Browse by Tags

All Tags » Security (RSS)
Wednesday, November 19, 2008 7:10 AM

ALERT: Two malvertizements seen at Spaces (not skydrive) and Hotmail...

Edit: BTW, it is Spaces and Hotmail - I haven't seen the malvert at Skydrive yet. Kimberley saw the first one, a malvertizement featuring perfectmatch.com: I have discovered another malvertizement featuring IMIN - we have seen this advert several...
Posted by sandi | 2 comment(s)
Filed under: , , ,
Saturday, November 01, 2008 10:46 PM

Microsoft Security Intelligence Report: January through June 2008

The Microsoft Security Intelligence Report for the period covering January through June 2008 has been released. Executive Summary Full report Key findings summary The full report is a hefty 150 pages long. I have only had time to take the briefest of...
Posted by sandi | 1 comment(s)
Filed under: , , ,
Friday, October 31, 2008 8:29 PM

SWF for malware deployment

Mea culpa: Marian is apparently male, not female. Marian Radu of the Microsoft Malware Protection Center has written about SWF being used for malware . She He states: " What I found out is that, excluding flash exploits, SWFs are mainly used as redirectors...
Posted by sandi | with no comments
Filed under: , , ,
Thursday, September 25, 2008 11:19 PM

Atrivo/Intercage have been knocked offline again?

Surprise surprise. Screenshot taken just a few minutes ago... http://www.cidr-report.org/cgi-bin/as-report?as=AS27595&v=4&view=2.0
Posted by sandi | 2 comment(s)
Filed under: ,
Monday, August 18, 2008 6:57 PM

Hold fire on Fuse Kit....

Moses Gunesch, the author of Fuse Kit, has posted a comment to my blog here: http://msmvps.com/blogs/spywaresucks/archive/2008/08/17/1644872.aspx#1644983 I may have to eat an awful lot of humble-pie if I have misunderstood the capabilities and features...
Posted by sandi | 4 comment(s)
Filed under: , , ,
Saturday, August 16, 2008 8:21 PM

ALERT: Firefox with NoScript does NOT ALWAYS protect from SWF clipboard hijacks

Topic subjected edited to add the word "always". I stand by my statement that there are users out there who believe that "NoScript" will protect them from incidents like the clipboard hijack, even when they have disabled "Forbid...
Posted by sandi | 26 comment(s)
Filed under: , , ,
Saturday, August 16, 2008 3:46 AM

ALERT: malvertizement at newsweek.com (hosted by washingtonpost.com)

Edit: Please review this article re Fuse: http://msmvps.com/blogs/spywaresucks/archive/2008/08/19/1644991.aspx Once again, it is a malvertizement created using Fuse Kit. Again, there are signs that the malvertizement came from the now defunct trackstarmedia...
Posted by sandi | 3 comment(s)
Filed under: , , ,
Thursday, August 14, 2008 11:31 AM

ALERT: malvertizement featuring cardstore.com

Edited to fix typos - changing cardshop to cardstore - (it had been a *long* day) I finally got a sample of the malicious advertisement featuring cardstore.com: Interesting points to bear in mind about this incident are: The malvertizement was received...
Posted by sandi | with no comments
Filed under: , , ,
Wednesday, August 13, 2008 9:30 AM

ALERT: malvertizement from trackstarmedia.com (domain suspended)

Edit: please review this URL re Fuse: http://msmvps.com/blogs/spywaresucks/archive/2008/08/19/1644991.aspx I have just received word that a malvertizement featuring cardstore.com has been discovered. The distributor of the malvertizement is, according...
Posted by sandi | with no comments
Filed under: , , ,
Thursday, August 07, 2008 4:46 AM

ALERT: Watch out for new malvertizements featuring ETRADE

Edited to fix title...
Posted by sandi | 1 comment(s)
Filed under: , , ,
Monday, June 30, 2008 2:14 PM

Neowin.net announces a new version of Spybot Search & Destroy, but.....

Neowin says : "Spybot - Search & Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications . Spyware silently tracks your surfing behavior to create a marketing profile for you that...
Posted by sandi | with no comments
Filed under: ,
Monday, June 23, 2008 12:45 PM

Microsoft Security Intelligence Report (July through December 2007) - Key Findings Summary (Australia, Canada, Germany, Japan, Netherlands and Norway)

Downloadable here: http://www.microsoft.com/downloads/details.aspx?familyid=671355c2-4002-4671-8619-95c96c8a897f&displaylang=en&tm The worldwide average was malware removal from 1 out of every 123 Windows-based computers in the second half of...
Posted by sandi | with no comments
Filed under: , , ,
Saturday, June 14, 2008 12:47 AM

New malvertizements featuring diamondharmony.com

Screenshot of diamondharmony.com malvertizement
Posted by sandi | with no comments
Filed under: , , ,
Thursday, June 12, 2008 10:25 AM

Press Release: Attorney General McKenna’s new laws go into effect Thursday

The full press release is below. The section most relevant to this blog is the new laws related to spyware. A change that I anticipate will have a great impact is that the new laws " Create liability for web hosting services who ignore violators...
Posted by sandi | with no comments
Filed under: , ,
Wednesday, June 11, 2008 1:10 AM

ALERT: Malvertizements at disney.fr

These criminals, whoever they are, have absolutely no shame. I thought that they were the scum of the earth when they impersonated Oxfam; now they are getting their malvertizements onto popular chidren's sites. As reported by Kimberley - the malvertizements...
Posted by sandi | with no comments
Filed under: , , ,
Wednesday, May 28, 2008 3:14 PM

ALERT: Adobe Flash Player SWF File Unspecified Remote Code Execution Vulnerability

Affected versions are 9.0.124.0 and 9.0.115.0. The best analysis that I've seen so far is at SecurityFocus: http://www.securityfocus.com/bid/29386/info The frightening thing about this alert is that the vulnerability is being actively exploited, with...
Posted by sandi | 2 comment(s)
Filed under: , , ,
Wednesday, May 28, 2008 8:39 AM

A new look dottunes malvertizement

A new style Dot Tunes advertisement: The adopstools results are here: http://www.adopstools.net/index.asp?page=quicklink&id=r60Siyiw02bZgpaa When the SWF is displayed on a system it hits the following URLs: traveltray.com/crossdomain.xml and traveltray...
Posted by sandi | 1 comment(s)
Filed under: , , ,
Tuesday, May 20, 2008 10:17 AM

I am NOT associated with bucksbill.com

Ok, there are a lot of people out there who are upset at being overcharged and defrauded by bucksbill.com. Just check out the comments here and here . Unfortunately, people are also emailing me directly because they (mistakenly) believe that I and/or...
Posted by sandi | 2 comment(s)
Filed under: , , ,
Tuesday, May 20, 2008 8:26 AM

ALERT: Malvertizement at en.f1-live.com?

A comment has been made to this blog warnin that http://en.f1-live.com/f1/en/index.shtml has been serving malvertizements during the the past week or so. We're investigating. If anybody sees anything, please let me know.
Posted by sandi | with no comments
Filed under: , , ,
Tuesday, May 20, 2008 8:23 AM

ALERT: malvertizement at boston.com?

I received this alert via email: " My girlfriend was surfing boston.com last night and she landed on some nasty code that redirected her to that classic alert bos in the lower left hand corner of the screen. This time is was for XPShield which is...
Posted by sandi | with no comments
Filed under: , , ,
More Posts Next page »