Spyware Sucks : General stuff

14th MVP award…

sandi — Thu, 04 Oct 2012 03:36:40 GMT

My first MVP award (for supporting users of Internet Explorer and the now long defunct Outlook Express) was back in 1999…

Then I was moved to Internet Explorer only….

Then Consumer Security: Training…

On 1 October I was awarded MVP status for the 14th year in a row

Well done Sanyo (a great use of social media to get an urgent message out to the masses)

sandi — Sat, 07 Jul 2012 02:45:23 GMT

Seen on Facebook:

Clicking on the advertisement takes the viewer to http://www.sanyo.com.au/. From there, we find a little down the page this - http://panasonic.net/sanyo/20120124/nr20120124au.pdf

The PDF contains this warning – you can understand the urgency:

"SANYO Oceania Pty. Ltd. (SANYO Oceania) has announced that some SANYO Convection Grill Microwave Ovens (EM-C8787B) sold in Target stores nationally may cause severe electric shock to the user during operation. This is due to some of the printed circuit boards within the internal control panel having electrical contact with the small buttons on the external control panel.

As the safety of customers is ‘the’ highest priority, SANYO Oceania would like to ask owners of the affected model to stop using their microwave ovens immediately and unplug the power cord. The company is also issuing a recall for all affected products, and delivering the message through a broad range of media organisations."

Dear Facebook….

sandi — Fri, 22 Jun 2012 09:52:12 GMT

How do I say this nicely…. No I will NOT give you $7.34AUD to “promote” a post.

I’m not sure how to respond to this CAPTCHA…

sandi — Sat, 02 Jun 2012 05:29:59 GMT

Sometimes silence is not golden

sandi — Fri, 24 Jun 2011 00:09:25 GMT

Wow, just realised that it has been nearly 3 months since I wrote on my blog.

My apologies for that :-/

Samsung rootkit was a Vipre false positive

sandi — Fri, 01 Apr 2011 02:32:14 GMT

http://sunbeltblog.blogspot.com/2011/03/samsung-laptops-do-not-have-keylogger.html

That is all well and good, but what about this claim on networkworld.com:

“The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."

and

“We contacted three public relations officers for Samsung for comment about this issue and gave them a week to send us their comments. No one from the company replied.”

My thoughts:

Why did the “supervisor” confirm that Samsung were using a rootkit?
Why did Samsung fail to respond to networkworld?

So what did we learn from this incident?

Heuristic detections based on directory path MUST be regularly re-reviewed. As far as I can tell after a bit of research, the …\Windows\SL directory has been in use since about October 2010.
If a reporter contacts you claiming to have found a virus in your product, DON’T IGNORE HIM.
The “supervisor” needs training.

Updated original news report:
http://www.networkworld.com/newsletters/sec/2011/032811sec2.html

Keyloggers on Samsung laptops

sandi — Thu, 31 Mar 2011 02:05:10 GMT

“On March 1, 2011, I called and logged incident 2101163379 with Samsung Support (SS). First, as Sony BMG did six years ago, the SS personnel denied the presence of such software on its laptops. After having been informed of the two models where the software was found and the location, SS changed its story by referring the author to Microsoft since "all Samsung did was to manufacture the hardware." When told that did not make sense, SS personnel relented and escalated the incident to one of the support supervisors.

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."

Source: http://www.networkworld.com/newsletters/sec/2011/040411sec1.html

Also reported on sophos.com, but with the following update:

“Cnet.com is reporting that they looked at a Samsung series 9 and did not find the keylogging software. This could indicate it is only being installed on one series (R), or in fact Samsung is not behind it's installation.”

Source: http://nakedsecurity.sophos.com/2011/03/30/samsung-intentionally-shipping-laptops-with-keyloggerspy-software/

Public Comment: Registration Abuse Addressed

sandi — Tue, 16 Feb 2010 08:45:16 GMT

Source:
http://www.icann.org/en/announcements/announcement-12feb10-en.htm

This is another document worth reading (even if it is 107 pages long) for those of us interested in ‘security’ for users of the internet as a whole. I consider it an important document because Chapter 6 discusses “malicious use of domain names” and what ICANN can do about it, while chapter 5 focuses on cybersquatting, front-running, gripe sites; deceptive, and/or offensive domain names, fake renewal notices, name spinning, pay per click, traffic diversion, false affiliation and domain kiting/tasting.

Just like the other document (Draft report on WHOIS accuracy) public comment is invited, but for *this* document, a public information session will be held at the ICANN Meeting in Nairobi.

Public Comment: Draft Report on WHOIS Accuracy

sandi — Tue, 16 Feb 2010 08:02:55 GMT

Details here:
http://www.icann.org/en/announcements/announcement-3-15feb10-en.htm

In short, if all three accuracy criteria are strictly applied, i.e.:

the address must be deliverable
an independent linkage between name and address must be found; and
the respondent must acknowledge ownership, AND confirm that all details are current and correct,

then only 23% of WHOIS records can be considered fully accurate.

With a slight relaxation of the criteria to:

the address must be deliverable
an independent linkage between name and address exists, or the WHOIS information enables us to track down the respondent, even if it was not possible to otherwise confirm a link between name and address
the respondent must acknowledge ownership,

then the proportion of WHOIS records which are accurate more than doubles, to 46%, and only 6% fail on all three.

A sample of only 1419 records was drawn from the top five generic top level domains (gTLDs, covering .com, .org, .net. .info and .biz). Because there are many subtleties and provisos within the document, such as acknowledging the fact that getting a respondent to acknowledge ownership can be difficult when the respondent has an aversion to answering any questions for a survey (and how many of us have expressed a dislike of such phone calls), I recommend that if you are interested in WHOIS accuracy you should read the report in its entirety, rather than focus purely on the “23% of WHOIS records can be considered to be fully accurate”.

I think it is appropriate to quote the penultimate paragraph of the conclusion:

“There is no question that there are people who register domains without disclosing their full or real identity. While we didn’t find any cases where an identity had been stolen (that is, among the persons we contacted who had domains registered in their name, none denied having registered the domain), it would seem that, given the latitude that people have in choosing what information to provide when registering a domain name, identity theft may not be necessary; it is all too easy to enter any or no name, along with an unreliable or undeliverable address.”

I have received the Microsoft MVP Award – for the 11th time

sandi — Fri, 02 Oct 2009 13:05:22 GMT

I received an email today advising me that I have been awarded Microsoft MVP status for the 11th time.

Unlike my previous 10 awards, this time I have been awarded Microsoft MVP under the specialty “Consumer Security: Training” instead of as an Internet Explorer MVP. I think that is perfectly appropriate; for years I have focused on Consumer Security from the perspective of an Internet Explorer user, but in recent years my focus has moved to studying malvertizing – what it is, how it works, and who is behind it – and, most importantly, sharing and passing on that knowledge and advising advertising networks and web site owners on how to best avoid the miscreants behind malicious advertising.

Avoiding the bad guys is NOT easy, and is getting harder all the time. As the Internet Community as a whole has become more aware, and as people as myself have put so much time and effort into educating the community, the bad guys have had to match our efforts and become sneakier. The impersonation of legitimate companies has become more common; malicious SWF advertisements seem to be falling out of favor as we get better at detecting them, and the bad guys no longer dump all of their eggs in the one basket.

The most important thing that any of us can do is complete comprehensive reputational research and background checks into any new advertiser/partner/client. And, don’t take what is on those credit reference forms at face value. Double check that the phone number supplied for the credit reference matches the company that he or she claims to work for. If approached by a well known company, make sure that the domain being used actually belongs to that company.

If you are approached by a well known company, put the attraction of money aside and ask yourself why they would want to advertise with you, and be honest with yourself in your answers. Do you attract enough traffic to make it worth their while? Are you well known enough? Is your target audience appropriate to what they are selling? Is there a sense of urgency to the sale? Are they contacting you at unusual times of the day or night? Are they reluctant to speak by telephone? Does an answering machine pick up too often?

A good reputation is hard won, and easily lost, and the negative press caused by a malvertizing incident does not go away. Your web site may be blocked by the various web reputation services that are available nowadays. Google may block access to your site via web searches. Eventually there may be a noticeable reduction in advertising income if your visitors take it upon themselves to block all advertising for their own protection, or they may become angry or frustrated and stop visiting at all, especially if there is more than one malvertizing incident.

Finally – train your staff. Make www.anti-malvertising.com required reading and DO WHAT IS SUGGESTED. If, despite your best efforts, you receive reports of problems from your visitors, DO NOT assume that your visitor is blaming you unfairly, or that there may be a problem with their computer. Take *all* reports seriously, and ASK FOR HELP. It is unlikely that your visitors will be sophisticated enough to be able to gather the evidence you need on their own, and the bad guys are very good at hiding their activities from you using various tricks.

And keep reading this blog :)

TRUSTe changes from not-for-profit to for-profit

sandi — Tue, 15 Jul 2008 09:05:00 GMT

Edited to fix typographical errors

The news is out - TRUSTe is now a for-profit, instead of a not-for profit.

As I am sure all of you have noticed, I have been silent about TRUSTe since I started working with them on 16 July 2008. But now, I think, the time has come to speak.

The number one question being asked of me in my tiny corner of the world, now that the world at large knows that TRUSTe is no longer a not-for-profit, is "Sandi, did you know this was going to happen?"

The answer to the question is yes, I did know that this change was coming. TRUSTe have been completely open and honest with me about their plans. They understood that by associating my name with theirs I was also associating my hard-won good reputation with their reputation, and they wanted to be sure I walked in with my eyes open.

The next question that is asked of me is "Why did you agree to work with TRUSTe?". In personal emails one of my correspondents even described TRUSTe as a scam, and I have been told, more than once, that my own reputation would be harmed by being associated with TRUSTe, and I can understand why they felt such concern. For example, people such as Ben Edelman and Eric Howes have been, and continue to be, very critical of TRUSTe (Eric's comment to Alex Eckelberry's blog entry at Sunbelt about the change from not-for-profit is an excellent example of some of the more negative opinions that are held).

Anyway, the short answer is that I agreed to work with TRUSTe because TRUSTe and I have some of the same goals, and because TRUSTe (and I) saw within TRUSTe a real need that I can fill. Let me try to explain.

I have been doing this ("this" being fighting malware and associated misbehaviors on the Internet in its many forms) for many years - since early 2000. In fact, this October I am up for my 10th Microsoft MVP Award in a row. My world - my sphere of concern, of interest, and of influence - encompasses not only the end user but also the anti-virus and anti-spyware community, and businesses and persons who earn a living from "the Internet". I have had to face up to, and settle within myself to the best of my ability, the inevitable conflicts of interest that arise when I consider the wants and needs of all of those different parties and I cannot pretend that it has not been a challenge.

Just one facet of my struggle has been reconciling the needs and wants of the end user with the needs and wants of the businesses that service them. Over the years, and especially during recent times, I have corresponded with, and spoken in person to, several "bad actors" (aka adware purveyors) who have been working to improve their software's behavior, and one message has come through loud and clear, which is that they often encounter, and are discouraged by, what they perceive as a lack of forgiveness on the part of some members of the security/antispyware community. The strongest impression that I am left with is that the attitude they face is one of "once a sinner, always a sinner" - calls are not returned, emails are not acknowledged, attempts at explanation are rejected, and attempts to get improvements acknowledged and, when justified, changes made to antivirus/antispyware software to stop it from flagging and removing the software that has changed its behavior have been discouragingly difficult to achieve.

My personal opinion is that the "once a sinner, always a sinner" attitude is wrong. To treat "bad actors" as evil personified or not worthy of forgiveness or redemption when they are trying to change their ways, is discouraging at best, and at worst may lead them to throw up their hands and say "why bother trying to change if I'm going to be stuck on the blacklist forever anyway". If that happens, what good have we, the champions for the end user, really done?

Another thing that has been communicated to me over the years is that, sometimes, the demands of the security community may directly harm a business's right to protect itself from piracy or misuse/abuse of its software.

For example, let's look at trial software. If such software leaves behind a registry key, or a hidden file, that is used to prevent the reinstallation of time-limited software, and that key or file has a deliberately obscure name, is that necessarily wrong? Should the fact that a registry key or file being left behind on uninstall be disclosed to the user, even if it means that such disclosure will make it easier for the user to bypass anti-piracy protection? This is just one of the problems I have been confronted by, and have had to devote a lot of time and thought to. What do I put first? The right of the end user to be able to easily find everything related to a particular piece of software (and potentially use that knowledge to 'play the system') or do I give priority to a business's right to avoid piracy of their software?

Some demand that every file, every folder, every registry key, be removed when software is uninstalled and will accept no reasoning nor excuse for its remaining, even if this means that any protection against misuse of trial software is lost. Is this right? In short, no. We have to find a balance - a sustainable balance between the needs of the end user, and the needs of the business that services them.

Then there is the question of advertising and adware. To some, all adware is bad. To others, adware is acceptable with full disclosure, but at the same time long spiels of disclosure text are not acceptable. So, how much disclosure is enough, and how should it be communicated? The greater the disclosure, the more the user has to read and acknowledge, and the greater the risk of confusion. For what its worth, my personal opinion is that the traditional requirement that an EULA be displayed and acknowledged should be discarded. Instead, a succinct list of important points should be displayed, with further detail (aka the full EULA) to be made available on clicking a link. Or, the most important words in an EULA should be highlighted in bold font to draw the eye.

How does all of the above tie in with why I decided to work with TRUSTe? I'm getting to that :)

After many years of watching and talking - of thinking and listening - of agonizing and beating of my breast (ok, I admit it, that last one was deliberately over the top) here are the beliefs on which I stand. I admit that over the years my stance has changed - in the past I have held extremist (and dare I say unrealistic) views about software and software behavior, but so be it. As far as I am concerned, the ability to stand up and say "yeah, I was wrong" is just as important as being right:

Adware is not all bad. I have said several times over the years that I believe that every (wo)man deserves their wage, and I do not have a problem with software authors earning an income from adware. That being said, I also believe that users of software are entitled to know exactly what the adware is, what it will do, and what effect it will have on their computers and their privacy and they *must* be given a clear opportunity to decline the adware if they so desire. I also believe that those who offer software for download have the right to refuse to supply us with their wares, or limit its functionality, if we are not willing to accept adware or pay for the software. I do NOT believe that anybody has the right to try and get around such requirements. We do not have a God-given right get stuff for free, or to play the system, just because we found it on the Internet (yeah yeah, just so you know I don't download movies off the Internet, or burn copies of CDs or DVDs or use pirated software - sucks to be me, but I put my money where my mouth is - do as I do, not just as I say).

Advertising is not all bad. Once again, I believe that every (wo)man deserves their wage. Reality is that it costs money to build and maintain a web site, and make it available to the masses. The alternative to advertising is for web sites to move to a user pays, access by registration only, model, and that is something I do NOT want to see. I do not use ad blockers and only recommend that web page advertising be blocked when the web site in question is displaying malvertizing, and that web site has refused to address the problem after being warned - safety must come first).

"The Internet", as the average user understands it, can not survive on philanthropy.

Good Internet behavior should be acknowledged and encouraged.

Work to rehabilitate and then forgive. Without a chance at redemption we eventually succumb to exhaustion and the temptation to continue down the path we have been treading. It is wrong to be so unwaveringly hard on somebody that they despair of forgiveness.

After many emails and phone calls I can say that I honestly believe that my beliefs and stance, and the beliefs and stance of those who work under the TRUSTe banner, can walk in tandem. And I do not easily lay my reputation on the line. It was hard fought for, and hard won. I am very aware that my readers' trust has been hard gained and can be easily lost but I truly believe that TRUSTe are not the "public relations front for privacy abusive online companies" that some believe them to be. TRUSTe have lofty goals, and the best of intentions, and deserve my support.

My personal opinion is that an important piece of the TRUSTe message and mission is missing from the public perception. A lot of people have focused on who TRUSTe has certified (and that certified party's pre-existing reputation), and TRUSTe's failures and missteps over the years, but how many have sat down and deeply considered the question of, or had a substantial one-on-one heart-to-heart with somebody at TRUSTe about, *WHY* TRUSTe does what it does and what its end goal is? Well, I did just that, and after all the talking and all the listening I believe that a primary goal of TRUSTe, in my own words, is to acknowledge and encourage good behavior; to rehabilitate, support and guide companies in the transition from bad netizen to good netizen, and to offer a chance at redemption and forgiveness, while at the same time maintaining a framework to discipline offenders. TRUSTe aims to encourage best practice, to encourage businesses to continue working toward a lofty standard, and they offer bad actors the chance of redemption. That is why I agreed to work with them, even though that means putting my own reputation on the line. Of course, by doing all of this TRUSTe put their own (and my) reputation on the line every time that they certify (even provisionally) an ex-bad actor, but that is the risk that they (and I) must take.

I don't want to be the unforgiving disciplinarian who is always wielding the big stick, and always hitting my correspondent over the head with the fact that they did bad things in the past, and I don't want TRUSTe to be that either. I see no long term benefit.

I will end with a commentary about the change from not-for-profit to for-profit. I recently spent a week at TRUSTe's office in San Francisco, working with the team behind the Trusted Download Program, and I was there when the change from not-to-profit to for-profit was in its final stages - I was in the room when the announcement was made to all staff and I have spoken in person with Fran Maier as well as TRUSTe management and employees about their dreams and goals and plans for TRUSTe and the effect that the change will have on day to day operations. It saddens me to see anybody allege that now that TRUSTe is a 'for-profit' that TRUSTe (and by association the people behind it) are only in it for the money, because I have seen no sign that such an allegation is true.

I have had far more time to consider this change, to talk to TRUSTe, to ask the hard questions and consider the responses I have received - by phone, by email and in one-on-one conversations where I can look them in the eye and watch them as they respond - than have most, if not all, commentators on this change. I see an opportunity for TRUSTe to improve and grow, not only to offer more services to clients but also, most importantly from my perspective, improve compliance monitoring. After all, that is why they brought me on board. And I can tell you this - every time I have brought an issue to TRUSTe's attention they have acted on the information I have supplied, and I have been happy with the steps that they have taken. Every...single...time.

"What issues?" I hear you say. Sadly, I am not in a position to share specifics - you will have to take my word on trust (no pun intended). I can only hope that I have, over the years, proven myself to be trustworthy in your eyes, and that you will give me, and TRUSTe, the benefit of the doubt.

For now, I need some rest.

Sandi.

Press Release - Promoters of online freebies agree to stop selling in Washington

sandi — Thu, 01 May 2008 00:07:00 GMT

SEATTLE – Two online companies that promised consumers “free” big-ticket items but required them to pay for trial offers and subscriptions must pay $55,000 in civil penalties under a settlement announced today by the Washington Attorney General’s Office. Under the terms of the settlement, SubscriberBASE Holdings, Inc., of Columbia, S.C., and SubscriberBASE, Inc., can no longer offer such promotions to Washington residents. The companies also agreed to refund more than 35,000 Washington consumers who paid for products and services in order to qualify for the so-called “free” items.

“There’s a reason why folks say ‘there’s no such thing as a free lunch,’” said Attorney General Rob McKenna. “SubscriberBASE offered ‘free’ items such as high-definition televisions, digital cameras and laptops, but consumers had to pay more than the items were worth in order to receive them.

“We alleged SubscriberBASE misled consumers into believing that they would be shipped ‘free’ items worth thousands of dollars, but they first had to provide personal information which the defendants then leased to other online marketers. Consumers were then presented with a series of offers that required increasingly more expensive purchases in order to qualify for the ‘free’ item. The vast majority dropped out of the qualification process, but only after they had spent significant money.

“The companies’ main intent was to collect and sell consumers’ personal information to marketers. Under our settlement, the defendants can no longer advertise ‘free’ gift promotions to Washington residents and cannot use, sell or lease the personal information of Washington consumers in its databases,” McKenna said.

The Attorney General’s Office alleged the companies’ practices violated Washington’s Consumer Protection Act. Under the settlement filed today in King County Superior Court, the defendants didn’t admit any wrongdoing but agreed to pay the $55,000 in civil penalties, plus $69,365 in attorneys’ fees and costs. An additional $295,000 in civil penalties were suspended provided they comply with injunctive provisions included in the settlement and issue refunds to eligible consumers. Restitution could amount to more than $2 million, depending on the number of consumers who respond to refund offer.

The state’s complaint, also filed today in court, alleges SubscriberBASE attracted consumers with e-mail messages and online ads for a “New Member Incentive Promotion.” Consumers interested in receiving the free products clicked on a Web link. They were then led through a series of steps in which they were asked to provide information or sign up for a service or product.

First, consumers were instructed to fill out an online form asking for their “shipping details” including name, mailing and e-mail addresses, birth date and phone number.

Next, they were asked to fill out a survey seeking further information about their buying preferences and interests. The survey also included links to advertisements for various products and services.

After completing the survey, consumers were instructed to select from various “Top” offers such as a membership to rent DVDs or receive monthly shipments of coffee. After choosing two “Top” offers, consumers were told they must select, accept and pay for two “Prime” offers and, finally, two “Premium” offers.” Unlike the earlier promotions, the “Premium” offers required consumers to spend thousands of dollars for items such children’s furniture, Rail Europe passes or Web site hosting.

“Businesses that market products or services online must be up front and truthful with their promotional offers,” said Senior Counsel Paula Selis, an assistant attorney general who heads up the Attorney General’s Consumer Protection High-Tech Unit. “The defendants named in our suit advertised products as ‘free,’ but consumers had to spend $2,000-$3,000 dollars. Under the state’s Consumer Protection Act, an item can’t be advertised for free if there’s a significant undisclosed cost.”

SubscriberBASE will send e-mail messages and follow-up letters to Washington consumers who paid for offers as a result of its promotions and offer them refunds. Eligible consumers should check their inbox for a message within the next 30 days and respond immediately. The deadline to submit claims is 60 days from receipt of the e-mail. Washington consumers who have questions about the settlement can contact the Attorney General’s Consumer Resource Center at 1-800-551-4636 between 10 a.m. and 3 p.m. weekdays.

DOCUMENTS: (PDF)

SubscriberBASE et al complaint

SubscriberBASE et al consent decree

Graphics: Screenshots, Database Ad

One badly thought out advertising campaign...

sandi — Sat, 19 Jan 2008 06:07:00 GMT

Put this one down to very very VERY bad judgment on the part of whoever it is who designs advertising campaigns for realestateonline.com.au.

I'm sure many of you have heard about the now infamous Melbourne teenager Corey Worthington Delaney who got into so much trouble after hosting a party, without his parents permission, while his parents were away on holidays in another State.

Corey, demonstrating staggering naivity, stupidity, disrespect and a total lack of community regard:

advertised his party on MySpace
lost control when over 500 strangers turned up and started trashing the house, the street and police and neighbours' property
thumbed his nose at the police and his neighbours
bragged about his exploits
said he was going to do it again
was trailed by cameras from channels Seven, Nine, Ten, the ABC and Sky News
was apparently offered a $20,000.00 promotions gig
was offered a hosting role with Australia's Big Brother
has apparently signed an deal with the magazine Zoo Weekly
was interviewed by A Current Affair
was interviewed by FoxFM (and walked out in a huff after a radio jock tried to remove Corey's yellow McDonalds Happy Meal sunglasses, only to return to pick up his "fee")
was denied a page on Wikipedia
refused to go home and face up to his parents and didn't take their phone calls.

Now, in the midst of all the carry-on, I was dismayed to see that a reputable website, realestateonline.com.au had decided to run a campaign featuring Corey on news.com.au. I don't know how many people complained about a 16 year old's image being used in such a way, but I certainly did.

I sure as heck hope that kid didn't receive a payment for that advertising campaign
Does whoever it was that thought up that campaign really think it is a good idea to encourage Corey's delinquency by giving him even more 'fun' attention?
Does whoever it was that thought up that campaign really think it is a good idea to hold up Corey as somebody that people don't want to have as a neighbour?
In the end, this boy is just 16 years old - an overconfident, naive 16 year old who really does not understand just what he is dealing with
Some facets of the press whirlpool around him smacks of opportunism and, dare I say it, exploitation.

I have no idea if the campaign I highlight above has been pulled from circulation, but for realestateonline.com.au's sake, I certainly hope so (bear in mind it was the only advertisement featuring Corey that I saw - for all I know, there may have been others). You see, it turns out that Corey is now facing child porn charges. The silly boy was stupid enough to take "lewd" photographs of semi-naked girls playing twister with his mobile phone.

I suspect that whoever it was that dreamed up the realestate.com.au advertising campaign is no longer laughing...

As for all the rest of it, here's hoping the deals dry up, that the executives behind Big Brother come to their senses and that Corey finally wakes up to himself, goes home to his parents, and starts professional counselling sessions. Corey could be in some serious trouble now.

One man's fight against a malicious banner advertisement

sandi — Wed, 09 Jan 2008 23:59:00 GMT

Fascinating reading and an excellent insight into the problems faced by web sites hit by malicious content - reality is that the web sites affected by malicious advertising need help gathering the data required to prove an incident has occurred, and often need help tracking down which advertising network is the guilty party - that is where people like myself can assist:
http://seo.mhvt.net/blog/?p=180#more-180

The "orange Flash ad" is the now infamous advertisement for dot.tunes.

I wonder if the "Phil" that commented at the seo.mhvt.net blog is the same one that commented on my blog:
http://msmvps.com/blogs/spywaresucks/archive/2008/01/07/1443904.aspx#1450506

The owner of the seo.mhvt.net blog also posted a comment to my blog:
http://msmvps.com/blogs/spywaresucks/archive/2008/01/07/1443904.aspx#1449379

I understand the seo.mhvt.net owner's comment better now than I did yesterday. What I initially put down to simply curiosity may have in fact been a concern that I had used a discovery on his blog as a basis for an article on my blog without citing the source of the initial information.

It's amazing how information about malicious banner advertisements, and how to find them, flies around the Web very quickly. I receive intelligence via many sources - comments via this blog, private forums used by security professionals who trawl the net looking for malicious advertisements and post their findings without wanting credit, direct emails, accidental discovery, phone calls, all sorts of ways. Sometimes I have no idea where that intelligence comes from. For example, I may receive an alert that simply says "check out youhide.com" with no further information and no way to contact the original sender (honest guys, you can trust me, there's no need to use a fake email address when contacting me via the Contact link at the top of this blog - and by the way, if you're reporting something that somebody else found, tell me where you're getting the info from).

In this instance, it looks like seo.mhvt.com may have been one of the first, if not the first, to report that there was a problem with an advertisement touting dot.tunes; it's a pity I didn't realise that earlier because I could have pointed to the blog in my original posting. Sadly, I have corresponded with the owner of the blog in question in the past, trying to help him find a MAC equivalent to my preferred software (Fiddler), which makes me feel even worse about the omission.

Oh well, we live and learn. I'm not sure how to address the potential issue of another site being the 'first' to find a malicious banner advertisement, because information propagates so fast, information sometimes comes in at an astounding rate, and I don't want to waste time searching for pre-existing reports of an outbreak before doing my own investigations after receiving an alert, but we'll handle things as best we can and do our best to give credit where credit is due.

I'm back! (in more ways than one)

sandi — Thu, 11 Oct 2007 17:40:00 GMT

Hi all, I'm back from holidays - the whole family had a fantastic time - all in all we passed through Singapore, Egypt, France, Germany, Austria and Switzerland over the past couple of weeks. We have hundreds of photographs which I'll try to get...(read more)

A potential end to free speech on the internet?

sandi — Wed, 12 Sep 2007 14:48:00 GMT

2Clix has sued the owner of the Australia based Whirlpool chat forums for $150,000.00 and requested the permanent removal of two threads criticizing the 2Clix software. 2Clix, a less than reputable software company, has filed suit against the founder...(read more)

Microsoft Update goes a little haywire...

sandi — Wed, 12 Sep 2007 14:43:00 GMT

So, what do we do when Microsoft Update offers this.... But this is installed.......(read more)

Did Sandi spam news.admin.net-abuse.email?

sandi — Tue, 11 Sep 2007 00:09:00 GMT

In answer to the question posted by Paul Wright here: http://msmvps.com/blogs/spywaresucks/archive/2007/09/10/1184164.aspx#1184814 "Are you the person spamming links to this all over news.admin.net-abuse.email, by the way? Hope not." I did NOT...(read more)

Y'know what they stay... start 'em young...

sandi — Tue, 04 Sep 2007 00:14:00 GMT

Network toys... Seriously - found via Jesper's blog : " BRIO Network is not your classic toy train set. It's an original world of Rail Play featuring the imaginary creatures who live inside your computer. They drive super-cool vehicles around...(read more)

Calling all Geekgirls

sandi — Fri, 31 Aug 2007 00:20:00 GMT

Bronwyn has put out a call for members to join geekgirlsblog; I suppose I'd better put my name in the hat I haven't met Bronwyn - our respective home towns are many thousands of miles apart, and I don't get to travel much nowadays - but those...(read more)