  It should be noted that I reported on 16 January that prolinar.com had already disappeared from its previous IP address, and not reappeared with a new IP.  So, no kudos for DIRECTI – they […]

Read On 4 Comments

Spotting the bad guys…

January 19th 2009

It is very important to be familiar with the traits and suspicious behaviour/signs common to domains associated with malware, fraudware and malvertizing, affiliate misbehaviour and whatnot. By studying what the bad guys are doing, and how they do it, and the domains that they are using, we can build a dossier of features common to […]

Read On 2 Comments

ALERT: Please treat all content from topstarmedia.net and osmedlin.com with extreme caution – do we find DIRECTI? Yes we do!

January 16th 2009

I received an email alert today reporting that topstarmedia.net is supplying JavaScript code for advertising campaigns as follows: osmedlin.com/?id=<<removed>> To quote my correspondent, topstarmedia’s approach had "[a]ll the hallmarks- 5 figure budget, launch on a Friday, immediately, etc." topstarmedia.net ICANN Registrar: Oneandone Created: 31 August 2008 nserver: ns2.3fn.net nserver: dns346.3fn.net IP: – […]

Read On Comments Off on ALERT: Please treat all content from topstarmedia.net and osmedlin.com with extreme caution – do we find DIRECTI? Yes we do!

Glowing brain malvertizement – and, once again, we find DIRECTI

January 14th 2009

  Adopstools results: http://www.adopstools.net/index.asp?page=quicklink&id=26gBv5P94L5CW849  Touches the domain adclickmate.net Registrar: DIRECTI (yet again) Created 24 March 2008 NS1.ADCLICKMATE.NET NS2.ADCLICKMATE.NET IP: – Germany, Netdirekt WHOIS hidden behind privacy protect     Domain originally registered via ESTDOMAINS – WHOIS protection temporary removed around late August 2008, which revealed: Domain Corp. Jacob Tua (jackyouthere@gmail.com) Maltiskam 12-67 Belgrade Belgrade, […]

Read On Comments Off on Glowing brain malvertizement – and, once again, we find DIRECTI