Admin announcements

MVP Award Number 12



As much as things change, they remain the same.

I’ve just been reading my long posting written when I was awarded MVP status for the 10th time and pondering how times have changed.  I was originally awarded MVP status as an “Internet Explorer” MVP and stayed in that grouping until last year, when I was shifted to “Consumer Security: Training” – not surprising really, considering the vast majority of my time is focused on protecting internet users as a whole nowadays, not just Internet Explorer users. 

The tide began to move back when the Internet Explorer team first introduced the yellow info-bar and stopped web sites from being able to install BHO/ActiveX without user interaction.  Then the phishing filter (now called the “SmartScreen filter”) was introduced.  Security was improved as security packs were introduced for XP, Vista raised the bar further, and Windows 7 even more.

Firefox and Apple supporters may argue the point (admittedly, not as much as they used to) but reality is that the bad guys are getting at people via social engineering more often than not nowadays.  That being said, it should also be pointed out that nowadays it is third party software, more than Windows or IE itself, that is a conduit to infection.  Making sure that your Microsoft operating system and software is patched is not enough – you MUST use software such as Secunia to ensure that you are made aware of, and install, patches for as much of the software on your computer as possible.

I admit it – I’m loving my life, and my work.  It used to be that much of what I did was reactive – helping victims remove malware from their computers after they were infected – which often felt like I was lopping off branches while the problem tree just grew larger and stronger.  Now my work is proactive – working direct with companies to improve their software and encourage them to achieve “best practice” in terms of software behavior and notice BEFORE it is distributed on the internet, and educating web site owners and ad networks/exchanges about how to avoid malvertizing and the miscreants behind it.  Prevention is so much better than cure.

Anyway, back to work for me – there is much to do and not enough hours in the day.

Posted by sandi with no comments
Filed under:

Attack of the psycho server


Hmm, it seems that my mail server has learned a foreign language – that or it is swearing at me ;o)

Ok, so what’s the diagnosable problem? 

0x800CCC6C SMTP_452_NO_SYSTEM_STORAGE No space to store

>sigh<  I blame the IMAP accounts.



Posted by sandi with no comments
Filed under:

Six countries, and 3 weeks, later I am back from holidays

After exploring the northern hemisphere of our amazing planet and visiting climates as varied as 41 degrees (Celsius) in Egypt and –2 degrees (Celsius) in an ice grotto situated at 3,000 feet above sea level in Switzerland, and flying over the Ukraine at roughly 11,000 feet (yes, malvertizing did cross my mind when I saw where the plane was situated) I am back on duty and ready to resume keeping all of you informed about the latest happenings in the malvertizing world.

My apologies for not letting my loyal readers know that I would be absent; for obvious reasons I prefer NOT to advertise publicly that I will be away for an extended period until after I return.

If anybody is interested in photos, I took 600 (and some of them are even pretty good) … :-)

Posted by sandi with 4 comment(s)
Filed under:

Broken blog comments

I thought things were a bit quiet around here…

The “submit” button for comments was broken so I’ve had to change the style theme for this blog.  The change has fixed the “submit” button, but broke the Lijit widget, so that had to go (which is a pity, because the blog “search” ability seems to be broken too for newer posts).

Sorry about the inconvenience :(

Posted by sandi with 1 comment(s)
Filed under:

Would you class this as a threat?


I received an interesting email via the contact facility for this blog.  You can see a screenshot of the email to the left of screen.

A Russian-speaking associate tells me that the email text translates as:

"You, dummy, aren't you worried about your skin? F u c k you."

Nice.  It seems that I may have upset somebody. 

What is ironic is that the email was filtered to my junk mail folder.  The only reason I saw it is because the amount of spam that I receive is so low at the moment, thanks to the shutdown of McColo, and Atrivo/Intercage before them, that I have time to take a quick look at what is in the junk mail folder before emptying it.  Normally stuff in that folder is deleted sight unseen.

Posted by sandi with 4 comment(s)

Announcement: Sandi is awarded Microsoft MVP status for the 10th year in a row...

Yes, it feels a bit weird writing in the third person for this post's title, but writing "I" in the title feels even weirder.

I have received an email advising that I have been awarded Microsoft MVP status for the 10th year in a row ... wow, its amazing how much time has passed.  I hope you don't mind if I take the time to reminisce for a little while and do some shameless name dropping.

I've been here as IE5 was replaced by IE6, then IE7 and now we are working on IE8.  I've been here during the betas for Windows 2000, WindowsME, XP and Vista and now Windows 7 is in the works.  I spent a few years as a member of the Microsoft Games Core Group, beta testing various Microsoft Games (my son *loved* the fact that I was in that group because I often received a "gold" copy of the finalized game).  I was a member of the Windows XP Expert Zone, my web sites are/have been "Featured Community" web sites.  And my "little black book of addresses" contains some pretty amazing names (before you ask, that "little black book of addresses" is an old fashioned hardcover, paper, addressbook - there are some things that I do not trust to bits and bytes...) 

I received my first award email on 1 October 1999, back when Internet Explorer 5 was the new kid on the block, and the vast majority of my time was spent helping diagnose and resolve errors involving kernel32.dll (which were invariably caused by video drivers, or a corrupt temporary internet file cache) and myriad other issues.  It is a credit to the IE team that Internet Explorer is so much more stable than it was back then.

It wasn't long after my first award that malware (then called adware or spyware) starting to appear on our ("our" being technical support) radar.  Back then, the junk was so much easier to get rid of - the most common unwanted software was search toolbars, your home page would be changed and locked (invariably the new home page was a search portal) and IE's search engine settings would be changed.  Often the fix was easy - delete a couple of files, perhaps a few registry keys and you were good.  Back in those days the names of the files that needed to be deleted rarely changed, the files were easy to remove and did not reappear, and rootkits were around, but rare in the malware world.  Now you need a high level of skill, and specialized tools, to get rid of the worst of the malware, and my honest opinion is that you may be better off reformatting - we cannot be sure we have got everything off a machine, and in the current threat environment which is created and orchestrated by professionally run, highly skilled criminal groups I would hate it if a state of the art keylogger remained on a victim's computer, and that victim suffered a financial penalty.  Sometimes I pine for the days when the purveyors and pushers of adware/spyware/malware were nothing more than pimply script kiddies wanting to earn a few more bucks via their search engine affiliate program memberships.

I can remember attending a training/information session while in Singapore quite a few years ago.  The presenter was Mike Danseglio, and the presentation was about rootkits, and I remember watching the shock on the faces of people around me as rootkits were demonstrated (I had already seen them in action) - and I can remember one MVP walking out of that session muttering "we're screwed".

I also remember bumping into Bill Gates.  I was at my first MVP Summit, back in the day when Bill's car was parked in front of the building, he walked in, and there was little security (how things have changed now).  I remember I was unwell on the day, but resolved to attend Bill Gates's speech and then return to my hotel room to recover.  I came out of one entry, Bill came around the corner and we almost collided.  I had a camera with me and everything, but all I wanted to do was get to a taxi, and get to the hotel.  I don't think Bill had ever encountered an Aussie lass for whom he was an impediment to her progress towards the exit :o)   Yes, I later regretted not asking to have a photo taken of us together, but I made up for it when I had my photo taken with Jim Allchin in Las Vegas a few years ago during a private lunch that I was invited to attend.  The lunch was only weeks before Jim retired.

And I remember when Vista was in early beta, and called Longhorn.  And I remember Robert Scoble wearing Longhorn horns and 'moo'ing'.  This was back in the days when he worked for NEC - heck, maybe it was even earlier.  And I remember Robert offering me a lift back to my hotel, and my naive (Aussie) surprise when I discovered that the seats in his (new?) car were heated.  That was SO cool - we don't have that sort of thing in Australia.

And I remember visiting Seattle's Curiosity Shop for the first time... it was years before I visited again, and in the interim the place had hardly changed.

And I remember trying real clam chowder for the first time in Seattle.

And I remember the beloved Alex Nichols, MVP now deceased.  I miss him still.

And I remember the MVP Program being canceled within days of my receiving my first MVP Award, and I remember Dave Liske, the HTML Help MVP, getting in touch by email and taking me under his wing when he saw my disappointment at receiving the MVP Award, only to receive an email telling me the program had been canceled only 3 weeks later - he remains a good friend to this day, although I suspect he feels a tad neglected now that I am so very busy all the time.

And, of course, I remember Black Friday, when the MVP Program was canceled without warning, only to be reinstated days later - you can read about that incident at the MVPS.ORG URL below (you may want to turn the sound off on your computer - there's a X-Files theme midi that plays in the background).  I have never seen such a grass-root level groundswell of support for a group of online personalities, and I doubt I will see one again:

"So, how did you get involved with the MVP Program in the first place?" I hear you ask ... well, that's a bit of a story in itself.

Back in 1998 Microsoft offered Microsoft Outlook as a free download for a short while, and I was silly enough to install it and, most importantly, **I forgot to turn off my antivirus software**.  Predictably, the install screwed up my system quite nicely, but the worst damage was done to Internet Explorer.  Javascript caused me grief, java applets refused to run and animated gifs refused to animate.

Well, as my regular readers know, I'm a stubborn lass and I wasn't in the mood to reformat my system - so, I got in touch with Microsoft support.  We got most things sorted, but I remember that animated gifs still refused to animate.  The PSS technician ended up suggesting that I visit a Microsoft newsgroup dedicated to Internet Explorer.  He specifically told me I should get the attention of an MVP by the name of Jon Kennedy who, apparently, knew all there was to know about IE.  So, I think it may have been on New Years Day in 1999 I found Jon Kennedy and sure enough, he knew the fix immediately.  As they say, the rest is history.  I hung around, realized I actually knew the answers to a lot of questions, answered a lot of questions over the course of the year and was offered MVP status that October.

It saddens me to see that Jon's name has disappeared from the list of MVPs specializing in Internet Explorer - in fact, his name does not appear at all.  I am saddened that the guy who got me started in this gig is no longer there.  He did send me an email warning me that this may happen, but still, it's sad.  He made it obvious in his emails to me that he was proud as he watched me develop and grow.

"So, what does the future hold?"... I hear you ask.  Well, I'm working with TRUSTe nowadays as an Online Compliance Researcher, as my regular readers know, and I'm loving it - and I get the sense that the criminals behind malvertizements are finding it harder to get their wares online which is good.  And the events surrounding Intercage/Atrivo show that, if pushed hard enough, the Internet community will push back.  Knocking Atrivo/Intercage offline was a great achievement, but it comes at a cost.  If anything, it will force the criminals to go underground - to stop "putting all their eggs in one basket".  You see, the crooks behind malvertizements have, traditionally, been lazy - now, they will be forced to diversify, to spread their infrastructure far and wide so that they are not vulnerable to the massive shutdown effect that the isolation of Intercage/Atrivo caused.  They will get smarter, and harder to track, but we will also get smarter.

Who knows what we will be dealing with in a year's time :o)

Posted by sandi with 8 comment(s)

Remember what I said about trolls?

This one seems to be having a bit of a problem with the concept of moderation...   :o)



Posted by sandi with no comments
Filed under:

Thank you for your well thought out contribution...

It is because of trolls like the following that I have no interest in using the oft-broken CAPTCHA, preferring to use spam filters and moderation of *every* comment.

Below is just one of the dozens of unsavory comments that have been submitted to my blog over the past 24 hours.

Yes it takes valuable time to trawl through comments; sometimes legitimate comments are trapped by the spam filters; and legitimate comments can take a while to be approved if submitted during the middle of my night, but the effort is worth it, if only to stop flame-storms and charmless correspondents such as "nesmes".

Argue a point with me if you are so inclined, disagree with me all you want.  If you stick to addressing the topic at hand, and do not attack the messenger instead of the message, then your comment will in all likelihood get through - but if you get personal, or you denigrate end users, or you participate in a flame-storm, then in all likelihood your comment will not get through.  Such are the charms of an autocracy ;o)




Check out the translation:


Posted by sandi with 3 comment(s)
Filed under:

Spyware Sucks rated 8.3 (Great) on

How cool is this?  I just spotted this email in my overloaded inbox.

"Dear Spyware Sucks author,

Our editors recently reviewed your blog and have given it an 8.3 score (out of 10) in the Technology/Internet category of  This is quite an achievement!

We evaluated your blog based on the following criteria: Frequency of Updates, Relevance of Content, Site Design, and Writing Style.
After carefully reviewing each of these criteria, your site was given its 8.3 score [out of a possible score of 10].

Nice :o)

Spyware Sucks resides in the sub-category of Internet Security.

Posted by sandi with no comments
Filed under:

Sandi joins Truste

I am pleased to announce that I have joined Truste as an Online Compliance Researcher.  The Press Release is here:

I am very excited about this new opportunity.  It has always been my dream to be able to focus all of my energies on studying, and tracking down the distributors of, spyware and malware and now that dream is coming true.

Wayne Small, SBS MVP, has also written an announcement about my new role.  I couldn't help but smile when I read it.  MInd you, I can't claim to have singlehandedly saved all those MSN Messenger users - it was Patchou of Messenger Plus! fame who first alerted me to the fact that there was a malvertizement appearing in the Windows Live Messenger advertising pane.


Posted by sandi with 8 comment(s)
Filed under:

Nice publicity for Spyware Sucks

Spyware Sucks was linked to by the MCPM (Microsoft Certified Professional Magazine and the "Redmond Security Watch" email newsletter:

"ESPN Sports Bad Code
ESPN's Soccernet site
hosted a malicious advertisement that, ultimately, led to, which in turn displayed numerous popups alleging problems with the victim's system and offering a solution.

Yep -- ad networks strike again! It simply amazes me how willing sites are to allow someone else to decide what its customers are going to see when they come to a site. That's precisely what you’re doing if you subscribe to an ad network. Revenue is a necessary component to any successful Web site, but there needs to be some additional steps taken to ensure your customers' experiences on your own site are good ones."


Spyware Sucks is accepting donations, with thanks.

Posted by sandi with no comments
Filed under:

A red letter day for Spyware Sucks and IE-VISTA, and kind of sad...

It is a sad day for me today, in some ways.

For a long time my closest friends and associates - people that I truly respect - have been encouraging me as best they can to put a donation link on Spyware Sucks, just like I did years ago on, but I have been resisting and resisting and resisting.  I don't do what I do for money; I am not an MVP for money, and I have said to my friends more than once, I am not going to write to a web site or advertising network and say "hi guys, you've been infiltrated by a malicious banner advertisement that is hijacking anybody who views a particular advertisement - oh, and by the way here's my invoice for services rendered".  In the end, the advertising networks and web sites have not asked for my help.  I just do it because, well, because somebody has to damn it, and I'm sick to death of criminals making a mint from our grief.  I have read that those behind Winfixer earn around $130 million per year from their ill gotten gains.  It's disgusting what they get away with.

I admit, playing the part of female (non-caped) crusader, as gratifying as it is, and as good (and some will say bad) that it is for my ego/self image, can be jolly expensive, but I've always done what I can to hold my own and try to live up to the amazing philanthropic spirit displayed by some people that I hold in the highest of esteem.

Crisis point hit about a year ago - in short, the expense of purchasing hardware and software and training materials, and of travelling hither and tither to train or be trained, mostly funded out of my own pocket, got to the stage where I could do no more - so I quietly cancelled all travel for the foreseeable future, with my last appearance to be the Security Summit in Wagga that occurred a few months ago, and have been doing all I can to re-use and recycle old hardware, merging two computers into one and cannibalising hardware as well as I could and whatnot, taking the loss as things died, and putting every spare cent I could into reducing my debt load, and I was doing ok.  Until a few days ago.

It's amazing how quickly a year or so of hard work reducing debt can be wiped out in one fell swoop - but it was.  How, I hear you ask?  Well, on Friday afternoon I got home from work to be greeted by my husband with the worrying news that not only had our pink and grey galah disappeared out of the outdoor aviary (that hurt, we had had that bird for more than 10 years and I love her to bits, and miss her horribly) but also that my car's dashboard had a new flashing light - a flashing light that, according to the instruction manual, means "transmission fault detected - get thee to a mechanic right now, but drive real slow so that you don't damage things further".  Preliminary investigation by retrieving the error code from the car's computer indicates that repairs will cost anything up to $4,100.  All of my hard work, trying to get my debt load down and continue doing what I do, may have been wiped out in one fell swoop - nay, worse than wiped out, one incident at worst case scenario will put me back years.

Living with one car is not an option - with each family member  working miles apart, and needing to travel in different directions, we need two cars (two cars that are shared between two people - one being dropped off at work or bus or train station while the other has custody of a vehicle).

The chorus of voices yelling "Sandi for chrissakes start charging people or at least put up a donations link" has become deafening, so I bow to a greater wisdom - well, I bow a little, under protest, and with much cracking of stiff backbone.

Anyway, the end result of all of the above is that you will see a new PayPal donations button to left of screen.  If you wish to take advantage of it and make a donation, I will be eternally grateful. If not, then you know that I love y'all as much as ever and have no plans to stop doing what I do, whether it be via IE-VISTA or via Spyware Sucks.

And now I return you, with relief, to regular Spyware Sucks content.  I have news, which I will blog soon, about the malicious banner advertisement incident - specifically, I now know who sold the malicious advertisement to




Posted by sandi with 2 comment(s)
Filed under:

Merry Christmas to all...

It's Christmas Eve and my holiday break is about to begin.  We (myself, my long-suffering hubby, and our two teenage offspring who, by the way, insist that at 16 and 18 years of age they are not too old to have a Christmas Stocking at the end of the bed) have the pleasure of the company of more family members this year than has been the case for a very long time, therefore my plans are to *not* blog between now and 2 January 2008.  Instead, I'll be baking pumpkin pies and making English Trifle, overseeing BBQs, unwrapping presents, retrieving cats from the top of Christmas trees, rescuing said cats from the tender affections of my 2 year old nephew, sampling a wide range of whiskeys, watching myriad DVDs, and generally having a fantastic, non-computer, time.

I will be checking my email once a day or so and keeping an eye on the world of malicious Flash banner advertisements, but please don't expect a response during my break period unless there's a real urgency - rest assured, though, that I'll have a lot of info to share in the New Year Wink

I hope to see all of my readers on the flip-side, and wish each and every one of you a very Merry Christmas and Happy New Year - of course, if you don't happen to celebrate Christmas or believe in St Nick then please translate the previous sentence to suit your particular preferences.

Stay safe, stay happy, and be nice to each-other.

Now... somebody pass me an eggnog - I've got some relaxing to do...


Posted by sandi with 3 comment(s)
Filed under: is growing up

Vlad and Susan have both announced that Yoda (the server) is getting a girlfriend server, by the name of Brianna (hey Susan, I still say we should have gone with Jar Jar as the name for our new server).

I adore Susan - she epitomises the ultimate in philanthropic spirit, as does the Felix Kasza, the ex-MVP who has personally bankrolled the domain and email service since around 1999, and who continues to do so despite having not been an MVP since around 2000 when he joined Microsoft and had to give up MVP status, and despite the explosive growth of the MVP Program over the years, and the resultant massive increase in demand for his *free* service.  And yes, we love Vlad too, even when he's grumpy ;o)

Brianna is going to make a big difference to the family - welcome, and don't you take any nonsense from Yoda - and thank you to Susan, and Vlad and Felix, and all the other MVPs and ex-MVPs who make our online family what it is.

BTW, Yoda has his own blog ;o)

Posted by sandi with no comments
Filed under:

Admin announcement

The signal to noise ratio with regard to trackbacks and pings has gotten so bad that I have (reluctantly) disabled Trackbacks.  So much crap was coming through, so often, that I had no choice.  The spammers have finally worked out that, at least for CS, even if comments are all set to 'must be approved', trackbacks and pings are still automatically published.

It sucks, but such is life.  Until such time as Telligent wake up to themselves, drag their sorry asses into the real world, and give us the ability to manage trackbacks like we can manage comments, then the status quo will have to remain.



Posted by sandi with no comments
Filed under:

Sandi is on holidays!

My family and I are on holidays for a few weeks, so things will be quiet around here.  I am not planning to do any blogging until mid-October.

That being said, keep an eye on my blog; there is an announcement already written and scheduled to go live in my absence Wink

Posted by sandi with 1 comment(s)

Sorry for the blog downtime...

Nothing really scandalous or exciting like a denial of service or a hacking or something like that has happened - all it was was a hardware failure.  Susan may post the details to Yoda's blog some time soon.

Things may be shaky for a little while, and I've lost roughly half of my Feedburner subscribers  Sad But we're back now - onward and upward.

Posted by sandi with 2 comment(s)
Filed under:

Problems at and

The servers are down for emergency maintenance Sad is affected, is affected, as is email.  SpywareSucks is the only service unaffected.

No word on when things will be back up.

Posted by sandi with no comments
Filed under:

New blog tag: Your questions answered

I get stacks of emails from people all over the world asking for help with Internet Explorer, or malware, or whatever else - some are submitted via site feedback here, some come to me via

My online time is a finite resource, and I want to help as many people out as I can, so from now on I plan to answer such questions via my blog instead of via private email. No IPI (identifying personal information) will be included.

So, send in your questions and lets get this rocking Smile

More Posts Next page »