Browse by Tags

All Tags » Vulnerabilities, viruses and exploits (RSS)
Sat, Sep 12 2009 18:16

ALERT: Please treat content from trendbanner.com with extreme caution

  It has been implicated in the facilitation of malvertizing that attempts to infect computers via PDF exploit The way it works is as follows: ad.trendbanner.com uses document.write to load the JS content at banner.pushbanner769.info banner.pushbanner769...
Posted by sandi | with no comments
Filed under: ,
Thu, Jul 23 2009 15:22

DIRECTI action… or lack thereof…

Directi have “suspended” masters-woodworks.com, but NOT the almost identical masterwood-works.net, or the sites awiron-work.com, freshy-girls.com or sleazy-dreams.net  (all of which are on the same IP and have the same Registrant). They have also...
Posted by sandi | with no comments
Filed under: ,
Thu, Jul 23 2009 13:51

More bad stuff from content.bannersulike.com, r.banner0709.com, worwink.com

Kimberley wrote about a couple of incidents on 18 July 2009 and again yesterday – they are not the same incidents as I have written about: http://www.bluetack.co.uk/forums/index.php?showtopic=18064&st=240#
Posted by sandi | with no comments
Filed under: ,
Wed, Jul 22 2009 12:52

Update re digitalspy.co.uk

My apologies for the delay.  For what its worth, I received an email within 3 hours of my report to the ad network in question, advising me that the malicious creatives had been identified and deactivated. So, now to the details.  Technically...
Posted by sandi | 2 comment(s)
Filed under: ,
Mon, Jul 20 2009 17:51

ALERT: please be extremely cautious when visiting digitalspy.co.uk

There are malvertizements being displayed on digitalspy.co.uk that attempt to take advantage of various security vulnerabilities.  Research and evidence-gathering is happening as I type, and the appropriate parties will be contacted on an urgent...
Posted by sandi | 2 comment(s)
Filed under: ,
Wed, Apr 29 2009 22:22

A frightening tale of computer infection and its consequences

“ It all started when I wanted to get more performance out of my video card. I download the latest drivers and included this virus. ” Yep, that one simple act turned into an infection nightmare lasting three weeks.  I’m hoping Micky will work out...
Posted by sandi | 6 comment(s)
Filed under: ,
Mon, Mar 9 2009 10:04

ALERT: Please treat the domain statisticsishere.com and measurehits.com with extreme caution

I received this email a short while ago: “ We have been getting a lot of ads accessing scripts from this domain statisticsishere.com. So far there is no malware redirect or download but this domain looks suspicious having been created less than a week...
Posted by sandi | with no comments
Filed under: , , ,
Thu, Mar 5 2009 14:04

Did you know that it is National Zombie Awareness Week in Australia?

I didn’t … http://www.iia.net.au/index.php/zombieweek.html  
Posted by sandi | with no comments
Filed under: ,
Sun, Mar 1 2009 3:37

Now this is scary…. :(

We can only hope that the following was a joke – if not, the implications are very worrying… “ Our computers at the hospital are crashing all the time now. There are so many extra programs, virus and outdated programs running that the operating system...
Posted by sandi | with no comments
Filed under: ,
Thu, Feb 26 2009 23:46

Interesting comment – Best Western malvertizing

The comment was posted here .  I quote: “ My company was approached by a client claiming to represent Best Western with a lower tech version of this.  We were give a static JPG, third one from the top and instructions to paste some odd-looking...
Posted by sandi | with no comments
Filed under: , , ,
Sat, Feb 14 2009 13:24

Please do NOT advise your users to turn off automatic updates because of *one* problem update

The latest “Rollup for ActiveX Killbits for Windows” ( KB960715 ) is causing problems for some third party applications that are dependent on the disabled controls. One application that has problems, “ Office Tools Professional ”, is advising its users...
Posted by sandi | 3 comment(s)
Filed under: ,
Tue, Feb 10 2009 16:42

Lifestyles of the Rich and Infamous, and an update about the status of the FTC versus Innovative Marketing et al lawsuit

I'll include some history of events so that you can get a sense of perspective with regards to the time frame around these events.   It is especially important to note that the FTC lawsuit is not the only problem that Jain is facing. ...
Posted by sandi | 1 comment(s)
Filed under: , , ,
Mon, Feb 2 2009 15:54

More information about Olympic Media shenanigans

Ok, when the hijack triggered via the Olympic Media supplied javascript URL that I mentioned in my previous article triggers successfully we hit: admediastats.com/ts/in.cgi?{{redacted}} From there we end up at sg12scanner.com/{{redacted}} From there to...
Posted by sandi | with no comments
Filed under: , ,
Mon, Feb 2 2009 13:50

Olympic Media are still active

I’ve warned about Olympic Media several times – they continue to be active. The latest reports indicate they are claiming to be operating out of Canada and are supplying javascript code referring to admin.securityclick.net as follows:     Other...
Posted by sandi | 3 comment(s)
Filed under: , ,
Mon, Jan 26 2009 14:08

Oh dear, oh dear, oh dear…

Its amazing what we find sometimes… WARNING: I am assuming that my readers are smart enough to *NOT* visit the victim site, or the malicious URLs, without hefty protection in place, yes?  In fact, don’t go there at all unless you are willing to reformat...
Posted by sandi | with no comments
Filed under: , ,
Thu, Jan 22 2009 22:05

DIRECTI finally agree to act

  I sent an email to DIRECTI on the same day that I wrote this blog post: http://msmvps.com/blogs/spywaresucks/archive/2009/01/21/1663955.aspx The email said, essentially, the same thing that I said in that blog post. As you can see, they have initiated...
Posted by sandi | 9 comment(s)
Filed under: , ,
Wed, Jan 21 2009 13:19

DIRECTI responds to my complaint about the impersonation of domains/businesses

  As you can see from their email, DIRECTI advise that they suspended prolinar.com on 19 January for “Inaccurate whois details”.  It should be noted that I reported on 16 January that prolinar.com had already disappeared from its previous IP...
Posted by sandi | 4 comment(s)
Filed under: , ,
Mon, Jan 19 2009 21:59

Spotting the bad guys…

It is very important to be familiar with the traits and suspicious behaviour/signs common to domains associated with malware, fraudware and malvertizing, affiliate misbehaviour and whatnot. By studying what the bad guys are doing, and how they do it,...
Posted by sandi | 2 comment(s)
Filed under: , ,
Fri, Jan 16 2009 22:42

ALERT: Please treat all content from topstarmedia.net and osmedlin.com with extreme caution - do we find DIRECTI? Yes we do!

I received an email alert today reporting that topstarmedia.net is supplying JavaScript code for advertising campaigns as follows: osmedlin.com/?id=<<removed>> To quote my correspondent, topstarmedia’s approach had "ll the hallmarks-...
Posted by sandi | with no comments
Filed under: , ,
Thu, Jan 15 2009 12:49

Glowing brain malvertizement – and, once again, we find DIRECTI

  Adopstools results: http://www.adopstools.net/index.asp?page=quicklink&id=26gBv5P94L5CW849   Touches the domain adclickmate.net Registrar: DIRECTI (yet again) Created 24 March 2008 NS1.ADCLICKMATE.NET NS2.ADCLICKMATE.NET IP: 212.95.37...
Posted by sandi | with no comments
Filed under: , ,
More Posts Next page »