Hosts News

Phishing for Facebook

While researching several suspect domains at Google Diagnostic ... Landing on "uxfl.co. cc"
which redirects to a IP address that tries to mimic a Facebook page complete with a bogus Flash player upgrade. As you can see my AV NOD32 jumped up and killed the connection, as the page automatically downloads a malicious file ...

Google Diagnostic report for uxfl.co.cc - "Malicious software includes 13 worm(s). Successful infection resulted in an average of 25 new process(es) on the target machine."

Also involved (see URL in the address bar) is "kiano-180809. com" and the Google Diagnostic report revels "Malicious software includes 516 trojan(s), 352 worm(s), 71 exploit(s). Successful infection resulted in an average of 41 new process(es) on the target machine."

 Be careful out there folks ... the bad guys spend all day thinking of new ways to get into your machine. Since it is no longer profitable trying to break into Windows Vista ... they devote all their efforts into "social-engineering" = tricking users into falling for these scams ...

Omniture partners with ComScore

It sure didn't take long for Adobe to start looking to get a return on it's investment ... as mentioned in my previous post
(Adobe to buy Omniture for $1.8 billion) Adobe has reached an agreement to partner with ComScore ...

ComScore Press Release - there are also several other noteworthy media quotes ...

"Through the relationship, Omniture will provide the clickstream data it tracks for its publisher clients, including page views, clicks, video views, mobile interactions, and Facebook application interactions, to comScore. In return, Omniture will provide its clients with demographic and psychographic data on their respective sites from comScore". [source]

"So, for example, a large company such as Disney might have multiple divisions -- such as ESPN or Disney theme parks and cruise lines -- and they can pick and choose the information they want to share". [source]

If you want to see what ComScore does (actually tracks) ... you can view their Privacy Policy (caution it will give you a headache! ...) ComScore certainly has a dubious past, including most antivirus/antispyware programs detecting their program as spyware ... however Comscore describes itself as "researchware" ... yeah right! ... I for one don't want anyone viewing my data when purchasing products on the Internet, or from other sources ...

"Once you install our application, it monitors all of the Internet behavior that occurs on the computer on which you install the application, including both your normal web browsing and the activity that you undertake during secure sessions"

"We may also combine the information that you provide us with information obtained from other sources (such as consumer preference reporting companies, credit reporting agencies and companies that collect TV viewing information) using confidential matching procedures".

Last year the Register had an article worth reading ... then there was the Sears spyware allegations ... The Sears "Community" Installation of ComScore (January 1, 2008) finally settled by the FTC ...

It will be interesting to see if the sites that use Omniture and/or ComScore ammend their Privacy Policies to reflect the changes and inform their visitors that their information will now be shared ... (aka: sold to the highest bidder)

Adobe to buy Omniture for $1.8 billion

This news surprised most ... but the impact will be far greater than most people are reporting. Omniture (2o7.net) is the largest paid-analytics company (data miners) ... Adobe is the largest (besides it's other products) application (aka Flash) which allows websites to track users via "flash cookies" ...

Now you combine these two giants and ... say good-bye to your privacy. The biggest reason is the way "flash cookies" (local shared objects) are stored and the dubious actions that are allowed on your machine without your knowledge ... did you know that if you delete a cookie via your browser, that it can be recreated from the info stored in a flash cookie? ... Imagine that! You can prevent this action, but it's well hidden ... more on than below.

"Omniture helps clients understand how visitors traffic their Web sites and assists online businesses to target advertisements ...

Adobe, said the deal will help it "transform" e-commerce by combining its content creation tools with Omniture's online measurement and optimization technologies to help "increase the value Adobe delivers to customers."

"This is a game changer for Adobe and its customers," said Shantanu Narayen, chief executive of Adobe, in a statement. "We will enable advertisers, media companies and e-tailers to realize the full value of their digital assets."

The above statement is polite spin for "now we can really tract your movements" and allows websites to sell this info to anyone that wants to purchase it. So how do you protect yourself ... you have to go online ... yes online, Adobe does not allow you to control your flash privacy setting from your machine.

Start here and go thru the various tabs and select the privacy settings that suit your needs. I would suggest unchecking the option for “Allow third-party Flash content to store data on your computer”. Please note these setting only remain until the next Adobe flash update and there has been several just this year. Flash player has been targeted by malicious culprits for it's many vulnerabilities ... you can however retain your preferences by setting the "settings.sol" file to Read Only on your hard drive.

The settings.sol file is located in the following location: (Vista)
\Users\<user name>\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
(where "<user name>" is the profile name you are using)

Once located, right-click and select Properties and place a check in the Read only option, click Apply/Ok

There are a few drawbacks to the above ... but I've learned to live with them ... some sites will complain when they are not allowed to store their tracking data on your machine.

Or you may see the following prompt ...

If you find that you really want to view a flash video or the like ... you will need to reset the "settings.sol" then allow the above changes, again via the Adobe online settings manager. Then reset the file back to Read only ... yeah I know it's a pain ... but I only allow a very few sites this access, much like a whiltelist ...

Omniture already has a dubious reputation for it's sneeky actions in the way it sets cookies on your browser, by using aliases to set a 3rd party cookie. Let's say you visit "creditreport.com" you will end up with a cookie from "metrics.creditreport.com" ... but is it really from creditreport.com? No way! it's an alias for "creditreport.com.122.2o7.net" and "metrics.creditreport" is not hosted and their server rather it returns to the IP location for Omniture.

Do you really want these 3rd parties harvesting your information while you are disclosing your credit information ... I certainly do not, especially when they use these sneeky tactics to do it.

MVPS HOSTS File Update Sept-02-2009

The MVPS HOSTS file was recently updated [Sept-02-2009]
http://www.mvps.org/winhelp2002/hosts.htm

Download: hosts.zip (146 kb)
http://www.mvps.org/winhelp2002/hosts.zip

How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm

HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm

Note: the "text" version makes a great resource for determining possible culprits ...
http://www.mvps.org/winhelp2002/hosts.txt (600 kb)