Spyware Sucks

"There is no magic fairy dust protecting Macs" - Dai Zovi, security researcher and co-author of The Mac Hacker's Handbook.

"The Biblical wisdom “pride comes before a fall” needs to be foremost in the minds of security professionals. There are several aspects to this truth, but it starts with believing it is true. For one, the bad guys are always getting better and trying to get in. They are working harder than ever to defeat whatever you are doing to protect your enterprise. This knowledge alone will change your perspective on your job and when you are “done". What worked today may not work tomorrow. In this light, be careful about the promises you make to others regarding security and the protections you are deploying." - Dan Lohrmann

ALERT: Malvertizement being used to distribute a rootkit

Kimberley has discovered a malvertizement featuring Nancy Drew that is being used to directly link to a dangerous executable instead of redirecting to a fraudware site.

I'm still awaiting Sunbelt Sandbox test results.

Kimberley's writeup is here:
http://www.bluetack.co.uk/forums/index.php?s=&showtopic=18064&view=findpost&p=88638

Screenshots: