Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Lifestyles of the Rich and Infamous, and an update about the status of the FTC versus Innovative Marketing et al lawsuit

February 10th 2009

I’ll include some history of events so that you can get a sense of perspective with regards to the time frame around these events.   It is especially important to note that the FTC lawsuit is not the only problem that Jain is facing.  He has been indicted in the State of California and is facing […]

Read On 1 Comment
Read On 2 Comments

I just knew I’d find DIRECTI in there somewhere…

February 2nd 2009

Sunbelt reports that there is a new fraudware domain, being ie-security.com. Let’s look at the domain details for ie-security.com: ICANN Registrar: BIZCN.COM, Inc (a name that is appearing far too often in association with malware) Date created: 22 January 2009 NS1.IE-SECURITY.COM NS2.IE-SECURITY.COM IP: – Los Angeles, Atmlink Inc Shares IP with magavidon.cn, secured-software-order.com, webfreescan.cn […]

Read On 1 Comment

More information about Olympic Media shenanigans

February 2nd 2009

Ok, when the hijack triggered via the Olympic Media supplied javascript URL that I mentioned in my previous article triggers successfully we hit: admediastats.com/ts/in.cgi?{{redacted}} From there we end up at sg12scanner.com/{{redacted}} From there to dlsg09.com/sysgd09/install.php?track_id={{redacted}} Javascript in use: sg12scanner.com/js/jquery-1.2.5.pack.js sg12scanner.com/js/jquery.timers.js (just for fun I will point out that that the JS contains the comment "Yeah […]

Read On Comments Off on More information about Olympic Media shenanigans

Olympic Media are still active

February 1st 2009

I’ve warned about Olympic Media several times – they continue to be active. The latest reports indicate they are claiming to be operating out of Canada and are supplying javascript code referring to admin.securityclick.net as follows:     Other domains being used are onlinepromostats.com and admediastats.com. This type of trickery, supplying javascript pointing to malicious […]

Read On 3 Comments

Malvertizing at realtor.com?

February 1st 2009

I have received two independent reports, several days apart, of a possible malvertizement problem at realtor.com.  If anybody can grab evidence, using Fiddler or your network capture software of choice, we’ll be grateful to hear from you so that we can identify the malvert(s) and get it (them) shut down.

Read On Comments Off on Malvertizing at realtor.com?