Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Another lesson in assessing the reliability of credit references

April 23rd 2009

ALERT:  Please treat any content from these domains with suspicion, and be very careful about any credit reference you receive that refers to: yourdirectmedia.com, atlantmedia, traffichunters, olympicmedia.net ads2revenue, adsrepublic, truemedian.com, readadsolutions.com, adsmanagement.com ALERT: Watch out for the impersonation of legitimate businesses in credit reference checks.  Details below. —– It is fascinating to watch the way […]

Read On Comments Off on Another lesson in assessing the reliability of credit references

ALERT: Please treat advertising at clevescene.net with extreme caution

April 22nd 2009

  Same old same old. A rhapsody advertisement.  Reported to clevescene URL of malvertizement: 72.167.208.179/adserver/www/images/rhapsody728x90.swf Adopstools results confirming malicious code: http://www.adopstools.com/index.asp?section=quicklink&id=IN91asr1bK1W3pv3  URLs encountered: hitoptimist.com/crossdomain.xml and: hitoptimist.com/c/index.php?<<redacted>> as well as: statsnclick.com/?cmpid=<<redacted>> From there we end up at: crustat.com/ts/in.cgi?<<redacted>> Before ending up at: pnfzetnax.net/pro/uspremorse/ Before ending up at the fraudware site: 78.47.132.220/cr/adv/142/index.html

Read On Comments Off on ALERT: Please treat advertising at clevescene.net with extreme caution

ALERT: Please treat advertising from letssingit.com with extreme caution

April 17th 2009

    Note, the malvertizement was reported to “kraz”, who is apparently responsible for advertising on the letssingit.com web site, a couple of days ago via the “Advertise on letssingit” contact form.  The advertisement was immediately removed. letssingit.com is hosting a malicious advertising featuring SWATCH as per this URL: includes.letssingit.com/ads/SWATCH300x250.swf Adopstools check: http://www.adopstools.net/index.asp?section=quicklink&id=8973swVapP174q1A The malvert […]

Read On Comments Off on ALERT: Please treat advertising from letssingit.com with extreme caution

ALERT: Please treat advertising from beyond.com with extreme caution

April 16th 2009

   Note: the malicious SWF has been reported to beyond.com.   Beyond.com is displaying a malicious advertisement with this URL: ads.beyond.com/banners/jobfox_468x60.swf   Adopstools test results for jobfox_468x60.swf: http://www.adopstools.com/index.asp?section=quicklink&id=4K57pJYUj1f874Sr "The file has a sprite/movieclip which is containing Malware actionScript code."   The malicious advertisement uses MovieClip.getURL to load the following URL: measurehits.com/?cmpid=<<redacted>>   The measurehits.com URL […]

Read On Comments Off on ALERT: Please treat advertising from beyond.com with extreme caution

ALERT: Please treat advertising content from checkm8.com with extreme caution

April 14th 2009

Reported to checkm8.com over 9 hours ago. Checkm8.com is serving several malicious advertisements that hijack web site visitors and redirect them to various fraudware web sites as follows. logiagroup.checkm8.com/data/478089/HP_728x90.swf logiagroup.checkm8.com/data/478091/HP_468x60.swf logiagroup.checkm8.com/data/479231/HP_300x250.swf logiagroup.checkm8.com/data/479237/HP_728x90.swf SWF analysis via Adopstools: adopstools.com/index.asp?section=quicklink&id=950rk4Ik9bh3WaWF adopstools.com/index.asp?section=quicklink&id=I7c2TVDD2X6zf9I7 adopstools.com/index.asp?section=quicklink&id=1bB5k3GOLOvb5iSN adopstools.com/index.asp?section=quicklink&id=aD6g49HnzyF8anGV Further information: logiagroup.checkm8.com/data/478089/HP_728x90.swf touches the following URLs: hitoptimist.com/c/index.php?id=<<redacted>> measurehits.com/?cmpid=<<redacted>> logiagroup.checkm8.com/data/478091/HP_468x60.swf touches the following URLs: hit-detect.com/c/index.php?id=<<redacted>> […]

Read On 1 Comment

HostFresh depeered?

April 2nd 2009

Cool!  They join Atrivo, McColo and UkrTelegroup in the “De-peered Hall of Shame”. Cite: http://securehomenetwork.blogspot.com/2009/03/rbn-domains-fleeing-hostfresh.html Cite: http://www.cidr-report.org/cgi-bin/as-report?as=AS23898&view=(null) Cite: http://www.robtex.com/as/as23898.html   BTW, in case you didn’t know, Brian Krebs published a report entitled “Rogue Antivirus Distribution Network Dismantled” on 20 March: “On Monday, Security Fix profiled TrafficConverter2.biz, a program that pays affiliates handsome commissions for spreading […]

Read On 2 Comments

traffichunters.net – a lesson in assessing the reliability of credit references

April 1st 2009

In a previous article I was able to draw a connection between Traffichunters and the infamous Innovative Marketing. It just so happens that I have a copy of a credit application form submitted by a representative of traffichunters.  This credit application form gave the following names and phone numbers as references: Olivia Davidson of MediaTraff […]

Read On Comments Off on traffichunters.net – a lesson in assessing the reliability of credit references

ALERT: malvertizement featuring Rhapsody (alternative title: Well well, they have a sense of humor….)

April 1st 2009

I’ve been taking a look-see at the latest malvertizement that has hit my desk (sourced from multiple IP addresses and received over several days) – it is a Rhapsody themed malvertizement that looks like this:   Visually the malvertizement is identical to one that was circulating at least a year ago. The malvertizements are hitting […]

Read On 2 Comments

IE8 has hit Microsoft Update and Windows Update

April 1st 2009

Cite: http://support.microsoft.com/kb/894199/en-us  (Offers to existing IE8 Beta and RC users only)   For those of you that need it: IE8 Group Policy spreadsheet Toolkit to Disable Automatic Delivery of Internet Explorer 8 Using and troubleshooting the IE8 blocker toolkit How to set IE8 blocker policy

Read On Comments Off on IE8 has hit Microsoft Update and Windows Update


Archives