Published by

Comments

# Plagiarism and intellectual theft...

Friday, November 10, 2006 6:56 AM by Spyware Sucks
pcbutts is, once again, stealing other people's work and passing it off as his own, and once again,

# re: Oh Google make up your mind

Tuesday, November 21, 2006 5:39 AM by sandi

Is it advertising? My understanding is that Google Analytics is purely an analytical service - no advertising by Google and no income stream for the person embedding the analytics.  Basically, a hit counter on steroids.

# re: Oh Google make up your mind

Tuesday, November 21, 2006 6:48 AM by winhelp2002

Perhaps "advertising" was the wrong choice of words ... however they are still providing a service to a site marked as harmful content.

WinHelp2002

# re: Scumbag vs. Scumbag

Tuesday, December 19, 2006 12:27 AM by sandi

@Mike - you say of Circle Distribution that "their work-around was to rip-off the entries from my HOSTS file and insert them into their own version of a HOSTS file".  Can you explain further? How can you tell that the URLs were from you HOSTS file?

Your comment about RightMedia is a good point, and I'm wondering what RightMedia would have to say about the situation if they knew.

I'm interested in any info you can provide about RightMedia - maybe we should start focusing on them as well, if they're the primary source of the winfixer malware advertisements, with Circle Distribution being a conduit.  You have my email address ;o)

# When Sites are Hacked visitors get whacked

Sunday, January 14, 2007 11:48 PM by Hosts News

It looks like another Game site got hacked and one line of HTML code was added to their site, which will

# Article Feed » Updating the HOSTS file in Windows Vista

Monday, February 19, 2007 3:15 PM by Article Feed » Updating the HOSTS file in Windows Vista

PingBack from http://www.articlefeed.net/updating-the-hosts-file-in-windows-vista/

# Updating the HOSTS file in Windows Vista using SendTo

Friday, February 23, 2007 1:23 AM by Hosts News

Previously I had reported the problems updating the HOSTS file in Windows Vista ... well I've come up

# Article Feed » Updating the HOSTS file in Windows Vista using SendTo

PingBack from http://www.articlefeed.net/updating-the-hosts-file-in-windows-vista-using-sendto/

# Windows ReadyBoost

Monday, April 02, 2007 11:15 AM by Connected to Vista Bookmarks

Boost Windows Vista system performance with ReadyBoost Is your flash drive fast enough for Vista’s ReadyBoost?

# The ongoing winfixer saga

Sunday, April 22, 2007 2:27 AM by Spyware Sucks

So, what do we do about an advertising network like ValueClick that will not clean up its act? A network

# The ongoing winfixer saga

Sunday, April 22, 2007 4:36 AM by Spyware Sucks

So, what do we do about an advertising network like ValueClick that will not clean up its act? A network

# The ongoing winfixer saga

Sunday, April 22, 2007 4:37 AM by Spyware Sucks

So, what do we do about an advertising network like ValueClick that will not clean up its act? A network

# The ongoing winfixer saga

Monday, April 23, 2007 4:54 PM by Spyware Sucks

So, what do we do about an advertising network like ValueClick that will not clean up its act? A network

# Winfixer and ValueClick – an oft appearing association

Thursday, April 26, 2007 6:54 PM by Spyware Sucks

My regular readers will remember my various articles about the Winfixer infiltration of the AOL and MSN

# Winfixer and ValueClick – an oft appearing association

Saturday, April 28, 2007 11:38 PM by Spyware Sucks

My regular readers will remember my various articles about the Winfixer infiltration of the AOL and MSN

# re: Yahoo! to Acquire Right Media

Friday, May 04, 2007 2:53 AM by RS

Terry's decision-making on this matter explains a wealth of other user satisfaction problems across the board at yahoo.  Reda the suggestion forums for Y! Ansers and Y! Groups sometime.  You can see them trying but you can't see them getting it right very often.  

Usually, when things start to get problematic for the end users, it the people at the top that are the real problem.  

# Valueclick and Winfixer... the association continues

Sunday, May 06, 2007 8:10 AM by Spyware Sucks

Mike Burgess reports that ValueClick is not cleaning up their act: msmvps.com/.../hostsnews

# MalwareTeks Blog : It’s a Cookie, Just Delete It!

Monday, May 07, 2007 5:24 PM by MalwareTeks Blog : It’s a Cookie, Just Delete It!

Pingback from  MalwareTeks Blog : It’s a Cookie, Just Delete It!

# Winfixer and ValueClick – an oft appearing association

Wednesday, May 09, 2007 2:53 AM by Spyware Sucks

My regular readers will remember my various articles about the Winfixer infiltration of the AOL and MSN

# re: Blog Spammers examined

Thursday, May 10, 2007 4:11 AM by sandi

They've been hacked again? I'm sure that has happened before.

Yep, back in February, and in March (twice).

www.google.com/search

# re: Blog Spammers examined

Thursday, May 10, 2007 7:49 AM by Rod Trent

I've given up on TabletPCBuzz.  That site has been hacked more times than I can count.  I believe the owner is an MVP blogging on this site?  At least, that's where I've seen the posts about the site being hacked -- is on this site.  So, it goes to reason that you are seeing the affects of someone here pulling in additional Spam content.

# Who is behind all these Codec sites?

Wednesday, May 16, 2007 2:44 PM by Hosts News
While investigating yet another Trojan.Zlob codec site passtosites(dot)net ... it makes you wonder what

# ValueClick involved with Trojan.Zlob.N

Friday, May 18, 2007 3:46 AM by Hosts News
Following up on a recent Symantec security article Trojan.Zlob.N ... notice that several of the posted

# ValueClick turns to the Dark Side

Friday, May 18, 2007 9:12 AM by Hosts News
Following up on my previous post , I found a post that better describes the damage that Trojan.Zlob.N

# 1. ValueClick and malware - the problem continues 2. The FTC investigates ValueClick

Saturday, May 19, 2007 12:42 AM by Spyware Sucks
ValueClick seems to be facilitating more than the distribution of malware like Winfixer. Check out Mike's

# 1. ValueClick and malware - the problem continues 2. The FTC investigates ValueClick

Saturday, May 19, 2007 12:42 AM by Spyware Sucks
ValueClick seems to be facilitating more than the distribution of malware like Winfixer. Check out Mike's

# FTC Note: ValueClick turns to the Dark Side | READER: Security

Pingback from  FTC Note:  ValueClick turns to the Dark Side  |  READER: Security

# re: When Hosting Services fail to act

Friday, May 25, 2007 8:45 AM by Aaron

I would imagine that there is a line some ISP do not want to cross when dealing with paying customers and the content they serve.  No matter how morally/ethically reprehensible the content may be.

# re: When Hosting Services fail to act

Friday, May 25, 2007 3:56 PM by Nytka

Yes, you are right that there is a line that some ISP do not want to cross, when it comes to paying customers. It's all about business and money after all, which is a bit sad.

# ValueClick cuts ties with the WinFixer Group

Friday, May 25, 2007 5:18 PM by Hosts News

There has been no official notice yet but it looks like ValueClick has severed it's ties with the

# re: ValueClick cuts ties with the WinFixer Group

Friday, May 25, 2007 9:40 PM by sandi

Interesting.  It's time to start monitoring the site's traffic rankings, and watch for changes (and any reappearance of mediaplex)

# ValueClick Reform or Afraid of the FTC? | Security News

Saturday, May 26, 2007 10:33 PM by ValueClick Reform or Afraid of the FTC? | Security News

Pingback from  ValueClick Reform or Afraid of the FTC?  |  Security News

# Valueclick and Winfixer continue to be a problem

Thursday, May 31, 2007 8:29 AM by Spyware Sucks

Mike Burgess was hopeful that Valueclick had cut ties with Winfixer. msmvps.com/.../hostsnews

# Visiting the StopBadware Database

Saturday, June 02, 2007 9:20 AM by Hosts News

In light of several reports lately about the amount of Malware sites that now exist, I thought I'd

# re: MVPS HOSTS File Update 06-14-07

Tuesday, June 19, 2007 4:37 PM by Steve

Any idea why some XP systems choke on big hosts files?

I use your hosts file on my XP Pro laptop and I love it.  When I installed it on my XP Pro desktop at home I found that the processor usage spiked to 100%.  The system was so busy I coudln't even get into a prompt or notepad to edit the hosts file to trim it down.  After a reboot I was able to change the hosts file so it only has a few hundred entries and the system has been fine since.

Is there a known cause for this?  I've seen it happen on a few other systems over the years but I've always just switched to a smaller hosts file to solve the problem.

# re: MVPS HOSTS File Update 06-14-07

Tuesday, June 19, 2007 10:11 PM by Mike

The only known cause is from not disabling the DNS Client service. This is explained on the website.

# Disney tiene algo que explicar

Friday, June 29, 2007 1:24 AM by .NET A new try...

Hola ¿qué tal? Pues… no lo puedo creer, y es que no acostumbro referenciar mucho sobre noticias en otros

# Spamhuntress » Blog Archive » Beware of hacked sites

Saturday, June 30, 2007 4:05 PM by Spamhuntress » Blog Archive » Beware of hacked sites

Pingback from  Spamhuntress  » Blog Archive   » Beware of hacked sites

# Dangerous Searches

Tuesday, July 03, 2007 12:21 AM by Hosts News

Over at Exploit Prevention Labs they have been detailing the dangers of certain search terms. So I thought

# Computer Software » Computer Software July 9, 2007 9:11 am

Pingback from  Computer Software » Computer Software  July 9, 2007 9:11 am

# re: Is Micro Bill Systems legit or Ransomware

Monday, July 16, 2007 9:55 AM by Ivor

A complete scam and one that the Trading Standards should prosecute for, if the laws dont allow for it, then the laws should be changed asap.

To slow down your PC until is tantemount to sabotage and blackmail.

# re: Is Micro Bill Systems legit or Ransomware

Tuesday, July 24, 2007 3:36 AM by Derek

Prevex 2.0 Will remove Micro Bill Systems Pop Up and Spyware. Norton Anti Spy Ware appears to remove the trojan but not the pop up.

Hide my I.D will stop attempts by Micto Bill Systems To track your computor.

# re: Is Micro Bill Systems legit or Ransomware

Tuesday, July 24, 2007 6:40 PM by Euwell Bankston

This is somewhat interesting. EMI realizes that digitial rights protection only works till it is hacked and has begun shipping without any protection simply because the cost of creating new schemes outways the potential benefit of additional revenue.  I personally am moving to Linux more and more and only boot into Windows when absolutely required.

Sony got bashed for its rootkit tactics. I think this needs to be turned over the the DOJ and let the government prosecute. Maybe the DOHS since this is a form of terrorism.

Just a thought.

# re: LimeWire and Media Usage Rights Acquisition

Wednesday, July 25, 2007 9:30 PM by oye

want access to my media music

# re: MVPS HOSTS File Update 07-08-07

Tuesday, July 31, 2007 7:31 PM by Bob Bobbinsworth

After loading this update, "Live Update" for Norton flashed a alert window stating that:

127.0.0.1  om.symantec.com was a malicious addition to my hosts file and prompted me to remove it prior to live update running.

Is it a malicious addition or is my Norton A/V infected with something.

Also, what is the difference in using 0 vs 127.0.0.1 in the hosts file?

Please respond to first question at least at:

bobbobbinsworth@hotmail.com

Thank you,

BB

# re: MVPS HOSTS File Update 07-08-07

Wednesday, August 01, 2007 12:07 AM by WinHelp2002

This is not a malicious entry, please see:

www.mvps.org/.../hostsfaq.htm

re: 127.0.0.1

This is the accepted industry standard. There is no published proof that "0" is faster or better to use.

# re: MVPS HOSTS File Update 07-31-07

Thursday, August 02, 2007 8:25 AM by G.P.Schipper

Hallo,

Is om.symantec.com a FP?

Because I get a popup window from Symantec that tells me it's a Symantec Liveupdate server.

# re: MVPS HOSTS File Update 07-31-07

Tuesday, August 07, 2007 6:48 PM by Mike (aka: WinHelp2002)

No it is not a false-positive ... please see:

Why does Symantec (Norton 2007) detect a possible malicious entry in the HOSTS file?

www.mvps.org/.../hostsfaq.htm

# re: Symantec detects a possible malicious entry in the HOSTS file

Wednesday, August 08, 2007 3:27 PM by Tim aka "Hardhead"

Hi Mike,

I got this alert and was giving 3 options from Symantec.

1. was to delete.

2. was to ignore and remind later.

3. was to ignore.

I'm using NIS 2007. You can also disable host file scanning by going to NIS/Run Security Inspector/Configure/Categories/Setting/and uncheck IP Addresses.

I also reported the issue to Symantec.

Regards,

Tim

# re: Hacked .gov sites

Friday, August 10, 2007 1:28 PM by David

So do you know how to get rid of whatever keeps trying to download the VideoAccessCodecInstall.exe? I cannot find any info on it.

Thanks in advance.

# Advertisers and Domain Parking

Monday, August 13, 2007 3:52 AM by Hosts News

Landing on "militarymoms.eu" a " Parked Domain ", where the clicks are controled

# re: Spyware Terminator not ready for Prime Time

Monday, August 20, 2007 2:28 PM by Bear Bottoms

Just a thought, PCMag has always given payware better reviews than freeware and is a for profit organization with a yearn for sponsors.  Nough said?

# re: Spyware Terminator not ready for Prime Time

Wednesday, August 22, 2007 4:41 PM by Richard Steven Hack

No, you do not need to install the Toolbar to use ST. You can deselect that option on install.

ST is generally getting good reviews in terms of its detection ability, although I don't recommend using it in isolation, just as I don't recommend using any malware tool in isolation. None of them are adequate to detect everything.

# re: The sad state of Antispyware Programs

Monday, September 03, 2007 8:58 AM by Doug Woodall

I agree with "Where is CounterSpy?".

Im also wondering where are the results for PC Tools and BitDefender?

# re: The sad state of Antispyware Programs

Monday, September 03, 2007 9:36 AM by WinHelp2002

Doug,

PCTools = Spyware Doctor

As for BitDefender they are considered an Antivirus program not Antispyware ...

# re: The sad state of Antispyware Programs

Monday, September 03, 2007 7:24 PM by Alex Eckelberry

We were also disappointed not to see CounterSpy included.  Apparently, there was a miscommunication from somewhere (perhaps from our marketing people), that the current release of CounterSpy (version 2.5) was in beta.  Since PC World prefers not to test beta, it wasn't included in this roundup.

The folks at PC World are being very cooperative and understanding with us and we hope to see a test/review in the future.

Alex Eckelberry

Sunbelt Software

# re: The sad state of Antispyware Programs

Wednesday, September 05, 2007 7:08 PM by Angus Scott-Fleming

I wonder why Ad-Aware and A-Squared were not included.  Also, it's worth noting that in the last two days Spybot S&D is now up to version 1.5.1, which includes immunization for Firefox and Opera and has a hosts-file tweaker.

# re: The sad state of Antispyware Programs

Thursday, September 06, 2007 10:26 AM by Doug Woodall

My Wife has used Ad-Aware for years. I think lately though she has not been too happy with it. Spybot remains in her good graces though.

Its funny about Bitdefender being AV and not AntiSpyware. It works good for me in preventing spyware. Weird.

# re: The sad state of Antispyware Programs

Thursday, September 06, 2007 10:31 PM by Mike (aka: WinHelp2002)

Angus,

As for Ad-Aware, it was explained in the article that they did not have a "Vista" version at the time ...

As for SpyBot S&D I'm afraid that a few additional features will not improve their detection rate as shown in the chart I posted.

# re: The sad state of Antispyware Programs

Sunday, September 09, 2007 1:21 AM by Cd-MaN

An issue with these tests is that their quality is questionable. So I wouldn't give too much credence to a PCWorld type of test (although from a marketing standpoint this is the one read by most of the people) because they proved many times that they can't create a good test from a technical point of view.

# re: The sad state of Antispyware Programs

Sunday, September 09, 2007 4:45 PM by Mike (aka: WinHelp2002)

Cd-MaN,

re: An issue with these tests is that their quality is questionable"

If you read the PcWorld article you'll see that they no longer do the tests.

"formal tests independently conducted by research company AV-Test.org"

So it does add a lot of credence ... IMHO

# re: Jamespot hacked

Monday, September 10, 2007 2:33 PM by Chris

Note also discussion at

groups.google.com/.../3496801093022759

the same people?

# re: Jamespot hacked

Monday, September 10, 2007 5:10 PM by Mike (aka: WinHelp2002)

Chris,

Yes it appears to be the same culprit ...

# re: Can you spot the fake

Thursday, September 13, 2007 11:58 AM by Lee

Your e-mail to another MSMVP found it's way to me. Thank you for reporting this to us. I have forwarded this to the appropriate people in our company to investigate.

Thanks again! We appreciate this.

Best regards,

-Lee

CNET Community

# re: Ad-blocking software comes under fire

Saturday, September 15, 2007 1:01 PM by Rabid

To add to this Flash Cookies ARE TROJANS.

The WWW was NOT designed with these in mind & it

is a very sly way of passing Personal Details from Site to Site.

I must also add that Microsoft have taken out a Patent for this exact technology in order to store such data & then supply such data on a "Commercial" supply Basis to other Companies!

# re: Ad-blocking software comes under fire

Sunday, September 16, 2007 12:52 AM by Mike (aka: WinHelp2002)

Rabid,

I wouldn't say that Flash Cookies are trojans. You can certainly control your preferences for those here:

www.macromedia.com/.../settings_manager06.html

re: Microsoft have taken out a Patent"

I blogged about that a while back ...

msmvps.com/.../is-microsoft-getting-into-the-adware-business.aspx

# re: Ad-blocking software comes under fire

Sunday, September 16, 2007 8:48 AM by Rabid

And what do you need enabled to change those settings... "FLASH!"

# re: MVPS HOSTS File Update 09-06-07

Monday, September 24, 2007 1:49 PM by Huh What

You can steal others host file inclusions but no one can use parts of your host file, OPPS :)

# re: Beware of Imposters

Monday, September 24, 2007 1:50 PM by Huh

This comment belongs here,

You can steal others host file inclusions but no one can use parts of your host file, OPPS :)

# re: Jamespot hacked

Tuesday, October 02, 2007 9:38 PM by mdc

I have Vista and it pops up on Comcast everytime I enter the page. Is there a way to turn it off? My Vista is running in Protected Mode:On.

# re: Jamespot hacked

Wednesday, October 03, 2007 1:09 AM by Mike (aka: WinHelp2002)

mdc,

I'm not quite sure what you are asking?

What pops up on Comcast?

# re: Out of touch lately

Sunday, October 28, 2007 1:05 AM by Donna

Sorry to hear this!

Good no one was hurt.

Take care!

# re: Out of touch lately

Sunday, October 28, 2007 5:17 AM by Dave

When I was about 11 years old, I was bereaved of all my favorite video games (and everything else, but they were the most important) in a similar manner. That said, I wish I had something amazingly insightful and comforting to offer, but I don't; I hope everything goes as smoothly and happily for your family as it possibly can.

# re: Out of touch lately

Monday, October 29, 2007 10:04 AM by Tim

Thanks for the update. Thought you may be on vacation. :) Sorry to hear otherwise. :( Glad no one was hurt. Property can be replaced, people cannot.

Anyway, thank you for what you do here. I'm sure I speak for many when I say your efforts are extrememly valuable to the computing community! Best wishes!

# re: Out of touch lately

Monday, October 29, 2007 11:25 AM by Alun Jones

I can suggest something - start making an inventory now, and keep updating it as you remember stuff. I burned my bedroom as a teenager (a magnifying glass on a stand caught the sun), and even though most stuff was merely smoke-damaged, I didn't really have a good idea of what stuff I had lost. I would keep remembering things.

# re: Out of touch lately

Monday, October 29, 2007 6:41 PM by Corrine

Your heart must have been in your throat when you heard about it.  Thank goodness no one was injured.

# re: Out of touch lately

Sunday, November 04, 2007 12:48 PM by Jeff

Lives are more important than belongings, for sure.

Thats a real eye opener, never expected to see that photo scenerio here.

I hope your family can put it behind soon and find comfort for a new beginning.

I had just sent an email to you for the mail list updates and saw this afterwards.

# DoubleClick serves up DoubleSpeak

Tuesday, November 13, 2007 4:40 AM by Hosts News

eWeek has an article " DoubleClick Serves Up Vast Malware Blitz " which describes problems

# Symantec detects suspicious entries in the MVPS HOSTS file

Wednesday, November 14, 2007 2:45 AM by Hosts News

Well here we go again ... another security program with a poorly written detection ... seems Symantec

# Is it Safe or Not ? » Disney has some explaining to do

Wednesday, November 14, 2007 7:20 AM by Is it Safe or Not ? » Disney has some explaining to do

Pingback from  Is it Safe or Not ?    » Disney has some explaining to do

# Do me a favour - dump Symantec | Spyware News and Information

Wednesday, November 14, 2007 8:04 AM by Do me a favour - dump Symantec | Spyware News and Information

Pingback from  Do me a favour - dump Symantec | Spyware News and Information

# Do me a favour - dump Symantec [Spyware Sucks]

Wednesday, November 14, 2007 8:35 AM by Australian & New Zealand MVPs

Check this out: msmvps.com/.../1309806.aspx I ask you, can you

# re: Symantec detects suspicious entries in the MVPS HOSTS file

Wednesday, November 14, 2007 11:19 AM by Mike (aka: WinHelp2002)

I do not personally use anything Symantec/Norton ... the post was in response to several emails I've had from users of my HOSTS file about this issue.

# re: Bogus Flash Player prompt

Thursday, November 15, 2007 5:35 PM by sandi

Mike,

What about the red x close button?  Aren't there security features for the chrome that prevent the close button being spoofed nowadays in pop-up windows?  Of course, HTML pages with fake dialogue boxes that are no more than graphics on a web page are a different story.

Sandi

# re: Bogus Flash Player prompt

Thursday, November 15, 2007 10:42 PM by Mike (aka: WinHelp2002)

Sandi,

The same applies for the Red X button ... due to the way the page is coded.

# re: Symantec detects suspicious entries in the MVPS HOSTS file

Wednesday, November 21, 2007 12:21 AM by 'sambo' reynolds

wait a second ...somethin dont make sense here. you say NOT to delete all those ominture. clarity, etc etc entries from the hosts file! #1 how do i keep em off my machine (they obviously broke in already, in order to post themselves in the hosts file. #2 why wouldnt i want to delete ALL tracking cookies, help educate me here..i got about 6 of those that you say cant be removed, what do i have to switch to linux, to fix the prob??? :-(

# re: Symantec detects suspicious entries in the MVPS HOSTS file

Wednesday, November 21, 2007 2:51 AM by Mike (aka: WinHelp2002)

sambo,

No they did not break in ... those entries already existed in the HOSTS file.

re: Tracking Cookies

I never said not to delete those ...

# re: Another bogus movie player site

Monday, November 26, 2007 6:05 PM by redwolfe_98

i don't see "www.stvfirm.com" in the 11/19 winhelp2002 HOSTS file..

# re: Another bogus movie player site

Monday, November 26, 2007 8:08 PM by winhelp2002

redwolfe_98,

You're right ... that entry was added after the last update, and I have ammended the blog post to reflect that.

# kertvista » Is Spamdexing on the rise?

Saturday, December 01, 2007 3:15 AM by kertvista » Is Spamdexing on the rise?

Pingback from  kertvista » Is Spamdexing on the rise?

# LimeLight Networks and connecting the dots

Friday, December 07, 2007 2:33 AM by Hosts News

Often times you have to look hard to connect the dots ... however it now seems LimeLight has been affiliated

# re: LimeLight Networks and connecting the dots

Friday, December 07, 2007 4:17 PM by bomfunk mc

contact me at

GvyxQN931zlcGDoV@spambox.us

please

# re: LimeLight Networks and connecting the dots

Monday, December 10, 2007 10:40 AM by Cd-MaN

LimeLight is a legitimate company. It is a CDN (Content Distribution Network) similar to Akamai, although not so big. I'm sure that any affiliation with malware is a mere oversight on their behalf.

# re: LimeLight Networks and connecting the dots

Monday, December 10, 2007 4:40 PM by winhelp2002

Cd-MaN,

I have no doubt LimeLight is a legitimate company, however it worries me how they could become affiliated with Innovative Marketing and SetUpAHost ... hopefully they will sever their ties with them ASAP.

# re: More on Innovative Marketing

Tuesday, December 11, 2007 11:01 AM by Cd-MaN

First of all let me say that I appreciate what you are doing and have used your host file on many computers of home users to keep them relatively safe. The paper published by the honeynet project where they found that your host file blocked 100% of the malicious URLs they collected is a testament to the quality of your work.

However, one thing that I observed is that from time to time you get a little overzealous (for example I found that the host file was blocking some connections needed to install Yahoo messenger or that it was blocking the Google web tracking system, which in turn was needed to download Google Earth). As I said in an other comment, Limelight networks is a legitimate CDN much like Akamai, and they should be notified of the problems.

# re: More on Innovative Marketing

Thursday, December 13, 2007 1:27 AM by winhelp2002

Cd-MaN,

re: they should be notified of the problems

They were notified ... no reply yet ...

Ticket ID: llnw #456387

# More malware found at Limelight Networks

Sunday, December 16, 2007 6:22 AM by Hosts News

Seems the harder I look the more malicious content is found running from Limelight Networks ... at least

# re: Bogus Streaming Video Playback Error

Sunday, December 16, 2007 11:20 AM by Bob

I think we should find them, and rub pig fat all over them,,,then behead the fuckers,

# Limelight distributes hundreds of Rogue Antispyware products

Monday, December 17, 2007 5:40 AM by Hosts News

Looks like Limelight is involved in distributing hundreds of Rogue Antispyware products ... the majority

# Limelight distributes hundreds of Rogue Antispyware products

Monday, December 17, 2007 5:40 AM by Hosts News

Looks like Limelight is involved in distributing hundreds of Rogue Antispyware products ... the majority

# re: Limelight distributes hundreds of Rogue Antispyware products

Monday, December 17, 2007 7:06 AM by sandi

Ping me offline Mike....

Sandi

# re: Limelight distributes hundreds of Rogue Antispyware products

Monday, December 17, 2007 8:38 AM by Dean

"Although it's doubtful that (US) officals can do anything about the foreign locations, they can certainly question the unsavory practices of LimeLight since it is a US company"

True, but I wouldn't hold my breath. Look at Cernel and Intercage, also domestic companies. Cernel is behind all the "DVD Access" rogue codec web sites along with many others.

# re: Limelight distributes hundreds of Rogue Antispyware products

Monday, December 17, 2007 3:06 PM by winhelp2002

Dean,

That's true but those hosting companies do not boast about their "partners" like this:

www.limelightnetworks.com/partners.html

# re: Bogus Streaming Video Playback Error

Monday, December 17, 2007 3:08 PM by winhelp2002

Bob,

I don't think we need to go that far ... but close.

# re: Limelight distributes hundreds of Rogue Antispyware products

Thursday, December 20, 2007 12:56 PM by Mike Nolet

It's silly to go after LimeLight, they're just a CDN -- you give them a piece of content, they will deliver it for you around the world. They're a dumb interface used to decrease latency and increase bandwidth when serving static content.

# re: Limelight distributes hundreds of Rogue Antispyware products

Thursday, December 20, 2007 3:15 PM by winhelp2002

Mike,

While you may think it is silly ... I certainly do not. The purpose is to cut off any and all routes possible that apply to the WinFixer gang.

# re: LimeLight Networks and connecting the dots

Friday, December 21, 2007 1:28 AM by sam

So what is the bsa.safetydownload?  Is it something I need to remove?  My PC pops up error messages asking me to install something from them.  I have no idea who or what they are.

# re: LimeLight Networks and connecting the dots

Friday, December 21, 2007 5:14 AM by winhelp2002

Sam,

Yes it is something you should remove!

"Dealing with Unwanted Spyware and Parasites"

www.mvps.org/.../unwanted.htm

Perhaps you should contact LimeLight and ask them how to proceed ...

# Christmas comes early · HDTV Information, Reviews, and Deals

Pingback from  Christmas comes early · HDTV Information, Reviews, and Deals

# re: Christmas comes early

Friday, December 21, 2007 7:07 AM by Dean

Enjoy Mike - and a Merry Christmas to you and the family.

# re: LimeLight Networks and connecting the dots

Saturday, December 22, 2007 9:52 PM by Leslie

I also have been receiving pop ups that say critical error click balloon to fix and a website by the name of bsa.safetydownload.com address. The way it comes up it looks like a windows alert message and the page comes up replicating windows help. what should I do and how do I go about contacting this company. I stumbled upon this page when I searched 'bsa.safetydownload.com and this was the first that popped up.

# re: LimeLight Networks and connecting the dots

Sunday, December 23, 2007 12:57 AM by winhelp2002

Leslie,

Follow the instructions here:

"Dealing with Unwanted Spyware and Parasites"

www.mvps.org/.../unwanted.htm

# AntiSpywareControl yet another Rogue/Suspect Anti-Spyware Product

Sunday, December 23, 2007 5:44 AM by Hosts News

Landing on the following site the viewer is presented with not only a "IFrame.Exploit" and

# AntiSpywareControl yet another Rogue/Suspect Anti-Spyware Product | Spyware News and Information

Pingback from  AntiSpywareControl yet another Rogue/Suspect Anti-Spyware Product | Spyware News and Information

# kre8ive » AntiSpywareControl yet another Rogue/Suspect Anti-Spyware Product

Pingback from  kre8ive » AntiSpywareControl yet another Rogue/Suspect Anti-Spyware Product

# re: LimeLight Networks and connecting the dots

Sunday, December 23, 2007 10:15 PM by Leslie

Thank you! Alot of good information here.

# adware » Blog Archive » eMusic Toolbar

Thursday, December 27, 2007 5:48 PM by adware » Blog Archive » eMusic Toolbar

Pingback from  adware  » Blog Archive   » eMusic Toolbar

# re: eMusic Toolbar

Thursday, December 27, 2007 10:24 PM by Jon

Ah, it is the toolbar that is the problem, not necessarily the music download service itself. Good detective work! I'm disappointed in e-music. I guess I can't complain about their entry in your list. Thanks for doing the recheck.

# re: The Year in Review

Monday, December 31, 2007 12:56 AM by Dean

"what I would like to see is all the 'Mag' sites run several reviews on these bogus products and get the main-stream media involved in exposing all the parties involved."

An excellent suggestion... Unfortunately, like most magazines, PC-related magazines seem to avoid reviews of stuff that they already know is bad. It would be nice to see someone like Neil Rubenking pick up the ball on this issue.

"While the detection rates have become better for the commercial Antivirus/Antispyware products, the "freeware" versions have failed to keep pace and are no longer recommended as a first-line of defense ..."

That is certainly true for most of the freeware anti-spyware products. Having run thousands of samples of malware through VirusTotal, I've been impressed with the results from Avira (AntiVir). They're often among the earliest to provide a defense against new stuff, even earlier than NOD32, which both of us use. Kaspersky seems to be consistently the fastest (along with F-Secure, which licenses Kaspersky's definitions).

Among the "paid" software, Microsoft's offering gets the most-improved award for the year. Of course, it had nowhere to go but up. Happy New Year!

# re: The Year in Review

Monday, December 31, 2007 10:41 AM by Doug Woodall

Just wanted to say thanks for all the great posts youve published this year. I found your site thru a Google Alert for "Spyware" earlier this year and Ive enjoying reading the posts here since.

All the best for you and yours.

# re: The Year in Review

Monday, December 31, 2007 9:48 PM by Just Bob

A minor nit is in order, but only after I say thank you for your work. ;-)

www.honeynet.org/.../KYE-Malicious_Web_Servers.htm

"Does this mean that blacklisting is an ineffective method? In order to answer this question, we repeated our analysis of the 306 malicious URLs on a client honeypot that uses a DNS blackhole list, including the servers in the hosts file from www.mvps.org and the servers in the clearinghouse of stopbadware.org, and repeated our analysis. Considering that only 12% of the servers we identified as malicious were included in our blacklist, one would expect a remaining high number of malicious classifications by our client honeypot. Surprisingly, only one URL remained malicious. We conclude that blacklisting is indeed a very effective method to thwart these attacks."

So that would be a combination of the hosts file and a list of malicious sites from stopbadware.org that was used and it left 1 malicious link.

Thanks again and Happy New Year.

# Antivirus at Center Section is the page which provides information

Pingback from  Antivirus    at Center Section is the page which provides information

# re: MVPS HOSTS File Update 01-03-08

Thursday, January 03, 2008 12:20 PM by JB

01-03-08 MVPS HOSTS file has a line for www.interactivebrands.com that's missing the localhost IP

# re: Correction to the MVPS HOSTS file

Friday, January 04, 2008 3:53 PM by ß

I'd like to point out to you the following

ad servers that seem to be missing from your

otherwise EXCELLENT Hosts File:

as.nu.nl (ad server for nu.nl, most popular Dutch news site)

ebayrtm.com (ads on ebay)

rcm.amazon.com (ads by amazon on blogs, eg economicsbriefing.com)

www-google-analytics.l.google.com

(included in pgl.yoyo ad server list, not mentioned under Google Inc on MVPS Hosts list)

Last but not least, I have noticed a lot of

ads or links to 'buysub.com' that have popped up everywhere. Example:

www.epicurious.com/.../241101

has top ad where the link location is:

m1.buysub.com/.../PackageAddCmd

A regular query of www.buysub.com does not yield a website. I have come across several

other references on the web. I have been unable

to find background information on this particular domain.

May I also add that 207.net popped up a survey

on msnbc.msn.com, indicating that not all 207.net activities are covered by the current

host file. I have no details on this unfortunately. Hopefully you will include the

abovementioned in a future update of your Hosts

File. Thank you.

ß

# re: More on Innovative Marketing

Saturday, January 05, 2008 5:35 PM by Norm

204.16.204.56 is dangerous spy-ware.

It appears under tabs as "your computer has a malware - click here to download.

If you make it. It downloads MediaCodec Zlob.

Could be removed by SpyHunter. This Zlob is Trojan

and will send your private data, may update  

your computer registry, even block your task manager.

Check by nslookup 204.16.204.56

It appeared as protect.trustedantivirus.com  ..."zheltaya.hernya". It comes from Russia.

Block it by adblocker, block by its IP                

# re: Correction to the MVPS HOSTS file

Saturday, January 05, 2008 11:15 PM by winhelp2002

Thanks for your submissions ...

They will be reviewed and added as needed to the next update.

# re: MVPS HOSTS File Update 01-03-08

Saturday, January 05, 2008 11:17 PM by winhelp2002

Thanks ... that has been corrected and a fresh copy of the HOSTS file was uploaded.

# re: Correction to the MVPS HOSTS file

Sunday, January 06, 2008 3:34 PM by heroo

ad servers that seem to be missing from your

links.industrybrains.com

autocontext.begun.ru

begun.ru

referal.begun.ru

promo.begun.ru

go.jetswap.com

jetswap.com

ad.agava.tbn.ru

ad.rich1.adbn.ru

ad.top1.adbn.ru

e0.extreme-dm.com

e2.extreme-dm.com

# re: Beware of fake PornTube sites

Sunday, January 13, 2008 6:03 AM by mac12255

PrivacyProtect?  You just need to learn how to have it opened.  For example, there is privacy protection on boomgirltv.com's registration right at the moment.  And I will have it opened within several hours.

Tom Bluewater

MHVT.NET

# re: Correction to the MVPS HOSTS file

Monday, January 14, 2008 10:32 AM by antiomn

new ads server

yahoo search via overture.com

rc10.overture.com

# re: Beware of fake PornTube sites

Wednesday, January 16, 2008 7:57 PM by Me

Help!

What should I do?

I downloaded the 'codec' and ran it.

silly me...

# Limelight Networks kicks WinFixer to the curb

Monday, January 21, 2008 3:28 AM by Hosts News

It took a while ... but it looks like Limelight finally sent the WinFixer Group packing ... Back in December

# re: Benedelman exposes CNetmedia shady practices

Sunday, February 24, 2008 4:40 PM by vet mitchell

I would like to know what we can do to protect more people like me,i'd never heard of this untill to day.

# re: Benedelman exposes CNetmedia shady practices

Wednesday, February 27, 2008 2:24 AM by winhelp2002

vet mitchell,

The easiest way is to install the HOSTS file, as all the mentioned sites are included ...

www.mvps.org/.../hosts.htm

# re: PC SuperCharger's bogus online scan/scam

Friday, February 29, 2008 10:32 AM by Alun Jones

Sadly, this is not really something that could be called a failure on Comodo's part.

The certificate identifies the code as being signed by PC SuperCharger, and indeed, the code is theirs to sign.

A certificate authority's job is to verify identity - not to approve business practices.

# re: ZDNet Asia and TorrentReactor Compromised

Sunday, March 16, 2008 12:47 AM by Bob Little

Today, my wife visited a site she thought would help her map out the trip between Myrtle Beach, SC and Charleston, SC.  When I sat down at the laptop, I saw the apparent results of an Anti Virus or Spyware Scan that seemed legitimate, as my son's laptop runs XP Home and it was label XP Antivirus 2008.  It alleged three specific problems, and when I cautiously attempted to abort the program, it apparently installed it.  It appeared as a shortcut on the desktop and an icon in the task tray.  I've used 4 different legitimate programs to try and remove it and not one has actually identified this as a risk, period.  How do I get rid of something that isn't detected and doesn't appear as a program Windows could uninstall?

# re: ZDNet Asia and TorrentReactor Compromised

Sunday, March 16, 2008 6:30 AM by winhelp2002

Bob,

A good place to start is here:

How to remove XPAntiVirus

www.bleepingcomputer.com/.../topic111715.html

# re: Another WinFixer clone using Comodo

Monday, March 17, 2008 3:19 PM by redwolfe_98

i am glad to hear that "comodo" is "shutting down the accounts".. thanks for the work that you are doing..

# Follow-up on Comodo and XpAntivirus2008

Saturday, March 22, 2008 11:59 PM by Hosts News

The other day I reported that Comodo had revoked all certificates issued to WinFixer/SetupAHost ... as

# Spamdexing and another YouTube look-alike

Monday, March 24, 2008 4:23 AM by Hosts News

A little background ... I have this blog set to "Approve" most content that is added via the

# Spamdexing and another YouTube look-alike

Monday, March 24, 2008 4:23 AM by Hosts News

A little background ... I have this blog set to "Approve" most content that is added via the

# re: Spamdexing and another YouTube look-alike

Tuesday, March 25, 2008 1:07 AM by dean

You probably know about these clones of reportblogsite, but if not...

dotinfonews.com

mediafornews.com

newspaceinfo.com

reachnewschannel.com

reachnewsonline.com

saveyournews.com

skyviewinfo.com

supernewsblog.com

surfnewsmag.com

topviewreport.com

tvnewsmag.com

viewforinfo.com

# re: Spamdexing and another YouTube look-alike

Wednesday, March 26, 2008 6:25 PM by Franklin

That's a new one on me. I've sen a pattern to the way the owners of these sites generate traffic, using a complex network of redirectors that I've documented on my own blog at

tacit.livejournal.com/238112.html

but I haven't seen the attackers generate traffic to these sites using lookalikes of blogging sites before. Very interesting.

# re: Vomba Acquires Adware Company WhenU

Friday, April 04, 2008 3:25 PM by Steven Burn

LOL! ... nice catch dude

Something tells me we're up for a whole heap o' fun over the next few weeks ...

Though you'd have thought they'd have learnt at the very least, the basics of hiding a completely BS "acquisition" .... rule number one of which, is not publishing the fact that the companies involved are all at the same address, lol.

# re: MVPS HOSTS File Update April-01-2008

Sunday, April 06, 2008 8:36 AM by Merman

please ad this

top.proext.com

t.proext.com

adpro.ua

ads.expekt.com

a.faireagle.com

b.faireagle.com

adwork.net.ua

br.gcl.ru

gcl.ru

adv.wisdom.bg

www.quantcast.com

quantcast.com

adserver.mediarun.net

ads.consultcommerce.bg

api.clickability.com

marketing.futurenet.com

qle.ru

s.agava.ru

js.ua.redtram.com

ad.bpt.tbn.ru

ad.auto.tbn.ru

# re: Spamdexing and another YouTube look-alike

Monday, April 07, 2008 8:59 AM by Randy Knobloch

Great stuff, Mike - keep it up!

# re: Zango Alleges Kaspersky Is Badware Itself

Monday, April 07, 2008 4:53 PM by jon

zango is so stupid the dont know what is badware

There just stalling the court by saying  Kaspersky  is badware lolo how retarded

"go back to school zango"

# re: Is PCSecurityShield still a Rogue Antispyware company?

Wednesday, April 09, 2008 10:28 AM by Tom

this might be off-the-wall, but i noticed that another company, "encore", is marketing a "spyware doctor 2008".. "encore" looks like it is a similar type "business" where they are marketing rebranded products..

someone said that they were having problems with "spyware doctor 2008", which does not come from the "pctools" website, so i looked into it..

# re: Is PCSecurityShield still a Rogue Antispyware company?

Wednesday, April 09, 2008 11:45 PM by winhelp2002

Tom,

I wouldn't doubt there are many companies that rebrand other popular products ...

# Another Rogue product from LocusSoftware

Friday, April 11, 2008 5:29 AM by Hosts News

Following up on a post from Sandi who is reporting yet another malicious advertisement (.swf) that redirects

# Another Rogue Antispyware product from the Pandora Software group

Wednesday, April 16, 2008 8:26 PM by Hosts News

Following up on a article from our friends at BleepingComputer " How to remove Malware Bell "

# re: MVPS HOSTS File Update April-22-2008

Wednesday, April 23, 2008 9:09 AM by Merman

check and ad

click.begun.ru

click01.begun.ru

click02.begun.ru

click03.begun.ru

ypn-120.overture.com

eu-pn1.adserver.yahoo.com

ad.aimedia.com

re.adroll.com

static.robotreplay.com

nebuad.adjuggler.com

secure.webstat.com

s1.adwatcher.com

s2.adwatcher.com

s3.adwatcher.com

s4.adwatcher.com

s5.adwatcher.com

s6.adwatcher.com

ubergizmo.us.intellitxt.com

ask-leo.us.intellitxt.com

we7.adbureau.net

ac.all.bg

freemu.info.powered-by.zango.com

bannerbg.com

www.newplay.bg

# re: MVPS HOSTS File Update April-22-2008

Sunday, May 11, 2008 11:06 AM by Dino

I stumbled across one of those rogue sites that try's to trick you into installing a new video active-x codec.  How and where should I report it? thanks.

ubal@comcast.net

# Want a Trojan.Zlob with your fake scan results?

Monday, May 26, 2008 2:31 AM by Hosts News

It's amazing the lengths these culprits will go to ... landing on the following site not only do

# re: Want a Trojan.Zlob with your fake scan results?

Monday, May 26, 2008 7:34 AM by Dean

Hi Mike,

The image isn't being displayed, perhaps because of the asterisks in the file name (west-video-***.gif).

# re: Want a Trojan.Zlob with your fake scan results?

Monday, May 26, 2008 10:45 AM by winhelp2002

Thanks Dean ... it showed up in the preview? It should be displaying now ...

# Little Big Tomatoes » Blog Archive » The one with the evil jscript on my blog…

Pingback from  Little Big Tomatoes  » Blog Archive   » The one with the evil jscript on my blog…

# re: Can Sponsored Results be trusted?

Friday, August 29, 2008 2:02 PM by Gene

i was surfing the web one day and got this avxp spyware infected in my computer. The avxp prompts were all over my computer, and the backgroung changed.the prompt wanted me to do a "fake" virus search and buy the software. It wouldnt let me exit the prompts at anytime.

# Symantec LiveUpdate Security Warning revisited

Saturday, August 30, 2008 1:43 AM by Hosts News

I've blogged about this several times ...[ here ] [ here ] however as I am frequently asked about

# re: Can Sponsored Results be trusted?

Saturday, August 30, 2008 2:01 PM by Paula Frentte

How do you get rid of this program if you have fallen for the scam?

# re: InterCage suspends thousands of malware related sites

Wednesday, September 03, 2008 8:38 AM by Brian Krebs

Hi. I would be very interested to hear from you what the difference was in the current hosts file you have and what was observed as suspended from that list?

I can be reached at brian.krebs@washingtonpost dot com. If you send me an email there, I will reply from that address.

Thanks.

Bk

# re: InterCage suspends thousands of malware related sites

Wednesday, September 03, 2008 11:36 AM by dean

> when running a program I use to validate the DNS of each entry in the HOSTS file

Hi Mike,

Just curious... which program do you use for this?

# re: InterCage suspends thousands of malware related sites

Wednesday, September 03, 2008 5:47 PM by winhelp2002

Dean,

To validate I use CIP

www.snapfiles.com/.../cipfree.html

# More fallout on the suspended malware sites

Friday, September 05, 2008 3:43 AM by Hosts News

Knujon News reports " Directi is now severing ties with Estdomains amid complaints that the Eastern

# re: InterCage suspends thousands of malware related sites

Sunday, September 07, 2008 10:30 PM by Bk

WVFiber just said it plans to drop connectivity to Atrivo/Intercage this week. Also, nLayer is demanding some 7,400 IP addresses back from Atrivo.

See the updates at:

voices.washingtonpost.com/.../scam-heavy_us_isp_grows_more_i.html

# Hundreds more malware domains suspended

Monday, September 08, 2008 3:24 AM by Hosts News

As I reported the other day about the thousands of suspended domains ... it appears that even more domains

# Hundreds more malware domains suspended

Monday, September 08, 2008 3:26 AM by Hosts News

As I reported the other day about the thousands of suspended domains ... it appears that even more domains

# Directi and EstDomains continue to suspend thousands of malware sites

Friday, September 12, 2008 6:18 AM by Hosts News

I have been keeping a close watch on the amount of suspended sites in the MVPS HOSTS file ... rescanning

# Directi and EstDomains continue to suspend thousands of malware sites

Friday, September 12, 2008 6:22 AM by Hosts News

I have been keeping a close watch on the amount of suspended sites in the MVPS HOSTS file ... rescanning

# re: Directi and EstDomains continue to suspend thousands of malware sites

Friday, September 12, 2008 11:58 AM by Retired

Mike,

Please see this forum thread:

www.malwarebytes.org/.../index.php

# re: Directi and EstDomains continue to suspend thousands of malware sites

Saturday, September 13, 2008 12:31 AM by winhelp2002

You guys are doing a great job there ...

# Klikdomains suspended

Monday, September 15, 2008 11:00 AM by Hosts News

Just days after Security Fix exposed " Klikdomains" and the connection to "VIVIDS MEDIA

# re: Symantec LiveUpdate Security Warning revisited

Sunday, September 21, 2008 3:11 PM by Martin Hamer

I am reminded of an old story about a man

who set up a company as a glazier

in order to make his business do well

he had half the employies go out at night

breaking windows to provide work for the

other half working during the day.

needless to say his company grew in wealth

with lots of work for all. lol

# Pages tagged "blogs"

Sunday, September 28, 2008 4:05 PM by Pages tagged "blogs"

Pingback from  Pages tagged "blogs"

# Calling cards

Thursday, October 02, 2008 9:45 AM by alex

Smart way to get ya"

# Innovative Marketing dies a slow death

Friday, October 03, 2008 11:33 PM by Hosts News

I reported on Sep 8, 2008 that the sites " innovativemarketing.com " and " setupahost

# Innovative Marketing dies a slow death

Friday, October 03, 2008 11:34 PM by Hosts News

I reported on Sep 8, 2008 that the sites " innovativemarketing.com " and " setupahost

# re: Bogus Adobe Flash Player extension

Saturday, October 04, 2008 11:04 AM by novice

how to remove this?

# re: Innovative Marketing dies a slow death

Saturday, October 04, 2008 11:53 AM by TJ

Congrats on the MVP award. It is most deserved. I've been using your hosts file on my home systems for a while as one layer of protection in a defense in depth strategy. And it has no doubt saved me from potential problems various times while browsing the net. Keep up the great and valuable work! :) Thank you!

# Congratulations and Thank you!

Saturday, October 04, 2008 3:10 PM by Corrine

Congratulations on being re-awarded!  

# re: Innovative Marketing dies a slow death

Sunday, October 05, 2008 1:35 PM by Turkey

Thanx you perfect Docs

# re: Innovative Marketing dies a slow death

Monday, October 06, 2008 4:58 PM by RJW

Congratulations on your 10th consecutive MVP award.  Always nice to be recognized.  I've been using your HOSTS file for about three years and have no doubt it's saved me more than once. Your efforts are greatly appreciated.  Thanks!  

# re: Innovative Marketing dies a slow death

Monday, October 06, 2008 11:59 PM by dean

Ten years already? Wow. What you've done literally defines service to the community Mike. May you get many more.

# re: Innovative Marketing dies a slow death

Wednesday, October 08, 2008 10:56 AM by Paul

You are doing some brilliant work and millions of users appreciate it, the award is more than deserved, well done!

# Another Exploit opens Windows Contacts

Sunday, October 26, 2008 3:29 AM by Hosts News

The other day I mentioned I found an exploit that tries to infect Windows and also attempts to open Windows

# re: Is Security overwhelmed by Malware?

Monday, October 27, 2008 4:38 AM by Buffet

In the third paragraph, 'scream' is spelled wrong.

# re: Bogus Streaming Video Prompt

Friday, November 28, 2008 12:27 PM by security expert

i used a dev pc to test the site and after installing the malware the movies worked!!!!!

maybe this is the beginning of a new tactic ( ie providing sound clips when the file isnt installed but after installation playing the movie) i will have to keep an eye on this one

# re: I'm Back ...

Saturday, December 13, 2008 6:48 AM by cconniejean

I love your picture for this entry, It does say it all for how bad moving is.

# re: I'm Back ...

Sunday, December 14, 2008 6:15 AM by Maik

Best wishes in your new home (as you rightly say, moving sucks)

# re: Enjoy the Holidays!

Wednesday, December 24, 2008 10:18 AM by cconniejean

Happy Holidays to you and your family from Florida!

# re: Enjoy the Holidays!

Wednesday, December 24, 2008 1:59 PM by jim white

all the best jim from Scotland

# re: When Affiliates get hacked

Thursday, January 08, 2009 8:03 AM by Odomus CrystalHeart

Ok that just sucks, a spyware killer gets hit with spyware/malware etc what ver the case maybe, ironic really. It is funny but it isnt yannow.

Sad what the world is comming to these days when a legit business gets hit like that, that just has to really suck.

I dont use them, but still I have seen some people do, just really bites. *sigh*

# re: MVPS HOSTS File Update January-08-2009

Monday, January 19, 2009 10:05 PM by Hugs.

Thank you.  Over the last few years this list has saved me no end of headaches.  

# IE 7 Glitches | keyongtech

Monday, January 26, 2009 3:10 PM by IE 7 Glitches | keyongtech

Pingback from  IE 7 Glitches | keyongtech

# re: MVPS HOSTS File Update February-11-2009

Thursday, February 19, 2009 8:50 AM by mjncheers

Thank you very much for your work!

I started using your host file earlier on after seeing jimmyr's introduction to it and it's really working great (especially after disabling DNS as per your advice).

# pcbutts1 now serving up Malware?

Wednesday, February 25, 2009 5:15 AM by Hosts News

Recently I was advised of a new site (ms-mvp.org) that is redirecting to pcbutts1 .com ... which I have

# re: pcbutts1 now serving up Malware?

Thursday, February 26, 2009 12:35 AM by Maik

That guy needs professional help with his head.

# re: pcbutts1 now serving up Malware?

Thursday, February 26, 2009 2:25 PM by Toppy

What a lifetime lamer.

# re: Bogus Video Decryption Tool

Thursday, February 26, 2009 2:27 PM by Toppy

It would be nice if you could post the HOSTS file additions that we need to add in plain text format instead of an image ? :)

# re: pcbutts1 now serving up Malware?

Friday, February 27, 2009 4:12 AM by S!Ri

Hello

I'm the owner of the site siri.urz.free.fr (SmitfraudFix). pcbutts have stolen codes from many security researchers and claims that we are liars end thieves. Now he pretends being MVP (but he also block the real MS MVP site in his modified hosts file !)

He may certainly think that there is a conspiracy against him ;)

# re: Bogus Video Decryption Tool

Friday, February 27, 2009 5:54 AM by winhelp2002

Toppy,

I make hundreds of changes in the HOSTS file between updates ... so it would be a bit much to post additions all the time. As for the "image" ... people just can't help themselves and would end up copying the entries and visiting these malware sites ... thus infecting themselves.

If really needed you could copy the sites listed by hand, but these are just a few of the hundreds of changes made between updates ...

# re: pcbutts1 now serving up Malware?

Friday, February 27, 2009 6:01 AM by winhelp2002

S!Ri,

It's more like "he's a legend in his own mind" ... there is no conspiracy ... I'm just pointing out the evil in pcbutts' ways ...

# re: The MVPS HOSTS update Mailing List has been discontinued

Wednesday, March 25, 2009 5:54 AM by Ovidiu

maybe a subscription to www.changedetection.com might help with catching up with the updates?

# re: The MVPS HOSTS update Mailing List has been discontinued

Wednesday, March 25, 2009 11:03 PM by winhelp2002

Ovidiu,

re: changedetection.com

That option requires the user to give their email address to a 3rd party ... not many people are really willing to do that.

You can always use the option on this blog to get notified when there is a new post.

# re: The MVPS HOSTS update Mailing List has been discontinued

Saturday, March 28, 2009 11:59 AM by Maik

Quite understandable, especially given its popularity. I've found HostsMan to be a great way to keep the Hosts file automatically updated. Set it and forget it. www.abelhadigital.com/.../hostsman-3157-released.html

# re: The MVPS HOSTS update Mailing List has been discontinued

Sunday, March 29, 2009 5:23 AM by winhelp2002

Maik,

The auto-update feature only exists in the beta version ... generally I do not recommend users running beta versions, but thanks for the suggestion.

# re: The MVPS HOSTS update Mailing List has been discontinued

Sunday, March 29, 2009 8:29 AM by Maik

I'm using v3.1.57 and it auto-updates the Hosts file. So far as I can see, this is not a beta release.

# re: The MVPS HOSTS update Mailing List has been discontinued

Sunday, March 29, 2009 6:04 PM by wattage

Hello. I wanted to thank you so much for providing such a great tool/resource to help keep our computers protected from the bad guys. I'll definitely add a reminder to my calendar to visit your site at least monthly to get the latest HOSTS updates. Great work!

# re: The MVPS HOSTS update Mailing List has been discontinued

Monday, March 30, 2009 4:15 AM by winhelp2002

Maik,

If you follow the download link from their page you end up here:

HostsMan 3.2.70 Beta 6 / 3.1.57

www.softpedia.com/.../HostsMan.shtml

# re: The MVPS HOSTS update Mailing List has been discontinued

Tuesday, March 31, 2009 11:35 AM by Christer Edwards

Why not use something simple like an RSS feed for announcing updates to the hosts file list?  This requires minimal effort, does not require end-users giving any information to any parties either.. just a thought.

# re: The MVPS HOSTS update Mailing List has been discontinued

Wednesday, April 01, 2009 2:21 AM by winhelp2002

Christer,

Thanks for the suggestion ... however not everyone uses "RSS" ... but if needed they can be notified via this blog when there is a new post.

# re: Is Blinkx acquiring Zango?

Monday, April 20, 2009 8:00 AM by Mark

True to a certain extent - Blinkx acquired less than 10% of assets including IP and Hardware however will not be taking on any of Zangos liabilities.

# re: Is Blinkx acquiring Zango?

Monday, April 20, 2009 8:10 AM by Chicken Madras

Looks like Blinkx have just bought some assets and IP off Zango - but as usual blinkx shareholders aren't being told a single thing.

I hope Blinkx's tech is better than its PR and IR, that's all I can say...

# re: Is Blinkx acquiring Zango?

Thursday, April 23, 2009 3:31 PM by jon

i recomend not to use this toolbar becuase zango will spy on your searches

# re: MVPS HOSTS File Update April-19-2009

Friday, April 24, 2009 3:07 AM by redwolfe_98

i noticed that "titmix.net", which was mentioned in one of your recent posts, is no longer included in the winhelp2002 HOSTS file.. when i checked "titmix.net", i saw that it now has a ip address that is different from the one that it used to have, before, but, none the less, it is still resolving..

# re: Microsoft MVP Award Program Blog

Friday, May 01, 2009 7:35 PM by donna

>>>Yes it's a shameless plug ... but I got a nice writeup today on their blog ...

That's a great write-up about your great work! WTG, Mike!

# re: Microsoft MVP Award Program Blog

Sunday, May 03, 2009 1:55 AM by winhelp2002

Thanks Donna ...

# re: A disturbing new report on your Internet Privacy

Sunday, June 14, 2009 10:43 PM by fred

Just so you know they are using the Flesch-Kincaid readability score.

According to my research here is the breakdown of the scores:

90 to 100 - 5th grade

80 to 90 - 6th grade

70 to 80 - 7th grade

60 to 70 - 8th and 9th grade

50 to 60 - 10th and 12th grade (high school)

30 to 50 - college

0 to 30 - college graduate

So you have to be a college graduate to be able to read/comprehend Adobe's Privacy.

# re: MVPS HOSTS File Update June-21-2009

Sunday, June 21, 2009 10:10 PM by kingtron

Thanks

For the bests Hosts file

I was waiting for that

Keep up the good work

# re: MVPS HOSTS File Update June-21-2009

Monday, June 22, 2009 11:56 AM by Pierre

Thank you very much for this good work.

It's good to know that you help us walking securely through the internet!

# re: MVPS HOSTS File Update June-21-2009

Tuesday, June 23, 2009 1:18 PM by Randy Knobloch

Hi Mike,

I noticed you added or updated *.addthis.com a social bookmark tool. Shall I edit it out to allow ?

You can see where it is blocked here >

www.cbc.ca/.../washington-dc-train-crash-death-toll384.html

Thanks.

# re: MVPS HOSTS File Update June-21-2009

Tuesday, June 23, 2009 6:30 PM by Randy Knobloch

*.addthis.com # edited, fixed. However invasive the item may be as I do throw the odd  URL onto FaceBook (no plug)

# re: MVPS HOSTS File Update June-21-2009

Wednesday, June 24, 2009 4:48 AM by Ivan Pavlov

Please check this ad and tracking servers from bg and pl

affbot1.com

ads.webmedia.co.il

edge.quantserve.com

webgroundadbg.hit.gemius.pl

vbadbg.hit.gemius.pl

vbbg.adocean.pl

gg.adocean.pl

bg.adocean.pl

delivery.usermedia.net

relay-bg.ads.httpool.com

ads.neg.bg

please ad if mach you criteria

# re: MVPS HOSTS File Update June-21-2009

Wednesday, June 24, 2009 10:27 PM by winhelp2002

Randy,

"addthis.com" is owned by Clearspring Technologies (Advertiser) that was mentioned as one of the worst offenders via WebBugs in the report on my last post ...

# re: MVPS HOSTS File Update June-21-2009

Friday, June 26, 2009 9:58 AM by Randy Knobloch

Mike,

Understood, I'll remove the # out.

Thanks for the feedback.

# re: MVPS HOSTS File Update June-21-2009

Friday, June 26, 2009 2:36 PM by kingtron

i've added "insider.msg.yahoo.com"

to block Yahoo Messenger ads

thanks again

# re: MVPS HOSTS File Update June-21-2009

Saturday, June 27, 2009 1:36 AM by Rob Brown

Any plans to make an InPrivate Filtering version of the MVPSHosts file? This would well for those of us that can not conveniently manual/disable the DNS Client.

# re: MVPS HOSTS File Update June-21-2009

Saturday, June 27, 2009 4:48 AM by kingtron

i have convert it to "InPrivate Filtering .xml" but IE8 become very very slow.

# re: MVPS HOSTS File Update June-21-2009

Saturday, June 27, 2009 11:46 PM by winhelp2002

Rob,

Sorry I have no plans to add an "InPrivate Filter" list ... the HOSTS file itself takes all my free time as it is ...

# re: MVPS HOSTS File Update June-21-2009

Sunday, July 05, 2009 7:40 PM by Paul

Why is it the comment I made on the previous blog post wasn't "listened to"? I gave you a list of domains you missed, I also asked you to hide the comment which you did and I also gave you my email address if there were any problems.

You didn't add the domains and you didn't email me with any sort of explanation, I'd like to know why?

# re: MVPS HOSTS File Update June-21-2009

Monday, July 06, 2009 12:58 AM by winhelp2002

Paul,

What comment? I went back thru them and yours does not show up ... so how am I to respond if there is nothing to respond to?

FYI: there is no option to "hide" ...

# Comodo continues to damage it's reputation

Friday, July 10, 2009 3:31 AM by Hosts News

Here again we find another bogus Antispyware program that does nothing but take your money ... with a

# re: Comodo continues to damage it's reputation

Friday, July 10, 2009 5:20 PM by DoMo

That's how I know Comodo (Malware pretending to be Securityware from the very beginning).

Still most of the people are being tricked by their aggressive marketing ideas for spreading their euhm protecting software.

# re: Comodo continues to damage it's reputation

Saturday, July 11, 2009 8:49 AM by Buffet

I've always used Comodo on my computers. No more, thanks to you! I now use Online Armor, and I couldn't be more pleased. Thanks for ferreting out these wolves in sheeps clothing.

# re: Comodo continues to damage it's reputation

Saturday, July 11, 2009 8:49 AM by Buffet

I've always used Comodo on my computers. No more, thanks to you! I now use Online Armor, and I couldn't be more pleased. Thanks for ferreting out these wolves in sheeps clothing.

# re: Comodo continues to damage it's reputation

Saturday, July 11, 2009 2:54 PM by Joe

This is the same outfit that took BOClean off the market as a stand alone malware app.  What a shame.

# re: MVPS HOSTS File Update June-21-2009

Saturday, July 11, 2009 9:28 PM by Paul

I'm too lazy to type the entire list again so here's a screenshot of some blocked things from the network in question.

img18.imageshack.us/.../urlse.jpg

# re: Comodo continues to damage it's reputation

Saturday, July 11, 2009 9:31 PM by John

You people need to realize ANYONE can ask for a certificate which does nothing more than say the website is a valid website.  It does not say the website is a secure site, it does not say the website is not malicious in intent.  That is not the purpose of the certificate issued.  These certificates are issued by not only Comodo.  Why are you solely focused on Comodo?  Is it because they scare you the retail AV vendors with their products?

Get a life and start dealing with real issues!

# re: Comodo continues to damage it's reputation

Saturday, July 11, 2009 10:04 PM by ThunderZ

@ John. The only people they are scaring are their (current\former\would-be) customers. The free vers. was one of many that I carried in my tool-kit to suggest to my Clients. It has since been removed from my kit as well as their name from my vocabulary. Unless of course  I am specifically asked about their product(s). I relay the current state of affairs, stating the current information and providing links, to the Comodo forum as well. The Client then has all options available. I know of none that have gone with Comodo and several that even tore up their paid for vers. lic. and went to other software.  

# re: Comodo continues to damage it's reputation

Saturday, July 11, 2009 10:26 PM by Yazoooooooo

Hahaha,

The first Melih puppet has arrived :-)

# re: Comodo continues to damage it's reputation

Sunday, July 12, 2009 1:34 AM by das

Why don't you publish posts that disagree with you?

# re: Comodo continues to damage it's reputation

Sunday, July 12, 2009 9:08 AM by 3xist

Donna

You don't understand nothing about Domain Validation and how it works.

Feel free to join us here, and more info is here from the CEO him self:

forums.comodo.com/.../here_we_go_again-t42573.0.html

Posting missleading comments won't do any favours by the way, And your ignorance shows even more.

Cheers,

Josh

# re: Comodo continues to damage it's reputation

Sunday, July 12, 2009 10:51 AM by Lapsus

Yeah !

Comodo, we create trust !

:rofl:

# re: Comodo continues to damage it's reputation

Sunday, July 12, 2009 12:05 PM by LaserWraith

For some reason, people think there must be some other motive when companies produce free products.  

Why is Comodo selling these certs to malicious sites?  These certs ARE NOT saying that the site's products are safe.  It is just securing the transactions to and from the site.

I have found all of Comodo's products and services trustworthy.  People just see something fishy when someone gives good programs out.

BTW, Comodo revoked the cert within minutes of hearing about it.

# re: Comodo continues to damage it's reputation

Sunday, July 12, 2009 12:16 PM by Matt

A security company needs to have higher standards for certs, and as Donnas says, the other companies have better plans in place.

# re: Comodo continues to damage it's reputation

Sunday, July 12, 2009 5:05 PM by Donald

I would like to personally thank Donna and the others at this site for continually providing us with the best examples of misinformation and propaganda since Nazi Germany and the Cold War after that.  

# re: Comodo continues to damage it's reputation

Sunday, July 12, 2009 6:21 PM by 3xist

Matt.

The issue is simple: There is NO standard for Certificates, (Domain Validation) - The yellow padlock you see on a site, Certification Authorities are all doing, Comodo tried to address this but GoDaddy/Versign didn't want to get rid of DV. As long as you got $$ for DV, No validation, Come and get it! This is why Comodo reccomends EV (Extended Validation) so you see a GREEN bar and YOU CAN validate who your encrypting for!

Comodo also set up this - Where again, Trying to create standards: http://www.ccssforum.org/

Pls use that, and the contact site, of ANY malicious site using DV, So the relevant companies can act on it.

Cheers,

Josh

# re: Comodo continues to damage it's reputation

Sunday, July 12, 2009 8:06 PM by Steven Burn

@3xist and the other Comodo supporters,

Two issues here, firstly, this is NOT DONNA'S BLOG!!!!!!

Secondly, Comodo have a CHOICE as to whether or not they offer DV certs, if you don't like them/don't recommend them, STOP OFFERING THEM! - and no "everyone else is doing it" is NOT a defense.

Third and final, you CAN verify the websites associated with the certs you offer, DV or otherwise. The person signing up for a cert evidently has to tell you the site they are using it for - this instantly allows you to verify it's validity.

# re: Comodo continues to damage it's reputation

Sunday, July 12, 2009 10:47 PM by bjd

After reading your last blog regarding comodo I did some checking on their Chief Exec's claims. It seems he/she was right. To date, comodo are the only issuer that wants to either kill off DV certs, amongst other (interesting) things.

Are you sure this is not blue-on-blue? Seriously.

# re: Comodo continues to damage it's reputation

Monday, July 13, 2009 1:26 AM by winhelp2002

John,

re: they scare you the retail AV vendors"

Huh? I don't sell anything nor am I connected to anyone that does.

# re: Comodo continues to damage it's reputation

Monday, July 13, 2009 1:30 AM by winhelp2002

LaserWraith,

re: Comodo revoked the cert within minutes of hearing about it."

That's fine ... but the whole point was that they revoked their certificate from the same people previously ... so why does this happen again?

# re: Comodo continues to damage it's reputation

Monday, July 13, 2009 2:03 AM by Toggie

First of all I want to make it quite plain that the thoughts and opinions made by me on the Comodo forum, are my own and they in no way reflect those of Comodo.

I am not associated with Comodo or their affiliates, I am simply a volunteer Moderator.

It seems a recent comment made by me, in jest, has been taken, by some, to reflect the views of Comodo, this it does not.

I have taken it upon myself to post here, to disassociate my views from those of Comodos and also to apologise for any harm, perceived or otherwise my comment may have caused.

# re: Comodo continues to damage it's reputation

Monday, July 13, 2009 7:26 PM by donna

Toggie, your joke or not joke to hack my site: calendarofupdates.com is unacceptable.  A moderator of security forum should not threatened or write that way in "public" in any manner.  We can voice our concern in many manner but to say hack my site in any way not acceptable.  Glad to see it is gone (your post) and that you apologized.  Apology accepted.  Here's hoping that you will understand our concern.  It's nothing personal but it's the push they are doing and the work they are doing in attending whatever reported and voiced to them.  Instead of working on it... they blaming other service that is similar to them.  They forgot that they are offering desktop security product that other cert vendors do not.  If they flag bad file from bad domain that has Comodo cert... that should ring a bell to them.  If they don't then it's so obvious that they are not serious in protecting and providing what they call "creating trust online".

Regards,

Donna

calendarofupdates.com

msmvps.com/donna

# re: Comodo continues to damage it's reputation

Tuesday, July 21, 2009 10:02 AM by ED

www.theregister.co.uk/.../ca_mozzilla_cert_snaf

blog.startcom.org

bugzilla.mozilla.org/show_bug.cgi

# Comodo continues to ignore Malware warnings

Wednesday, July 22, 2009 11:45 AM by Hosts News

Yet again we find the same group "ISystem Inc" scamming the public with their bogus products

# Comodo continues to ignore Malware warnings

Wednesday, July 22, 2009 11:46 AM by Hosts News

Yet again we find the same group "ISystem Inc" scamming the public with their bogus products

# re: Comodo continues to ignore Malware warnings

Wednesday, July 22, 2009 2:25 PM by paul

with all the money Comodo gets from this and their toolbar they start now paying people for creating positive video reviews of their products... see forums.comodo.com/.../1000_from_comodo_for_your_video-t43021.0.html

# re: Comodo continues to ignore Malware warnings

Wednesday, July 22, 2009 4:36 PM by Wizzo

Yeah, that is their primary tactic from the very first start, now that they have the cash at hand, and the power to overpower they start to "buy" positivers. It's like the digital Mob.

# Comodo continues to ignore Malware warnings

Wednesday, July 22, 2009 8:52 PM by Donna's SecurityFlash

From MVPS Hosts News blog by MS MVP Mike Burgess: Yet again we find the same group "ISystem Inc"

# re: Comodo continues to ignore Malware warnings

Wednesday, July 22, 2009 10:30 PM by melih

The above cert has now been revoked. Thank you for bringing it to our attention.

This was a free ssl certificate for 90 days.

Melih

# re: Comodo continues to ignore Malware warnings

Thursday, July 23, 2009 11:49 PM by donna

That is trial version of your SSL cert Melih which gone thru many steps to register including Domain Validation 1 and Domain Validation 2.  Not all applicants of your cert You revoked the cert, that's good but please answer this question:

Why does the same group, ISystem Inc is able to get cert whenever they want?

Why the same people behind different malware domains continues to get cert from you.  

Don't you have blacklist on which IP and location so your cert will not be use by them again?  

Many in the security community don't trust Comodo certificates anymore.  Trust online is not in Comodo if you don't do something better

Revoking is another move but show us something better.

Creating a group or association to help stop rogue is not the answer to this.  There's so many group or association already that claim and joined by vendors already but it's not what it is.  It's about the issuer of certs.  Other vendors that joined your group is not issuing cert.  You are issuing the cert to malware domains.  Revoke when highlighted? Prevent it Melih.

BTW, you know a fake antivir website is also using your cert right?

# re: Comodo continues to ignore Malware warnings

Friday, July 24, 2009 3:46 AM by Jovan Evans

despite all the claims that Comodo do not support DV certs, dubbing them 'Dangerous Validation' it's still quite clear that Comodo are happy to make a profit from DV and then shrug their shoulders when things go wrong. For a company that (claims) not to support the use of DV and uses a poor excuse to justify this two faced action (along the lines, we sell DV to upsell to EV - hello, thats like saying I sell drugs to kids so that I can tell them how bad it is). Yet Comodo this week run a promotion (via twitter) offering a 'roll up roll up' on Essential SSL (DV) which is free to users of Comodo competitors. If DV is really a bad product, the only way you can stand on your soap box is to stop promoting it and make a stand on OV & EV.

# re: Comodo continues to ignore Malware warnings

Friday, July 24, 2009 8:49 AM by Axl

"we sell DV to upsell to EV - hello, thats like saying I sell drugs to kids"

Selling DV certs is like selling drugs to kids??!

Do you people have any shame?

# re: Comodo continues to ignore Malware warnings

Friday, July 24, 2009 9:15 AM by Sparsha

@Melih

one more from the same gang extra-antivir.com

# re: Comodo continues to ignore Malware warnings

Friday, July 24, 2009 11:47 AM by Melih

Avoiding the issue of DV and pretending that it doesn't exist and as long as Comodo doesn't issue it everything will be fine is not going to solve the DV problem.

The problem with these fraudsters is that DV process is too easy for them to take advantage of. DV only checks if the site owner owns the domain or not. There is no other check. Verisign and Godaddy own around 90% of this market. I have been very vocal in www.cabforum.org to bring higher standards so that end users can be protected. It has met with resistance with people from Verisign and Godaddy. But I am continuing to push for better standards as DV gives a trust indicator to fraudsters hands.

As to some basic checks like, IP etc etc.. been there and done it..doesn't work! These people are professional criminals! They know how to change their IP when applying for a cert, how to create a new identity etc etc. We are coming up with different defense mechanisms but we'll see how it will work.

To people who claim we profit from these:

Fact 1) These are all FREE SSL certs.. we don't get money from them (notice the duration of the cert is 90 days, these are trial certs we issue)

Fact 2) we issue over 300,000 certs a year getting some fraudsters getting a free cert or two costs us money in reality!

So what can we do to fight this?

1)We need to get a standard (yep.. there is NO STANDARD for issuing DV certs today) that mitigates fraudsters having access to this yellow padlock (nothing ever is 100%)

2)We all need to work together and report these sites so that they can be revoked quickly again limiting the damage. Common Computing Security Standard Website has a reporting form where this is fed to all CAs quickly. www.ccssforum.org/report.php . Please use this to report any maliciously used certificate so that it can be acted upon quicker.

Pls feel free to engage in a discussion (here or in Comodo forums) as to how we can make it safer for the end user. Again, Comodo stopping issuance doesn't make it safer, it might even end up with other CAs who might take much longer to revoke maliciously used certs. And a DV is a DV, yellow padlock indicator does not differentiate between vendors.. Users just see the yellow padlock and trust it.

Melih

# re: Comodo continues to ignore Malware warnings

Friday, July 24, 2009 12:33 PM by Herbert

solution = stop providing free/trial DV certs! Comodo tries to promote EV certs (because they are more expensive), so they make DV be/look useless (and that Comodo creates forums and websites where other sellers are needed to join is a bogus marketing strategy).

# re: Comodo continues to ignore Malware warnings

Friday, July 24, 2009 10:51 PM by Melih

We did a manual check to see how many of the malware related sites (sites that are pushing rogue AV products or other malicious activities, not including fake investment scams etc offered by fraudsters) use SSL certs to create legitimacy in an attempt to dupe end users.

The site is called www.malwareurl.com which has a list of malware related URLs (this is just one of many sources) We checked the last 2000 entries from www.malwareurl.com/rss.xml

for malware websites with certificates. The list and the corresponding certificates are attached.

secureoem.com/.../order   Equifax      

secure.signupsecurity.com/p05(S(4xghlr45eyy5dd45f33jqub4))/join2.aspx   GoDaddy.com, Inc.

secure.yclinks.com/p05(S(r02vzt55hmnxlh45vy5dvj55))/join.aspx?siteid=freemovienow_cm&product=30&cli=7&descriptionid=new-movies&lng=en GoDaddy.com, Inc.

secure-plus-payments.com/.../buy_soft.php   Thawte Consulting cc  

secure.cc-process24.com   Equifax      

secure.mpsjoin.com/.../index.php   Equifax Secure Inc.  

secure.payment-cc24.com/payment   Equifax   secure.payment-cc24.com.p7c   Session-based link. Redirected from: pcsecurity09.com/buy.html

https://1-vscodec-pro.com   Thawte Consulting cc

secure.onlineinternetpayments.com/billpav   Thawte Consulting cc

secure.innovagest2000.com   GoDaddy.com, Inc.

secure.paysecorder.com/order   Equifax Secure Inc.

You see, wouldn't it be better for the end users if all the above certs were from Comodo? They would have been revoked by now!!!! DV is a dangerous tool!

@Herbert: As you can see above, Fraudsters are already using the other providers in a bigger way (you will find more certs maliciously used that belong to other providers than Comodo). So Comodo stopping issuing DV will NOT help end users. At least now we all talk about this and it gets reported and Comodo acts on it and end users get protected! Look at the above Certs.. they are still not revoked! Believe me I wish I didn't have to deal with the hassles of DV. It represents a tiny (tiny) amount of sales for us and the hassle it causes it much bigger than its worth to us. But I can't let this stop us from protecting end users! Hence why I am here at 11:38pm plugging away at this. I initiated www.cabforum.org (didn't have to!), I initiated www.ccssforum.org (didn't have to!), I decided to give top notch Free Security product (didn't have to). I am selling DV (didn't have to) but I also know if I pretended DV didn't exist and don't take the bull by its horn, fraudsters will simply go get it from other providers and the certs they use might not get revoked in a timely manner. And end users are the losers at the end in that scenario.

The solution is not to pretend DV doesn't exist. The solution is to introduce a stringer standards for DV so its not easy for fraudster to obtain it and until that happens the solution is for everyone to report these sites to www.ccssforum.org/report.php  so that it can be acted on quickly.

Melih

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 5:41 PM by donna

Melih,

Mike's question and everyone's question including mine was "Why your company continue to issue cert to the same gang?"

Let me re-phrase that:  "Why Comodo continue to provide cert to malware domains that is from the same group that you've revoked?"  

Comodo seems to not to apply what other cert vendors can do in protecting their own service so that end-users will not become victim.  They seems to know how to implement "creating trust online" than you do.  Verisign said:

"Yes, we can revoke a cert whenever we want. But more importantly we have a high standard of checks & balances to make sure we do not issue certificates to bad sites in the first place."

"The system we have in place automatically rejects obviously fraudulent sites and kicks anything questionable to a manual approval. And if anyone flags a site as malicious, we have a team that investigates these and revokes the certificate if found to be malicious/fraudulent."

"For GeoTrust and RapidSSL we have the ability to revoke a cert issued to a malicious or rogue site instantaneously. The cert will then show up on our CRLs immediately."

www.thetechherald.com/.../Criminals-using-Comodo-to-attempt-legitimacy

You said those fraudsters are professionals which is true but as you can see Melih, other cert vendors do not care whether the cert offender is professionals or not.  That is not an issue for them.  If it's known fraudster they have a good system to handle it and good team to monitor and investigate it.  What about Comodo? It's been 2 years that your cert is found in malware domains and until now you have high standard of checking like other cert vendors has?

You said you are coming up with different defense mechanism.  Good luck! Let's hope Mike and others will not have another blog entry like this.  If there will be, we'll see the date that the cert was issued.

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 6:34 PM by Melih

Donna

I made a post but its not showed up yet(?), where you could see the other Vendor's certs used by malicious sites.. more than ours! So your statement and inference that other CA's got it sorted is totally misguided and wrong.

I have a similar post in our forum here forums.comodo.com/.../bad_comodo_bad-t43119.0.html;msg312958

with the details of some of the certs we found from other CAs.

Again, DV is inherently vulnerable and fraudsters will continue to abuse it! Actually Comodo has the lowest ratio of malicious use of our Certs compared to our market share as can be seen from my post in our forum.

Again, Donna, you are misguided to think other CAs are not vulnerable or don't have their certs maliciously used. And you are misguided to think DV malicious use can be stopped.

Melih

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 8:14 PM by Melih

@Donna

You are asking the same question that I already answered in my post of Friday, July 24, 2009 11:47 AM by Melih.

Pls read it the answer is there.

But let me expand on it more:

Do you really think that these criminal outfits come to us and say, hey Comodo, we are the same criminal outfit that got a free cert from you and you revoked it, can you pls give us another one!!! Pls get real Donna... These people hide any traceable information that might link their new application to the previous one that got revoked. You are understimating these professional criminals Donna, a big mistake!

Your naivety in this subject is scary as someone who claims to be in the security world.

thanks

Melih

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 8:57 PM by winhelp2002

I think this was the best question ... that went unanswered ... about the discussion on your forum:

Melih,

Yes, I know that usually CAs only check if the site owner owns the domain or not, but why don't you change the standard for yourself?

If you are pushing for better standards, why don't you use them instead of waiting for others to?

Is there some "rule" prohibiting you from doing so?  If not, why don't you set the example?

forums.comodo.com/.../bad_comodo_bad-t43119.0.html;msg312955

Rather than trying to discredit the people reporting on this issue ...

"Why don't YOU set the example?"

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 9:00 PM by Paul Wilders

The problem in fact boils down to two issues here.

First, the certs issue. The fact other cert vendors may or may not have standards or systems to investigate and revoke certs is merely part of the solution. Putting a halt on providing free and trial certs as those in question from this moment on by all cert vendors would be the way to go, in combination with fast and solid investigations from already provided sortalike certs.

The tricky part is, these free and trial certs are in fact commercial teasers. All cert vendors do provide them with one goal in mind: selling "the real stuff" in the end. Earning money is what it's all about in the end.

It may not come as a surprise cert vendors are far from willing to drop providing free and trial certs for that reason: it's the start from their main source of revenues.

Comodo is no exception to the rule here. Does this put Comodo off the hook? Certainly not. Although I applaud all sorts of actions as mentioned by its CEO to tackle this issue, it's bound not to work - it never has and never will. Far stronger rules should be applied - see above.

So the ethical versus commercial consideration arises: should Comodo stop issuing free and trial certs? Ethics say: "here and now". Commerce demands: "never. It does cost us far more then we can and wish to affort. Our competitors will laugh all the way to the bank". The conclusion: Comodo picks and will pick the commercial point of view. And Mike will keep on posting over here for years to come about this subject.

Second issue: Comodo is rapidly involving in creating various security related softwares. Fairly all of them do have at least a freeware option. This comes with a hugh price tag (vast team of employees, bandwidth costs etc.). And here the connection with the first issue is obvious: this price tag most probably is mainly coming from the certs revenues.

It's rather obvious, the combo "certs" and "security software" is a fairly impossible one, not to say a contradicto in terminis.

Personally, I do see the overall marketing concept behind this combo concept. It's a rather smart concept as well from Comodo's perspective. Unfortunately, there's one misconception implemented: the real money maker source - the certs as being discussed. This misconception may well backfire in the end.

On a personal note and well intended: I'll take it your lunch invitation in NY from a while ago still stands, Melih :). I do wish you all the wisdom needed in dealing with the situation at hand.

Cheers,

Paul Wilders

(yet another darned Microsoft MVP since say 2002 or so)

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 9:02 PM by Censored Thoughts

This "audited" comment system look indeed awkward considering that a comment suddenly appeared before the one posted by Donna or that it usually take hours (or even a day) to post a reply.

The focus is clear and the tone is too and it looks way more easy to abide to the pre-laid path with eyes closed than addressing the substance of the arguments and the premise provided.

It would be really interesting though to read an article thoroughly detailing what procedure and checks should be necessary for DV certs in order to unequivocally identify legitimate requests from malicious ones during application.

It would be crucial to not neglect how circumstantial suspicion criteria should supposedly handled to not illegitimately deny applicants using assumptions the likes of IP or ISP which are not meant to unequivocally identify people (though they could be undoubtedly used afterwards providing that impression)

Indeed a technical article in this regard could be less interesting for casual readers but would be unlikely to pass unnoticed by other security experts reviews for completeness, inaccuracies or weaknesses because the focus would be to find a reasonable, realistic and efficient solution for the benefit of everyone...

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 9:51 PM by Melih

@winhelp2002

Actually that question has been answered many times, including in my posts above.

thanks

Melih

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 9:53 PM by 1George

Hey Donna you remmeber the site that you complaied had a Comodo DV http://windowspcsuite.com , its now using a Equifax DV.

Stop complaining about Comodo and go complain about the other CA who dont even give a curd for there end users security!

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 10:02 PM by Melih

This is too funny!

The very website you (the site shown above in the main blog) complain about is now using Geotrust Certificate (A Verisign Company)..

The very company that Donna thinks is immune to fraudsters! Lets see how long it will take them to revoke this cert! Count down starts now :)

Melih

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 11:16 PM by donna

Melih,

No one said that other cert vendors has not issued cert to other malware domains.  Don't say I'm a total fool because "no one here including myself" has said that other cert vendors has not issued cert to malware domains.

The differences?

1.  Comodo "continue" to issue it even after you revoked from the same group/gang.

2.  Comodo offers not only  certs but desktop security software.  Other certs don't offer security software.  Comodo has more responsibility and should have better strategy.  

3.  You or Comodo admitted that you are doing this because others is doing that.  That's a lame excuse.  Many times people have ask you to start to show example on whatever standard that you think is better and we'll even praise you if you will show to the world that you are doing better than other cert vendors.

4.  Comodo is offering free 90days of DV certs! You are promoting DV which you said "not good".  Promoting something that you know bad is adding problem instead of preventing.

5.  Last but not the least, Comodo questions the ethics of people who report instead of working on it.  To tell us that we are targetting Comodo alone is simply untrue. We are not misguided.  We look at the history and report... we look at track records.  

I'm glad to see your answer about why Comodo continue to issue cert to the same fraudster.  That's lame answer you got.  You have desktop security software that has detection to particular malware.  Ever heard of heuristic? The same behaviour will be flag.  That is the same method that you can apply in your cert business.  Same gang, a bell should ring. If not, monitor it then revoke before anyone become victim.  What is happening is you failed to monitor.  You wait for report from people whom you questioned the ethics.  Oh well...

This going in circles.  No wonder why MVP Steven Burn stopped talking in your forums because it's useless.  You keep pointing fingers and going in circles.

'Nuff from me.  I hope to not to see another blog or report that Comodo has issued cert to the same gang or other malware domains.

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 11:22 PM by donna

1George,

Who said I reported to Comodo that domain? Are you like Melih who is confused on who is Donna, Mike and Corrine?

Read my reply earlier. I said 'no one here has said that other certs don't issue certs to other fraudsters'.  The problem is Comodo continues to issue to the same fraudster.  In my post there are differences between Comodo and other cert vendors.  Wait til my post appear.

# re: Comodo continues to ignore Malware warnings

Saturday, July 25, 2009 11:49 PM by 1George

But Donna dont you know that no CA has a system to check if the DV is being given to a repeat offender.

What happen to Comodo here happens to all other CA way more offten, just because you dont/wont notice it or find one, doesnt mean it's not happening to other CA's also.

# re: Comodo continues to ignore Malware warnings

Sunday, July 26, 2009 12:55 AM by donna

1George,

You just answer your question.  It happens more often with Comodo cert which means? more malware domains has cert and the worst part is.. the same offender get the cert again, again and again.  The action of Comodo to prevent this from happening is what?  There must be action to prevent this or else, Comodo cert should not be use by non-malware domains because many people will block and not trust Comodo certs anymore.  

>>>But Donna dont you know that no CA has a system to check if the DV is being given to a repeat offender.

You better ask that with Comodo because Verisign claim that they have a system to automatically reject known fraudelent (repeat offenders) and their manual system handles questionable domains that try to get a cert.  So if Verisign can do that... your belief that no CA has system to check if DV is given to repeat offender is incorrect.

# re: Comodo continues to ignore Malware warnings

Sunday, July 26, 2009 1:21 AM by winhelp2002

1George,

You're right "pay1.windowspcsuite.com" now redirects to "stonewave.net" which is hosted at the same location as the others ...

# [Netdirekt][95.168.163.0 - 95.168.164.255]

127.0.0.1  aquabilling.com

127.0.0.1  secure.aquabilling.com

127.0.0.1  secure.bestbillingpro.com

127.0.0.1  secure.payment-cc24.com

127.0.0.1  pay-secure.net #[ISystem]

127.0.0.1  safe-pay-vault.com #[server down?]

127.0.0.1  stonewave.net

127.0.0.1  webexpressbill.com

127.0.0.1  secure.webexpressbill.com

www.robtex.com/.../stonewave.net.html

As for the actual culprits they all use the same upstream provider = AS304407

# [Velcom / Teleglobe][AS30407][64.86.16.0 - 64.86.17.255]

# [Global Crossing][AS30407][64.212.0.0 - 64.215.255.255]

# [Rcp.net][AS30407][206.53.48.0 - 206.53.63.255]

If you view the Google Diagnostic report you'll see they are bad characters ...

www.google.com/.../diagnostic

In my opinion Comodo needs to step up and take a different approach, as the method now in place clearly doesn't work ... thus my comment:

"Why don't YOU (Comodo)set the example?"

# re: Comodo continues to ignore Malware warnings

Sunday, July 26, 2009 6:39 AM by Paul Wilders

--quote--"Why don't YOU (Comodo)set the example?"--end quote--

Easy one. Setting an example > big revenue loss plus a grinding halt from all security software(s) developed.

Business wise that boils down to a disaster. This is a roller coaster with virtually no way out. Anyone who fails to understand this never ever has been involved in high staff level business situations and decisions.

In all fairness it should be a good thing to imply GoDaddy, Verisign(!) and all others into this issue as well. The only reason to focus only on Comodo is - in my view - the impossible connection as for developing security software(s).

# re: Comodo continues to ignore Malware warnings

Sunday, July 26, 2009 10:25 AM by winhelp2002

Paul,

I not asking Comodo to stop issuing certificates, but rather come up with a better method of verification ...

"Trust, but Verify"

# re: Comodo continues to ignore Malware warnings

Sunday, July 26, 2009 11:11 AM by Paul Wilders

Mike,

I do understand your point of view. Perhaps we agree to disagree about your proposal :).

In my view these certs in question should not be issued at all, and that includes all cert vendors. As far as I see it, Verisign, GoDaddy and others belong in one and the same category as Comodo. Nice looking statements are not more then words.

Let them sell only the real and trustworthy stuff to carefully examined buyers - and keep them examining very frequently. Weed out the certs already issued and keep doing so.

That's my interpretation from "Trust but Verify". And that goes for all cert vendors, Comodo included.

Will that happen? For reasons as already posted earlier on, I probably won't live to see that day.

# re: Comodo continues to ignore Malware warnings

Sunday, July 26, 2009 12:50 PM by Melih

@Paul...Lunch.. you know my email address, just drop me a line anytime ;)

As to whether the issue is free trial or not. Well imo its not. As you can see from the above example even though windowssecuritysuite site had a free trial cert from us (where we made no money from), they now got a cert from Verisign and they paid for it and its still not revoked! Comodo revoked their certs within minutes of finding out about them.

Its the DV SSL process that is the problem. With this process there is no check about the legitimacy of the applicant. CA doesn't even check if its a real person or real entity or not! That is the problem! Whether you provide this paid for or free, its still susceptible as a protocol.

Hope this clarifies the issue.

cheers

Melih

# re: Comodo continues to ignore Malware warnings

Sunday, July 26, 2009 3:35 PM by Melih

Donna

This is why look like a fool

You Quoted this statement From Verisign in your above post

***************

Verisign said:

"Yes, we can revoke a cert whenever we want. But more importantly we have a high standard of checks & balances to make sure we do not issue certificates to bad sites in the first place."

***************

Then soon after the windowssecuritysuite went and got a cert from a Verisign company!

You look very foolish indeed!

Moreover,

You look foolish, because you are ignorant and do not understand the problem is not per Company but the Protocol of DV cert

You look foolish, because you are involved in a witch hunt against a company without getting your facts straight

You look foolish because in your flawed argument in your witch hunt you quoted a company saying " we have a high standard of checks & balances to make sure we do not issue certificates to bad sites in the first place." and only shortly after the above malicious site went and got a cert from them!

Donna, you look very foolish indeed.

Melih

# re: Comodo continues to ignore Malware warnings

Sunday, July 26, 2009 9:55 PM by donna

Paul,

Ever since this issue with Comodo cert started, most of us highlighted that Comodo is not only a cert vendor but a security software vendor (kindly see www.calendarofupdates.com/.../index.php) which is not the same with other cert vendors so it is not unfair to imply Comodo on this issue.  How can people trust their security software to detect malware if the malware domains that will serve the malware is carrying Comodo cert?  That alone should make Comodo to do something better than other cert vendors. They have all the possible method to prevent it.  They have malware team who should know the "source" of the malware. That malware team should be talking to their Cert department and flag a malware domain if they only checked the source and found out that there is Comodo logo on the source of malware that their security software will be detecting.  

If they cannot set-up a better strategy and step up then they are mistaken to render two products: Cert Issuer and Security Software Vendor.

They issues cert to malware domains.  Their scanner detects the fake antivirus.  What the malware research team there has done? Did they pass the malware domain information to their cert team and say "Hey, we are detecting this as rogue, it has our Comodo cert".  

Their cert department should revoke it soon before any researcher like Mike will find it or before anyone is victimized by the fraudster.

Regards,

Donna

# re: Comodo continues to ignore Malware warnings

Sunday, July 26, 2009 10:13 PM by 3xist

Donna,

You're behavior is down right not acceptable! Your spreading lies all around about Comodo! Seriously Donna, Cut the crap right now. Instead of blogging "OMG! Comodo has a Certfiicate issued to this malware domain!" And blogging misleading crap about it, You can help COMODO and other CA's ALOT by submitting malicious websites using Certificates here: www.ccssforum.org/contact.php

ALL the malware sites used by COMODO certificates are either (Free, 90 Day Trial) or Domain Validation Certificates. Heck as long as you got a domain, And you got money, COME AND GET A DV! No Validation WHAT so ever.

THIS is the problem The Industry is posting relating to ALL CERTIFICATION AUTHORITIES, PERIOD! There is no Standard. Comodo, Versign, etc are all in the same boat.

winhelp2002: There is no Validation for DV's. It's an industry wide problem. Comodo educates people about Extended Validation, which does have validation and all the proper steps.

Btw, Melih has a video about Domain Validation here: www.comodovision.com (Cause of all this misleading information).

Cheers,

Josh

# re: Comodo continues to ignore Malware warnings

Monday, July 27, 2009 2:05 AM by winhelp2002

Josh,

You are way off base here ... I posted the "Comodo has a Certfiicate issued to this malware domain" not Donna ...

As for the "industry wide problem" ... yeah yeah, yeah ... we've heard it all before, and that's why I continue to ask for a better method of validation. Comodo wants to be a leader ... well let's see some leadership.

"Comodo educates people" ... the criminals won't be educated, that's just a poor excuse for doing nothing. If there is no "standard" then create one ...

# re: Comodo continues to ignore Malware warnings

Monday, July 27, 2009 2:36 AM by donna

Melih,

Hah! You find that foolish? Then you're the one making yourself like a one.  Why? Because you believe that we do not know that other certs has issued cert to fraudster.  You believe that we are singling you out.  Since May 2009 discussions in Calendarofupdates.com forum, people was highlighting your difference from other cert vendors.  No one is saying that only Comodo has issued cert to malware domains.  

From day 1 that this issue about your cert was blogged or discussed in forums, you keep pointing fingers.  You keep comparing yourself with other cert vendors but you failed to realize that people expect MORE from Comodo because you are offering NOT only certs but Comodo security software also. People are not comparing you to other cert vendors because they know that it is not Comodo alone has done it but they expect more from you. You are the one who keep mentioning your rivals.  

You are using other cert vendors as EXCUSE or ALIBI that as if people do not know about certs at all.  What we cannot understand and you/Comodo failed to do is to prevent it and provide better prevention especially you are expected by people to do better.  You have security software! Your teams (malware research and cert teams) should be coordinating and reporting to one another then prevent it before people become victim.  

Even Paul can see the problem with your services.  Even Paul has said it.  Ethics vs Commercial.  You opted for losing your ethics.  You opted to not to provide professional standards.  You opted to provide a not fair job and you opted to not to show your duty as security software vendor.  

Even Mike has said before "who's ethics is being question here?", not his but yours.

And since you opted to the above, then you got to face this problem.  Solve it Melih.  That what people want to see, your solution.

# re: Comodo continues to ignore Malware warnings

Monday, July 27, 2009 8:51 AM by Censored Thoughs

It would be pointless to argue in the span of this page whereas the manifest intention to restrict the focus to a single CA is unambiguously clear.

Each reader ought to confirm if some arguments could actually warrant the comments insofar provided whenever there might not be enough of a context nor the information to have them properly address some claims, even in case some will _not miss_ the comment section.

It should be clear by now the effort some put to point out arbitrary reasons to maintain such narrow focus is directly related to the extent of targeted criticism provided.

It's is baffling to notice the unavailability of a technically reasonable, realistic and efficient solution which should have been provided months ago and reviewed for

completeness, inaccuracies or weaknesses by other experts and unambiguously proposed "to all CAs" for the benefit of everybody.

How log opinions have to come in form of "judgments" and not as a "proposal of solution"?

Because only a solution-oriented industry wide "proposal" could possibly cast away the undeniable considerations arising from such narrowed perspective some individual vocally advocate.

The "vast majority of CAs" will not fail to answer to such officially provided "solution"  whenever released outside the cabforum.

Especially if provided by reputable individuals who apparently have the issue at heart instead of posing as judges on the sidewalk while delegating the rest or focusing on a single CA whenever it is a marginal issuer of DV certs.

Whenever some may be still willing to argue about these aspects and only passing their righteous judgment all along, their approach and their focus will be self-evident regardless of their confidence on their reasons and premises...

Whenever comments the likes "this should never happen" vocally leverage on popular sentiment arguing about viewpoints and sentiments is much different from arguing from a technical perspective to "thoroughly" describe a reasonable proposal...

...because per-reviews could be assumed to be as thorough and pertinent as well oriented on  on realistic constraints and efficiency aspects in order to determine the span and applicability of such DV proposal.

Whenever it does indeed look that OV certs inherent identity validation can already address many DV certs related pitfalls in a reasonable and efficient way with less resources, any experts willing to address a detailed DV proposal for all CAs could write about that outside the restricted space of this "comment section"

# re: Comodo continues to ignore Malware warnings

Monday, July 27, 2009 12:18 PM by Melih

@Donna

Donna:

Hah! You find that foolish? Then you're the one making yourself like a one.  Why? Because you believe that we do not know that other certs has issued cert to fraudster.

Melih:

If you do pls tell us the percentages.  How many percent of the malware sites used Comodo certs vs other vendor`s certs.  You do NOT know this, if you did, you wouldn`t be doing what you are doing! Can you pls provide percentages to say that Comodo is not doing its part or even more that its fair share!

Donna:

You believe that we are singling you out.  Since May 2009 discussions in Calendarofupdates.com forum, people was highlighting your difference from other cert vendors.  No one is saying that only Comodo has issued cert to malware domains.  

Melih:

Then the only foolish one is you Donna. You even quoted a line from Verisign: "Yes, we can revoke a cert whenever we want. But more importantly we have a high standard of checks & balances to make sure we do not issue certificates to bad sites in the first place." If you didn`t believe that line why did you quote it? Can you pls explain?

Donna:

you failed to realize that people expect MORE from Comodo because you are offering NOT only certs but Comodo security software also. People are not comparing you to other cert vendors because they know that it is not Comodo alone has done it but they expect more from you. You are the one who keep mentioning your rivals.  

Melih:

Expect more from Comodo because we have security software implies comparison to other cert vendors. You are clearly saying Comodo as a CA who also has security software should do more than other CAs who doesn't have security software. btw  more compared to whom or what? Obviously our competitors! Or perhaps you can explain what you mean by expect more from Comodo compared to what/who based on What percentage? What data do you have in terms of percentage to say that Comodo is not doing enough compared to our competitors? Perhaps again you can share that data showing the percentage of maliciously used certs issued by comodo vs competitors as well as the average revocation time for respective companies. Surely you must have this for you to come to the conclusions you have. If you haven`t how can you possibly say all the stuff you have been saying?

Donna:

Even Paul can see the problem with your services.  Even Paul has said it.  Ethics vs Commercial.  You opted for losing your ethics.  You opted to not to provide professional standards.  You opted to provide a not fair job and you opted to not to show your duty as security software vendor.  

Melih:

Paul`s point was about free/trial SSL, but as was clearly shown this is not the issue as the malicious site blogged about in this very blog against Comodo went and purchased a cert from a Verisign Company. Once again the protocol for DV is flawed, no matter who issues it (maybe one day you will get it..)(will you?)

Again, we expect substance to your allegations, we expect no flip flopping, we expect not some foolish girl going around on a witch hunt with literally ZERO understanding of the security world!

Its amazing how the universe works in mysterious ways.... You quoted the Verisign statement and within 24 hours You were proven wrong!

How can you with any credibility claim that You didn`t quote Verisign`s statement saying: "we have a high standard of checks & balances to make sure we do not issue certificates to bad sites in the first place". Donna you are a fool for posting that statement and then claiming you never said others vendors don`t issue certs to malware domains.

Look forward to your explanation of why you quoted that Statement from Verisign if you didn't believe in it?

Melih

# re: MVPS HOSTS File Update July-27-2009

Monday, July 27, 2009 3:50 PM by Robert

I hadn't used your Hosts file in a few years and tried it out today and found at least with IE8, my whole browsing experience was very slow. Removed your Hosts file and it was back to normal.

# re: Comodo continues to ignore Malware warnings

Monday, July 27, 2009 7:29 PM by donna

Melih,

You are trying to use this "single" malware domain to justify your work :-O

Note: The same gang that you've revoked cert before and the same gang that you have issued the cert before it goes to other cert vendors.  

Why did I quote Verisign's response? it is to answer 1George's claimed: "no CA has a system to check if the DV is being given to a repeat offender".  Take note that he said "repeat offender".  You see, this single malware domain that you are trying to use now as your defense was found only to have Verisign cert after you have revoked it.  It does not mean that Verisign re-approved or re-issued the cert to the same gang that unlike you, Comodo... who continues to provide cert to same gang.  You issued the cert to the same gang.  Repeat offender.

See the difference?

Nope.  MVP Paul Wilders wrote about the issues in Comodo services:  certs and security software.  Read his entire message again, Melih.  He can see what other people have seen since May 2009:  A cert and security software services is the issue here that's why Comodo is being questioned.  Paul clearly wrote that there is 2 choices: Ethics vs Commercial. He understand why you picked commercial instead of ethics.  It's quite obvious anyway but let us not forget that you have other source of money to develop your free software now:  A toolbar in partnership with Ask/IAC.  A toolbar that is bundled with EULA at all in the installer and not even link.  No EULA means you are not clearly disclosing what your software has and what it will do.

You want to count how many malware domains has cert by other vendors.  Why bother if Comodo cannot even monitor it and that Comodo have to wait for reports like this.  Remember, MVP Mike (aka winhelp2002) is reporting to you since Winifixer days.  Since 2007, he's been catching malware domains with Comodo certs.  Does the numbers matter now if people knows that your system like other cert vendors system is failing? What is the point if you are not going to provide solution?

You have security software to help in having a better strategy than them.  That is the point.

# re: Comodo continues to ignore Malware warnings

Monday, July 27, 2009 7:42 PM by bradley

As a end user here, I'm tired of the name calling and finger pointing.  How about all of the folks in this industry work together to stop the bad guys.

Enough with the attitude and how about we all get together to protect customers?

How about taking the time from justifying what happened to figuring out how to stop it happening again?

# re: Comodo continues to ignore Malware warnings

Monday, July 27, 2009 8:48 PM by Melih

@Donna

You said

Why did I quote Verisign's response? it is to answer 1George's claimed:

WOW...what a LIE....because you posted the verisign Statement on Saturday, July 25, 2009 5:41 PM by donna

But 1George made his first post on

Saturday, July 25, 2009 9:53 PM by 1George

You are now lying through your teeth Donna!! Shame on you! A Fool and now a blatant LIAR!!!! Have you no shame?

Melih

# re: MVPS HOSTS File Update July-27-2009

Monday, July 27, 2009 9:05 PM by winhelp2002

Robert,

Did you disable the DNS Client service as recommended? The HOSTS file itself does not slow down IE8 as I use it myself as well as many many others, with no effects ...

# re: MVPS HOSTS File Update July-27-2009

Monday, July 27, 2009 10:23 PM by Paul

I guess you missed the screenshot I linked on the blog post of the previous release.

# re: Comodo continues to ignore Malware warnings

Monday, July 27, 2009 10:58 PM by Paul Wilders

Melih,

You've stated somewhere above:

--quote--

"Its the DV SSL process that is the problem. With this process there is no check about the legitimacy of the applicant. CA doesn't even check if its a real person or real entity or not! That is the problem! Whether you provide this paid for or free, its still susceptible as a protocol."

--end quote--

Although in my opinion free/trial certs should never been issued at all for reasons as discussed, you certainly have a hugh point here. So let's focus on this one for a while.

What if any reasons do exist for cert issuers not to change this darned protocol? In case it's flat out the money, by all means state so. From purely a business stand I can understand such a reason. Although (being aware of the consequences) it wouldn't be my kind of business. Then again, we all do know how reality is in this business if this is the case.

If on the other hand other reasons come into play, say lack of organization, setting standards accepted by all etc. : that's quite a different ball game. In effect the cert issue overall could be tackled. It will cost time and money no doubt - but it will pay back in the end. Provided this is the case, what can and could be done in your opinion?

I'd like to address issues one by one now as everyone may notice, starting with the root of the evil.

On a side note: I'm all for a heavy and straight forward discussion. Calling names and shouting at one another never solved anything as far as I know and isn't my cup of tea anyway. Consider this a well intended hint for those who fits the shoe :).

Paul

# re: Comodo continues to ignore Malware warnings

Monday, July 27, 2009 11:31 PM by Melih

@Donna

As if all that wasn't enough....What was that thing you said about "repeat offender"?

www.malwarecatcher.net mentioned in the original blog above points to

secure.softsales-discount.com/support and this domain had an SSL from a Verisign Company previously (was valid until 6/26/2009) and now they went and got another cert again from Verisign!

Can you pls explain that Donna (along with why you lied pretending you posted the Verisign statement after 1George's statement, and now it has been proven that your theory of "repeat offender" is total rubbish!

You look a total fool and big liar Donna! Shame on you!

PS:here is the screenshots to the previous verisign cert in my post in our forum forums.comodo.com/.../bad_comodo_bad-t43119.0.html;msg314120

Melih

# re: Comodo continues to ignore Malware warnings

Monday, July 27, 2009 11:57 PM by Melih

Paul

First of all there was and still is no standards for issuing SSL certs (yellow padlock)(There is a standard for EV SSL - Green address bar). So any CA can do whatever they like when issuing these certs as there is no standard for it.

So in 2001, Geotrust came up with this innovation of issuing SSL certs without asking for docs etc. and "invented" DV SSL. People didn't understand the implication and thought hey, great, don't need to bother with documentation and I can get my cert in few minutes. That's how Geotrust was able to get a market share. Verisign and Comodo was against this kind of Dangerous Validation, until Verisign bought Geotrust:) All of a sudden Verisign thought DV was a great idea! Then Godaddy came into picture pushing DVs. Now between GoDaddy and Verisign they own around 90% of the DV market. DV created a tool for market share. DV certs are dirt cheap so I doubt anyone can make money from them, but they are a business tool for gaining market share, but of course monetizing that market is another issue after you obtained that market share.

Coming to now, Comodo has proposed a minimum standard to the CABForum for DV. Because today there is no standard for how to issue Yellow padlock. You see I believe a Certification Authority must Certify Identity, otherwise whats the point. So we are pushing for a standard, but we are getting resistance from the "DV Market Leaders" :). Of course "DV Market Leaders" have Legal Monies to spend if browser people force a change on them. So it has be done amicably..but they resist!

So that's the story!

I think we need to educate users and get them to demand better standards from their browsers and be aware of DV certs (asking for too much but hey)..

We as Comodo will continue to push for minimum standards thru the CABForum and everyone should write to their Browser vendors and demand that they should improve the DV SSL standards.

Hope this clarifies, if not pls feel free to ask.

thanks

Melih

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 12:23 AM by winhelp2002

Melih,

re: malwarecatcher.net

Well I just checked it after your last comment and I surely don't see Verisign ... what I do see is a recently expired certificate from Comodo!

[Screenshot - 7/28/2009]

mvps.org/.../malwarecatcher.gif

Enough with all the namecalling ... you are the one making yourself look foolish ...

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 12:36 AM by Melih

@winhelp2002

Can you pls post the screenshot of what you see. Thank you

Melih

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 12:52 AM by winhelp2002

Melih,

The link to the screenshot was included in my last comment ...

mvps.org/.../malwarecatcher.gif

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 12:53 AM by Melih

@winhelp2002

You are showing a cert for softhotspot.

I was referring to secure.softsales-discount.com/support and the screenshot is available in the link provided in my above post.

If you choose Visa then you go to what you posted, if you choose Mastercard they you go what I posted (as far as I can see).. Can you pls confirm that is the case for you too?

thanks

Melih

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 1:43 AM by Melih

here is the site   pay1.malwarecatcher.net/ProcessTransaction.php

If you choose Visa you go to: secure.softhotspot.com/.../bill.cgi

and if you choose Mastercard you go to:

secure.softsales-discount.com/payment

So all along, even as you were writing your blog against Comodo, this malicious site you blogged about had a verisign cert. And now they actually got another one from Verisign. While Comodo cert is a Revoked cert, previous Verisign Cert "expired" and the current Verisign cert is still "valid".

I think its fair to say, Comodo is doing its fair share at protecting its users and shouldn't be singled out!

Melih

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 1:45 AM by winhelp2002

Melih,

You're right ... each card selection goes to a different provider ... first I've ever seen that.

Equifax  (expired) 6/26/2009 (Mastercard)

Comodo (expired) 7/21/2009 (Vista)

Most likely the culprits have abandoned MalwareCatcher for whatever they have cooked up this week ...

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 1:55 AM by Melih

winhelp2002

Can you pls confirm that all along the very site you blogged about had a  verisign cert and these crooks went and got another verisign cert again and that Verisign cert is still valid?

Thank you

Melih

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 2:13 AM by Paul Wilders

Melih,

Conclusion: it's the money that counts, and Comodo - supposidly having 10% or less market share is too minor a cert issuer to have real influence on the existing dangerous validation protocol. As suspected and not coming as a surprise.

Would you mind posting the minimum standards Comodo is pushing over on the CABforum, so we know the possible positive impact?

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 2:16 AM by winhelp2002

Melih,

If you go back and look, I only made a passing reference to MalwareCatcher ...

[quote]

Seems iSystem Inc also controls several other (malicious) domains ... including "malwarecatcher. net" which is associated with "updvms. net" and this is where it get interesting ...

msmvps.com/.../1693034.aspx

[quote]

You can spin it all you want, but it doesn't change the fact the Comodo was involved with yet another malicious domain as seen in the last screenshot ... the Verisign certificate I saw from the Mastercard link expired 6/26/09.

I never saw the Mastercard/Equifax connection when I blogged about MalwareCatcher because I clicked randomly on the Vista card selection.

I mentioned MalwareCatcher on 5/23/09 ... the Equifax certificate was issued:

[Issuer]

 CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

[Serial Number]

 0BB707

[Not Before]

 5/26/2009 10:00:25 PM

[Not After]

Equifax  6/26/2009 7:33:42 PM

------------

So even if I clicked the Mastercard link, I wouldn't have seen Equifax since it wasn't issued until 3 days later ... no telling what was there previously (if anything)

And no I do NOT see a valid certificate ... it shows just as I posted it above ...

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 3:23 AM by donna

Melih,

I quoted verisign to let readers see that other certs have strategy and provided a good response.  I quoted verisign again to answer 1George. Are you happy now? If so let's go back to the fact and main issue:  Repeat offenders is able to get from Comodo so the blog of Mike is very correct.

As to your message:

QUOTE

So all along, even as you were writing your blog against Comodo, this malicious site you blogged about had a verisign cert. And now they actually got another one from Verisign. While Comodo cert is a Revoked cert, previous Verisign Cert "expired" and the current Verisign cert is still "valid".

I think its fair to say, Comodo is doing its fair share at protecting its users and shouldn't be singled out!

END QUOTE

Oops Melih... there is no valid cert on the domains you mentioned ;)  

@Mike,

I just look at the sites that Melih mentioned and I able to repro here what you saw:

I do not see valid cert.  

secure.softsales-discount.com - Equifax (issued 5/27/2009, expired last month 6/26/2009) - 1 month this malware domain is able to use Equifax cert.

secure.softhotspot.com - Comodo (issued 4/22/2009, expired few days ago - 7/21/2009) - that's the 3 months trial that this malware domain is able to use Comodo cert.

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 4:27 AM by Truthseeker

It has become more than clear during the course of this discussion that the main contributors to this blog have launched a vicious attack on Comodo with no justification whatsoever.   This has no doubt damaged the business of Comodo, as the people concerned use their status of MVP to add weight to their remarks and will thus have been taken seriously by the wider security community.

It is hardly surprising that Melih has reacted furiously in this instance, as he has obviously not in any way been justly treated here.

Fortunately Paul Wilders has now introduced some common sense to this discussion, but the damage has been done, as the accusations have been widely repeated in many forums.

It would be good to see some humble pie being eaten here now and an apology at the very least!

# re: Comodo continues to ignore Malware warnings

Tuesday, July 28, 2009 12:16 PM by winhelp2002

Truthseeker,

I wasn't looking for an apology ... rather a solution to the ongoing problem. I've been reporting on this since 2007, yet no viable solution is offered. All I see is spin and distorting the truth, or try to discredit the research... blaming Verisign is not a solution, and the truth is in my research chasing these type culprits I see a Comodo certificate most of the time ...

With that said ... this is going nowhere and I've got better things to do ...

# re: Comodo continues to ignore Malware warnings

Wednesday, July 29, 2009 1:57 AM by Truthseeker

That is really quite amusing, you looking for an apology?

You clearly completely missed my point, that you have carried out a vendetta against Comodo with absolutely no justification.   Your remarks have been repeated by your followers and those who wish Comodo harm, all over the internet.

Yet you cannot see the wrong you have done and have no intention of apologising.   That is shameful in my opinion.

# Untold, unseen, unnoticed, unsearched, unproposed.

Wednesday, July 29, 2009 3:14 AM by Censored Thoughs

Despite blaming some major CA, nor blogging about it doesn't appear a solution, it comes to no surprise that *several domains* reported in this blog under the Netdirekt [as28753] range are still featuring _valid_ DV certs despite were seemingly "unseen" truth and thus not featured in any research nor article.

Obviously if it they remain _unseen_ it would even be possible to think they never existed especially if the sites will be taken down *before* the certs could be possibly revoked.

If those certs were *issued* was it due to poor standards like implied for some other CA?

If they will _not_ be revoked will it mean that the "red flags" so far hinted were not something enough to warrant that?

If those certs were not "seen" even by the most dedicated researcher could it mean that is inherently _difficult_ to spot these cases despite it was seemingly provided the opposite impression for similar cases?

If a research/article contain a selection bias < en.wikipedia.org/.../Selection_bias >  and related underreporting or overreporting how much its conclusions could be considered reliable?

Whenever it doesn't look like the focus has changed much, it comes at no surprise the willingness to "wait on the sidewalk" a proposal coming from the same CA involved in ethics debates with different tones.

Obviously there are many people willing to share their expertise and gratuitously provide their consultancy though it would be rather surprising if the so far demanded and more-less focused "expectations" will be easily met.

Apparently though *no expert* has so far taken any step to provide a "DV proposal" nor even one possibly carrying their own _ethical_ perspectives, nor one that could have been previously provided as _documented criteria_ for the "evaluated" DV certs scenarios and not strictly focused on a single CA (whereas the opposite could be interpreted as a telltale sign of bias).

# re: Comodo continues to ignore Malware warnings

Wednesday, July 29, 2009 1:00 PM by MAL1

The fact that Comodo provides CERTS aswell as Security Software seems irrelivant. Both stand on their own. As far as trust one could fail and the other would stand.

Singling out Comodo based on the fact that they offer both compared to other CA makes no sense.

Quoting Verisign simply saying we have solutions to prevent malicious websites from getting certs does not necessarily make it so. Comodo also has solutions however effective they may be, same as Verisign, GoDaddy etc. EVERYTHING can be improved upon as with all other products, services and companies.

Based on all these comments it's been shown that Verisign, Comodo and other CA all have problems with malicious sites and i'm certain they ALL have problems with recurring CERTS.

Showing only one side in an article such as this is merely closing your eyes to the rest of the world.

Unless you show what other companies are doing to fix the issue (in detail) that Comodo is not then it seems rather unfair to attack Comodo and their 10% share. When maybe you should be attacking Verisign and other CAs.

# re: Comodo continues to ignore Malware warnings

Wednesday, July 29, 2009 1:06 PM by MAL1

I would love to see this same article focusing on other CA aswell since this isn't an isolated issue to Comodo.

Marc

# Genuine Cert from EQF

Wednesday, July 29, 2009 6:49 PM by Paul

Can you do something about this? Another Fake AV with a EQF cert.

img12.imageshack.us/.../certd.jpg

# re: Bombarded with Comment Spam

Wednesday, July 29, 2009 10:32 PM by winhelp2002

Paul,

I've added the associated entries into the HOSTS file and notified Verisign/Equifax ...

# Comodo Forum Mod

Thursday, July 30, 2009 6:57 AM by 3xist

And as you can see... This isn't just to do with Comodo. Every CA is in it guys.

This one by Verisign, found today: forums.comodo.com/.../bad_comodo_bad-t43119.0.html;msg314840

Rouge Registry Tool.

MAL1, Censored Thoughs, Truthseeker and Paul. Your posts are highly appreciated. And totally agree.

PLEASE.. Donna, or anyone else: If you find a malware site with a CA domain on there, Pls report it. Don't blog about it and post misleading lies. This is why Melih acted so furiously, You seriously think he enjoys this crap? He doesn't.

Anyway the evidence is here and also on the Comodo Forums, There is no Validation for DV and all CA's disagree to take it down. Melih tried to do it at the CABForum, But no go. :( So all CA's are forced to give out the DVs... So as long as you got a domain, who cares about validation of who you are, Just have one and give us the money. :-)

Comodo promotes, On their site, EXTENDED Validation much more promptly, And is MUCH more recommended and shows the green bar (EV), not the yellow padlock which lost its trust! (Again, DV).

Cheers,

Josh

# re: Comodo continues to ignore Malware warnings

Thursday, July 30, 2009 1:17 PM by Infect-This

Lol, I had similiar issues with Comodo, Thats why I no longer use it.

# re: Comodo continues to ignore Malware warnings

Thursday, July 30, 2009 4:22 PM by winhelp2002

3xist,

re: This one by Verisign"

Someone had already reported that and I replied here:

msmvps.com/.../1710608.aspx

As for the rest of your comments, I still don't see any solution being offered ... just excuses, spin and childish actions by a bunch of Comodo groupies and a "CEO gone wild" that can't stand being called out on the carpet ...

Comodo - There is nothing to defend when you take no action ... blaming Verisign is not a solution. Blaming posters for exposing Comodo's non-action is not a solution.

# re: Comodo continues to ignore Malware warnings

Thursday, July 30, 2009 10:03 PM by Doug

What difference does having a security certificate make? Even having a revoked certificate, the website is still up right?

I understand that of course, to the layman, if he sees a website that sells a fake anti virus program, but doesn't know any better, seeing the website have a valid "Secured by Comodo" certificate would give a false sense of security, which is wrong, then he would purchase the fake program.

It'd be great if the crooked hosting companies would stop hosting this garbage in the first place, and ICANN and all the registrars need to step up their game and do full background checks on any new websites being registered, whether for business or personal use.

It's pretty sad that all the fake sites out there even get registered....but it's all about $$$$ I guess...

# What could be a solution?

Friday, July 31, 2009 7:01 AM by Censored Thoughs

Mike, indeed many would agree that blaming any specific CA wouldn't appear to be a solution but it doesn't look like you have proposed a solution either.

Can you confirm you are aware that the CA which issued DV certs now featured by these sites you listed, is not the *same* you initially focused on?

# [Netdirekt][95.168.163.0 - 95.168.164.255]

127.0.0.1  aquabilling.com

127.0.0.1  secure.aquabilling.com

127.0.0.1  secure.bestbillingpro.com

127.0.0.1  secure.payment-cc24.com

127.0.0.1  pay-secure.net #[ISystem]

127.0.0.1  safe-pay-vault.com

127.0.0.1  webexpressbill.com

127.0.0.1  secure.webexpressbill.com

Should these sites be reported even if they appear legitimate at the moment?

If you think so, would you please take the necessary steps to report them to the other CA?

Besides what actually was the technical solution applicable to all CAs you ought to be apparently aware to the point it elicited the disappointment you focused on a single one?

Would you thoroughly describe a solution in a separate article for reference?

Will your solution account for the uncertainty of mismatching whois records?

Will it assume the cooperation of ISPs at least to address the cases of virtual hosting?

Will it be entirely focused to prevent and unambiguously identify malicious cert requests as soon as those are processed in a way it would be actually possible to _predict_ the abuses in order to *legitimately deny* those requests or will advocate a definite action based on what might only be confirmed at a later time, eventually by 3rd party reporting?

Would you be inclined to point out also the prospected effectiveness and inherent constraints of such solution in a way nobody could possibly abuse it to put forward unwarranted criticism?

It goes without saying that blaming a specific CA when someone knows the _outcome_ and expects the CA in question should have considered that negative outcome as *undoubtedly certain* _before_ it was confirmed, would be not much different from blaming _any other CA_ after similar issue is eventually confirmed (even the other CA whose valid certs are currently featured on the sites mentioned in this blog).

# re: Comodo continues to ignore Malware warnings

Friday, July 31, 2009 4:18 PM by winhelp2002

Censored Thoughs,

re: but it doesn't look like you have proposed a solution either"

Why would I? ... it's not my area ... you should focus those comments to Comodo.

In my research I find Comodo's certificates far far more than anyone else ... I've been reporting on this issue since 2007, but Comodo just continues on as usual, blaming others, attacking the researchers, and uttering nonsense, but provides no solution.

# re: Oh how embarrassing

Saturday, August 01, 2009 1:45 PM by Alan Winston

So is there some way that I can exercise precautions with Comodo certificates in Firefox?

I looked at the Certificate Manager options and am not clear what penalties there might be for editing or deleting the Comodo entries.

What I'd really like is some warning when a site has a Comodo certificate so that I can either retreat and skip the site or proceed with extra caution.

# re: Oh how embarrassing

Sunday, August 02, 2009 10:09 AM by Melih

This is a False Positive by Google.

And what is embarrasing is a so called security professional doing a blog about a false positive!

Melih

# re: Oh how embarrassing

Sunday, August 02, 2009 12:57 PM by Mattchu

This is getting a bit silly now is it not?

Are you sure that is a malicious website, doesn`t seem that way to me.

# re: Oh how embarrassing

Monday, August 03, 2009 12:18 AM by winhelp2002

Doesn't look like a false positive to me ... it clearly reads: "malicious software being downloaded and installed without user consent"

If you have an issue with the analysis from the diagnostic report ... take it up with Google, I'm just reporting their findings ... the same as I did here:

How is Google going to explain this?

msmvps.com/.../1652042.aspx

Google exposes ClickBank as malicious

msmvps.com/.../1652455.aspx

# re: Still more fake PornTube sites

Tuesday, August 25, 2009 11:40 PM by Paul

Please add these:

img18.imageshack.us/.../urlse.jpg

# re: Still more fake PornTube sites

Thursday, August 27, 2009 10:13 PM by winhelp2002

Paul,

While I appreciate your submissions ... I certainly will not accept them in an image form.

# re: Still more fake PornTube sites

Friday, August 28, 2009 12:43 AM by Paul

I've already made a comment where I typed them all out, twice, and it would never appear. So It's either that or give me an email address. I don't see what's wrong with you copying the URL's from the image.

# Can we still trust Comodo? - Raymond.CC Forum

Saturday, August 29, 2009 10:13 AM by Can we still trust Comodo? - Raymond.CC Forum

Pingback from  Can we still trust Comodo? - Raymond.CC Forum

# re: MVPS HOSTS File Update Sept-02-2009

Wednesday, September 02, 2009 4:42 AM by Suhud

I love MVPS HOST since 5 years ago. Never disappointed

# re: MVPS HOSTS File Update Sept-02-2009

Wednesday, September 02, 2009 1:19 PM by Randy Knobloch

Hi Mike,

The date under the HOSTS URL is incorrect.

Thanks.

# re: MVPS HOSTS File Update Sept-02-2009

Thursday, September 03, 2009 12:21 PM by Paul

Bumping my comment in your previous blog entry.

# re: MVPS HOSTS File Update Sept-02-2009

Monday, September 07, 2009 12:18 AM by Tron

Thanks

and can you please add those 2 harmful ad websites also

http://clicks.totemcash.com

http://info.clipta.com

# re: Adobe to buy Omniture for $1.8 billion

Thursday, September 17, 2009 2:16 PM by Alan Winston

Thank you yet again!

for what it's worth, on my XP system I found settings.sol in:

C:\Documents and Settings\<user name>\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

That folder also contained subfolders for all the sites which had been storing Flash stuff on my computer. Not any more.

# re: Adobe to buy Omniture for $1.8 billion

Thursday, September 17, 2009 4:55 PM by Alan Winston

So ...

A couple hours after making settings.sol read-only, there is a new file called settings.sxx and a new subfolder, presumably containing third-party flash cookie info.

[sigh]

i wonder what will happen if I make the folder containing settings.sol read-only?

# re: Adobe to buy Omniture for $1.8 billion

Thursday, September 17, 2009 7:20 PM by Ivan Pavlov

I find few Omniture (2o7.net)

bwincom.122.2o7.net

disccapl.112.2O7.net

dgbgdg.112.2O7.net

# re: Adobe to buy Omniture for $1.8 billion

Friday, September 18, 2009 6:09 PM by Randy Knobloch

Great write-up, Mike !

Thanks

Randy K.

# re: Adobe to buy Omniture for $1.8 billion

Saturday, September 19, 2009 12:51 AM by winhelp2002

Alan,

Yes settings.sxx is (newly) created ... I'm guessing that Adobe Flash creates that file when it can not access/write to the settings.sol file. I made the settings.sxx Read only also.

# Omniture partners with ComScore

Monday, September 21, 2009 10:45 AM by Hosts News

It sure didn't take long for Adobe to start looking to get a return on it's investment ... as

# re: Omniture partners with ComScore

Saturday, September 26, 2009 4:33 PM by Randy Knobloch

Excellent research, Mike - as always.

Thanks.

Randy Knobloch

# re: Omniture partners with ComScore

Saturday, September 26, 2009 10:38 PM by Terbo

Regarding the Comodo practices, didn't any notice the same layouts and overuse of nice colorful interfaces to attract the mass with Comodo and it's shady anti-virus friends ?

# re: Phishing for Facebook

Monday, September 28, 2009 4:51 PM by Glen Surbeck

Ref e-mail: [Hosts News] - Phishing for Facebook

When you mention sites in your articles should we put them in the Hosts file if they aren't there? For instance I didn't find uxfl.co.cc but did find kiano.....

Thanks

glensurb@gmail.com

# re: Phishing for Facebook

Tuesday, September 29, 2009 11:16 PM by winhelp2002

Glen,

Sure you can add the entries you see mentioned here ... they will also be added to the next HOSTS update (due soon)

# re: Microsoft® MVP Award

Saturday, October 03, 2009 12:11 AM by Robert Gismondi

Congratulations! A small thanks for what you do for so many.

~~Robert

# re: Microsoft® MVP Award

Saturday, October 03, 2009 9:10 AM by Crew9Boss

Very well deserved I must add.

# re: Microsoft® MVP Award

Saturday, October 03, 2009 11:44 AM by Randy Knobloch

Congrats, Mike - well deserved, yet again.

# re: Microsoft® MVP Award

Tuesday, October 06, 2009 11:56 PM by winhelp2002

Thanks everyone ...

# re: Got Inked today

Thursday, October 08, 2009 3:53 PM by Randy Knobloch

Yawsa, Mike

Whatever floats your boat.

# re: Got Inked today

Thursday, October 08, 2009 4:13 PM by Alan Cameron

What a waste of an arm! I suppose it is a free world but I find it repulsive.

# re: MVPS HOSTS File Update Oct-08-2009

Thursday, October 08, 2009 8:31 PM by Randy Knobloch

Thanks, Mike

Great work, as always.

Randy Knobloch

# re: Got Inked today

Thursday, October 08, 2009 9:46 PM by Randy Knobloch

That must have ouched a bit, Mike ?

Randy Knobloch aka siljaline

# re: Got Inked today

Thursday, October 08, 2009 11:11 PM by winhelp2002

Randy,

Didn't "hurt" ... more like a bad sunburn ...

# More fake PornTube sites - Hosts News | BadBoys Marketing

Tuesday, October 13, 2009 2:43 AM by More fake PornTube sites - Hosts News | BadBoys Marketing

Pingback from  More fake PornTube sites - Hosts News | BadBoys Marketing

# Antivirus Free - Computer Games Forum

Tuesday, October 27, 2009 4:19 AM by Antivirus Free - Computer Games Forum

Pingback from  Antivirus Free - Computer Games Forum

# re: MVPS HOSTS File Update Nov-13-2009

Friday, November 13, 2009 7:30 AM by suhude@gmx.net

I am very satidfired. Thank You

No problem to download the zip file

# re: MVPS HOSTS File Update Nov-13-2009

Friday, November 13, 2009 9:43 AM by Randy Knobloch

Many thanks, again - Mike, from those out there that enjoy this file including me.

Randy Knobloch

# re: MVPS HOSTS File Update Nov-13-2009

Wednesday, November 18, 2009 12:02 PM by Tom

Using Hosts for a long time, I recently installed Win7 x64; and I'm no longer used to navigate without HostsFile

Please post the instructions regarding Windows 7

Tks