So far, so good on my systems. The install was quick, although there was a disconcertingly long period, during the restart after RC1 was installed, when my primary system displayed a black screen. The nervous or impatient could conceivably do some damage if they powered down the system during that time. As always, don’t forget […]
15 days, so they say: My response? “This is not good enough. The domains can be used to facilitate fraud for 15 days? At the very least, posnerpromotion.com should have been isolated before now. posnerpromotion.com redirects to posneradv.com, AND posneradv.com is displaying an alert warning that posnerpromotion.com is being used to impersonate posneradv.com. This […]
Uh, thanks for that (software name obscured to protect me from the not-so-innocent) ;o)
Seen (and heard) at 123greetings.com: Not only does the pictured advertisement flash and bounce, it DINGS, and it keeps on DINGING, sounding exactly like the Windows Error sound effect. The sound is so intrusive that my husband came in to my office from another room to ask me what was wrong with my computer! […]
Its amazing what we find sometimes… WARNING: I am assuming that my readers are smart enough to *NOT* visit the victim site, or the malicious URLs, without hefty protection in place, yes? In fact, don’t go there at all unless you are willing to reformat your computer, potentially without being able to back up your […]
I sent an email to DIRECTI on the same day that I wrote this blog post: http://msmvps.com/blogs/spywaresucks/archive/2009/01/21/1663955.aspx The email said, essentially, the same thing that I said in that blog post. As you can see, they have initiated a “whois inaccuracy complaint” against the domains quigley-simpson.net, hyundai-inc.com, mediavest-corp.com, posnerpromotion.com & singlesnet-inc.com. Frankly, they should […]
As you can see from their email, DIRECTI advise that they suspended prolinar.com on 19 January for “Inaccurate whois details”. It should be noted that I reported on 16 January that prolinar.com had already disappeared from its previous IP address, and not reappeared with a new IP. So, no kudos for DIRECTI – they […]
It is very important to be familiar with the traits and suspicious behaviour/signs common to domains associated with malware, fraudware and malvertizing, affiliate misbehaviour and whatnot. By studying what the bad guys are doing, and how they do it, and the domains that they are using, we can build a dossier of features common to […]
I received an email alert today reporting that topstarmedia.net is supplying JavaScript code for advertising campaigns as follows: osmedlin.com/?id=<<removed>> To quote my correspondent, topstarmedia’s approach had "[a]ll the hallmarks- 5 figure budget, launch on a Friday, immediately, etc." topstarmedia.net ICANN Registrar: Oneandone Created: 31 August 2008 nserver: ns2.3fn.net 216.195.48.10 nserver: dns346.3fn.net 216.195.56.230 IP: 216.195.57.52 – […]
Adopstools results: http://www.adopstools.net/index.asp?page=quicklink&id=26gBv5P94L5CW849 Touches the domain adclickmate.net Registrar: DIRECTI (yet again) Created 24 March 2008 NS1.ADCLICKMATE.NET NS2.ADCLICKMATE.NET IP: 212.95.37.133 – Germany, Netdirekt WHOIS hidden behind privacy protect Domain originally registered via ESTDOMAINS – WHOIS protection temporary removed around late August 2008, which revealed: Domain Corp. Jacob Tua (jackyouthere@gmail.com) Maltiskam 12-67 Belgrade Belgrade, […]