Toby Richards talks about the MVP Program

Toby Richards: Community and MVP Program Roadmap

"Toby Richards, General Manager for Community Support Services and the MVP Program at Microsoft, is interviewed by Ken Levy discussing the current state of the Microsoft MVP (Most Valuable Professionals) community and the roadmap for the MVP program and MVP summit.

Toby took over this role in early 2008, and is responsible for programs that identify, award and enable community influencers around the world, creating deeper relationships and richer feedback opportunities that improve Microsoft products and services. Also discussed in the interview is online support strategies and how MVPs help users and developers who are not MVPs."

FIX: msfeedssync.exe crashes (RSS synchronization - IE7 and IE8)

I have over 400 RSS Feed subscriptions that I keep an eye on, and which need to be checked regularly, sometimes every 15 minutes.  A couple of days ago, msfeedssync started crashing every time a synchronization was due.  The errors were:

Faulting application msfeedssync.exe, version 8.0.6001.17184, time stamp 0x47ccc712, faulting module msfeeds.dll, version 8.0.6001.17184, time stamp 0x47ccc720, exception code 0xc00000fd, fault offset 0x00002046, process id 0x1c98, application start time 0x01c8f1484814c945.

Faulting application msfeedssync.exe, version 8.0.6001.17184, time stamp 0x47ccc712, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61, exception code 0xc00000fd, fault offset 0x00009bb2, process id 0x1ec0, application start time 0x01c8f1471a9905e9.

Faulting application msfeedssync.exe, version 8.0.6001.17184, time stamp 0x47ccc712, faulting module WININET.dll, version 8.0.6001.17509, time stamp 0x481c0708, exception code 0xc00000fd, fault offset 0x00004062, process id 0x2604, application start time 0x01c8f146dc893df3.

Faulting application msfeedssync.exe, version 8.0.6001.17184, time stamp 0x47ccc7a5, faulting module kernel32.dll, version 6.0.6000.16386, time stamp 0x4549d328, exception code 0xc00000fd, fault offset 0x0000000000037b93, process id 0xe94, application start time 0x01c8efbadb2c6b9a.

Faulting application msfeedssync.exe, version 8.0.6001.17184, time stamp 0x47ccc7a5, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549d372, exception code 0xc00000fd, fault offset 0x00000000000529c5, process id 0x10f4, application start time 0x01c8ef973bc855f2.

As you can see, things were a real mess.  These are the troubleshooting and diagnostic steps that I used to solve the problem:

1. Check if the Feed Task is corrupt by running the following command:
   
   schtasks /query | findstr /i "user_feed"
   
   Results:
   User_Feed_Synchronization-{C73963F9-62BB-4 27/07/2008 10:15:00  Could not start
   
   Ok, that is not good.
   
2. Stop and restart the Feeds Task:
   
   C:\Windows\system32>msfeedssync disable
   C:\Windows\system32>msfeedssync enable
   
3. Check Feed Task status again:
   
   schtasks /query | findstr /i "user_feed"
   
   Results:
   User_Feed_Synchronization-{B70B1824-595E-4 27/07/2008 10:14:00  Ready
   User_Feed_Synchronization-{C73963F9-62BB-4 27/07/2008 10:15:00  Could not start
   
   Ok, not good - now I have two tasks - there is definitely an issue with the original task which is unable to start.
   
4. Disable the Feeds Task:
   
   msfeedssync disable
   
5. Check to make sure that both Feed Tasks are gone:
   
   schtasks /query | findstr /i "user_feed"
   
   Results:
   No tasks running - that is good
   
6. Restart the Feeds Task and check to see what we have got:
   
   msfeedssync enable

schtasks /query | findstr /i "user_feed"

Results:
User_Feed_Synchronization-{B70B1824-595E-4 27/07/2008 10:23:00  Ready

Ok, this is good.. the bad Feed Task is gone, but msfeedssync is still crashing - something else is wrong.

7. Tried disabling Antivirus - that didn't fix the problem.
   
8. Tried running IE in "no add-ons" mode - msfeedssync is still crashing.
   
9. I fired up Fiddler, which records RSS activity.  It turns out msfeedssync was crashing on the same feed every time - I deleted that feed but the subscription was cached somewhere that wasn't updating properly because IE8 continued to check the same feed despite it being deleted (and IE shut down and restarted, and the computer being restarted as well).
   
10. Ok, the fact that IE continues to check a feed that I have deleted from my Feeds subscriptions indicates that we are most likely dealing with a corrupt file, but which one? 
    
    I exported my list of feeds to an OPML file, then deleted the file "FeedsStore.feedsdb-ms" that is located in \Users\%username%\AppData\Local\Microsoft\Feeds.  Next, I ran "msfeedssync forcesync".  
    
    Results:
    msfeedssync continued to crash, but now it was crashing immediately instead of when it hit a particular feed :o(   Ok, I just made things worse.
    
11. Using Process Monitor, I could see that msfeedssync was crashing immediately after it (apparently successfully) closed this file:

\USERS\%username%\AppData\Local\Microsoft \Feeds Cache\index.dat

I  deleted the entire contents of that folder, including index.dat.

Results:
msfeedssync stopped crashing - YAY!!

Process Monitor is a free Sysinternals program available from Microsoft.  You can download it here:
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx?PHPSESSID=d926

ALERT: Malvertizements featuring Skype in circulation

I have highlighted malvertizements featuring Skype before, but it is worthwhile reminding everybody about their existence now that they seem to be in active circulation.  I have seen 3 distinct samples of the malvertizement in the past 24 hours or so.

Screenshots:

It seems that Forceup may be involved in the distribution of at least one of the malvertizements featuring Skype.  Forceup have been caught distributing malvertizements before. Maybe those behind the name think that Forceup has been flying under the radar long enough for us to have forgotten about them - nope.

Previous incidents involving Forceup are listed below:

Forceup.com caught trying to sell a malicious advertisement featuring firstchoice.com

Press Release by eMusic

Forceup.com are distributing malicious advertisements .. again - an examination of the social engineering behind malvertisements

A list of every time Forceup has been mentioned on this blog

OFF-TOPIC: Spam King kills family members, then himself...

What a shocking turn of events

http://www.denverpost.com/breakingnews/ci_9985333

The dead child was only 3 years old :o( 

I have always considered spammers to be the scum of the earth, but this - what sort of person must he have been to be capable of such an act ... I can only hope that there is a Hell, and that he is in it.

Google introduces HTTPS for GMAIL

And, it's about time too!!

Full details are available via the Google Team announcement:

http://feeds.feedburner.com/~r/OfficialGmailBlog/~3/344985025/making-security-easier.html

UPS spam

There is a lot of it out there .. here is a screenshot of just one that I received:

First of all, I didn't send a postal package.  Secondly, UPS isn't going to us that qq.com address.  Thirdly, UPS offers online parcel tracking - why on earth would they send you a document to open?  Finally, as far as I know, sending such emails is not standard operating procedure for UPS.

UPS did issue a warning about the virus, but the URL no longer works:
UPS Virus warning

According to urbanlegend.about.com, the text of the warning was:

Attention Virus Warning

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This e-mail attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.

Thank you for your attention.

Further information about the UPS spam (the purpose of which, btw, is to fool you running the exe in the zip file, thereby infecting your system with fraudware) can be found here:

http://msmvps.com/blogs/donna/archive/2008/07/14/ups-packet-service-malware-spam.aspx

http://www.pandasecurity.com/enterprise/media/press-releases/viewnews?noticia=9301 

http://www.dslreports.com/forum/r20789896-UPS-packet-upsinvoicezip-WORM

http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY%5FZBOT%2EPF

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/342457447/

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/337327468/

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=132901

http://my.opera.com/harrywaldron/blog/2008/07/16/united-parcel-service-fake-email-for-package-non-delivery

Fraudware via Blogspot - no advertising required...

Actually, it could be fraudware or it could be a p0rn site trying to tempt you into installing a fake media codec depending on the luck of the draw...

Anyway, part of my 'day job' nowadays is keeping an eye on the programs that have been whitelisted by TRUSTe's Trusted Download Program (hence my official title of "Online Compliance Researcher").  There I was, trawling the net, searching for signs of trouble when my PC was broadsided by an unexpected browser hijack...

*** !!!WARNING WARNING WARNING!!! - DO NOT VISIT ANY OF THE FOLLOWING URLS WITHOUT THE PROTECTION OF REALLY GOOD ANTIVIRUS AND ANTISPYWARE SOFTWARE, AND A WILLINGNESS TO REFORMAT YOUR COMPUTER TO GET RID OF THE CRUD IF YOUR REALLY GOOD ANTIVIRUS AND ANTISPYWARE SOFTWARE HAPPENS TO FAIL - !!!WARNING WARNING WARNING!!***

Ok, hopefully that warning is big enough and flashy enough and scary enough that *all* of my readers will PAY ATTENTION to the warning.

By a combination of circumstances I ended up at a malicious blog being:
spyware-doctor-2008.blogspot.com/2008/06/desktop-spyware-block-spyware-reduce.html. 

(BTW, I should make it clear that the blog in question has *NOTHING* to do with any whitelisted application. The blog page simply happens to mention the name of an application that I was checking on and I stumbled across it thanks to the wonders of modern search engines.  There is no association between any TRUSTe whitelisted application and the blog in question.  There.. we're clear on that? Good!)

That fun little page has a piece of javascript in the source code that redirects visitors to c1_spyware-doctor-2008_2336_bs.oughtworld.com/images/header.php.

The bs.oughtworld.com site, in turn, pushes us to spyware-doctor-2008_2336_bs.oughtworld.com/index.html, and from there things get a bit random.

Every time I re-tested the oughtworld.com/index.html page, I was redirected to a different site, being one of the following:

grander5.com/soft.php?aid=0253&d=2&product=XPA which redirected to
freewebscanner.com/2009/1/freescan.php?aid=880253

-or-

grander5.com/soft.php?aid=0253&d=2&product=XPC  which redirected to online-xpcleaner.com/2/freescan.php?aid=880253

-or-

onlinestreamvide.com/freemovie/541/1/ (which tries to trick visitor into installing a fake video codec)

-or-

avwav.com/2099.htm (this site has some encrypted javascript that I haven't bothered to decode)

-or-

windows-scannernv.com/2008/3/_freescan.php?aid=880218 (a fraudware (fake security software) page)

-or-

getmyvideonow.com/exclusive5/id/3913044/5/black/white/0/Video/ (another site that tries to trick visitors into installing a fake video codec) - WARNING: graphic content via pop-up window

After a certain number of visits to the bs.oughtworld.com/index.html page, we start hitting an Error 404 - there is some IP tracking going on, and once you've had what the bad guys consider to be your fair share of web content, well, they lock you out.

Incidents such as this one make it too easy to draw a connection between various fraud activities, in this case fraudware and online porn and fake video codecs.  Yay them.

DOMAIN INFORMATION

oughtworld.com - created 3 June 2008, Registrar DIRECTI INTERNET SOLUTIONS PVT LTD.  Its Name Server (itsfreedns.com) Registrar is none other than the infamous ESTDOMAINS.

grander5.com - created 7 July 2008, Regisrar DIRECTI INTERNET SOLUTIONS PVT LTD. WHOIS hidden behind privacyprotect.org.  I note that "australianembassy.ru" shares IP address with mynick.name - somebody has a sense of humour.

onlinestreamvide.com - created 17 May 2008, Registrar ESTDOMAINS (why are we not surprised?)

avwav.com - created 5 April 2008, Registrar ESTDOMAINS.

windows-scannernv.com - created 22 July 2008, Registrar DIRECTI INTERNET SOLUTIONS, name servers supplied by MYNICK.NAME.  WHOIS hidden behind privacyprotect.

getmyvideonow.com - created 7 July 2008, Registrar ESTDOMAINS.  Contact email "iedefender@gmail.com" - those with long memories will remember a fraudware called IEDEFENDER.  Coincidentally (yes, I am being facetious) the Registrar for iedefender.com is, can you guess?   Yep, ESTDOMAINS.

While we are on the topic of iedefender@gmail.com

Other sites/fraudware associated with iedefender@gmail.com, discovered after just a few minutes digging include:

free-viruscan.com
getvideoc.com
downloaditrightnow.com
files-secure.com
fast-viruscanner.com

My gentle readers may take some amusement from this URL - "IE Defender Folks Playing Games"
http://blog.malwareteks.com/ie-defender-folks-playing-games/

The following is very interesting - the language is, apparently, Ukranian.  Promonaut is talking about malwarebytes.  Anybody want to translate? I have an archive of the whole page, just in case it disappears ;o)

URL: http://promonaut.livejournal.com/223473.html 

CNET hit by malvertizements

Why is it that after I pontificate that "pushers of malvertizing are finding it harder and harder to get their wares on to high profile, high traffic sites" we receive word that CNET was hit?  That'll teach me to keep my mouth shut won't it :o)

Ok, this is a new dialogue box - it appeared when I tried to close the fraudware site window ... yes, clicking on OK does seem to open the Add Favorites window, but who knows what else it may be doing in the background  - I still recommend that you use the Red X to close the dialogue box.

Thanks to Donna for the heads up:
http://www.dozleng.com/updates/index.php?showtopic=16111

Press Release: New Internet Safety Web content provides valuable information for teens, parents, educators and seniors

Building on the work of his Youth Internet Safety Task Force and the high-tech unit in his Consumer Protection Division, Attorney General Rob McKenna today announced a number of updates to his office’s Internet Safety Web pages.

In partnership with national Internet safety expert, Linda Criddle, author of the Internet safety manual Look Both Ways, McKenna’s office has added fresh information to its Web site for youth, adults, seniors and educators.

“The Internet has made life easier for all of us in so many ways, but it’s also made it easier for criminals, scammers and bullies,” McKenna said.  “This new information will help people update their Internet safety regimen and learn ways they may be exposing themselves to ID theft, stalking, scams and other Internet threats.”

Top tips for youth include:

• Your personal information is a commodity: Every piece of information you post, and every action you take online has commercial value to someone. The site shows kids how they put can put personal information at risk just by taking surveys, participating in chat, discussion boards, and forums, online dating, creating personal e-mail aliases, sharing images and video, and gaming online. Then it shows them how to protect themselves.
• You can be an identity theft victim without even knowing it. Because youth do not check their credit reports, they are prime targets for thieves who open credit in their names and rack up bills the youth may never learn about until it’s too late. Learn how to protect yourself and ways to repair your credit if it is too late.
• Even if you and your friends are careful to protect your identities on-line, you may be exposing yourselves to predators through chats on your social media pages. The site demonstrates how easy it is for on-line predators to gather information when people are not careful.
• Everything you post is permanent. Once information is posted on the Internet, it can be downloaded and stored indefinitely—even if you take it down—and you have no idea who has viewed it—potential employers, stalkers, classmates, parents.

Information for adults includes:

• Ways to be smarter about spending and saving on-line like creating strong passwords, identifying secure sites and safely participating in on-line auctions and classifieds;
• Tips for defensive computing including things to keep in mind as you browse, download or share information via the Web; and
• Things to keep in mind while mobile computing, including using public computers and mobile phones.

Parents and educators can learn how to protect children with information like:

• A checklist for family internet safety, including a family Internet safety contract;
• How to protect kids from on-line bullies; and
• Unintentional consequences of sharing student information on-line, including photos, school sports schedules and other information that could expose students to predators.

The site also includes tips for seniors like:

• How to safely socialize on-line and avoid on-line dating scams;
• How to avoid scams that prey on emotions when you are posting information about weddings or deaths; and
• Other specialized advice for those with limited experience on the Internet.

Spyware Sucks rated 8.3 (Great) on Blogged.com

How cool is this?  I just spotted this email in my overloaded inbox.

"Dear Spyware Sucks author,

Our editors recently reviewed your blog and have given it an 8.3 score (out of 10) in the Technology/Internet category of Blogged.com.  This is quite an achievement!

http://www.blogged.com/directory/technology/internet

We evaluated your blog based on the following criteria: Frequency of Updates, Relevance of Content, Site Design, and Writing Style.
After carefully reviewing each of these criteria, your site was given its 8.3 score [out of a possible score of 10]."

Nice :o)

Spyware Sucks resides in the sub-category of Internet Security.

TRUSTe changes from not-for-profit to for-profit

Edited to fix typographical errors

The news is out - TRUSTe is now a for-profit, instead of a not-for profit.

As I am sure all of you have noticed, I have been silent about TRUSTe since I started working with them on 16 July 2008.  But now, I think, the time has come to speak.

The number one question being asked of me in my tiny corner of the world, now that the world at large knows that TRUSTe is no longer a not-for-profit,  is "Sandi, did you know this was going to happen?"

The answer to the question is yes, I did know that this change was coming.  TRUSTe have been completely open and honest with me about their plans.  They understood that by associating my name with theirs I was also associating my hard-won good reputation with their reputation, and they wanted to be sure I walked in with my eyes open.

The next question that is asked of me is "Why did you agree to work with TRUSTe?".  In personal emails one of my correspondents even described TRUSTe as a scam, and I have been told, more than once, that my own reputation would be harmed by being associated with TRUSTe, and I can understand why they felt such concern.  For example, people such as Ben Edelman and Eric Howes have been, and continue to be, very critical of TRUSTe (Eric's comment to Alex Eckelberry's blog entry at Sunbelt about the change from not-for-profit is an excellent example of some of the more negative opinions that are held).

Anyway, the short answer is that I agreed to work with TRUSTe because TRUSTe and I have some of the same goals, and because TRUSTe (and I) saw within TRUSTe a real need that I can fill.  Let me try to explain.

I have been doing this ("this" being fighting malware and associated misbehaviors on the Internet in its many forms) for many years - since early 2000.  In fact, this October I am up for my 10th Microsoft MVP Award in a row.   My world - my sphere of concern, of interest, and of influence - encompasses not only the end user but also the anti-virus and anti-spyware community, and businesses and persons who earn a living from "the Internet".  I have had to face up to, and settle within myself to the best of my ability, the inevitable conflicts of interest that arise when I consider the wants and needs of all of those different parties and I cannot pretend that it has not been a challenge.

Just one facet of my struggle has been reconciling the needs and wants of the end user with the needs and wants of the businesses that service them.  Over the years, and especially during recent times, I have corresponded with, and spoken in person to, several "bad actors" (aka adware purveyors) who have been working to improve their software's behavior, and one message has come through loud and clear, which is that they often encounter, and are discouraged by, what they perceive as a lack of forgiveness on the part of some members of the security/antispyware community.  The strongest impression that I am left with is that the attitude they face is one of "once a sinner, always a sinner" - calls are not returned, emails are not acknowledged, attempts at explanation are rejected, and attempts to get improvements acknowledged and, when justified, changes made to antivirus/antispyware software to stop it from flagging and removing the software that has changed its behavior have been discouragingly difficult to achieve.

My personal opinion is that the "once a sinner, always a sinner" attitude is wrong.  To treat "bad actors" as evil personified or not worthy of forgiveness or redemption when they are trying to change their ways, is discouraging at best, and at worst may lead them to throw up their hands and say "why bother trying to change if I'm going to be stuck on the blacklist forever anyway".  If that happens, what good have we, the champions for the end user, really done?

Another thing that has been communicated to me over the years is that, sometimes, the demands of the security community may directly harm a business's right to protect itself from piracy or misuse/abuse of its software.

For example, let's look at trial software.   If such software leaves behind a registry key, or a hidden file, that is used to prevent the reinstallation of time-limited software, and that key or file has a deliberately obscure name, is that necessarily wrong?  Should the fact that a registry key or file being left behind on uninstall be disclosed to the user, even if it means that such disclosure will make it easier for the user to bypass anti-piracy protection?  This is just one of the problems I have been confronted by, and have had to devote a lot of time and thought to.  What do I put first? The right of the end user to be able to easily find everything related to a particular piece of software (and potentially use that knowledge to 'play the system') or do I give priority to a business's right to avoid piracy of their software?

Some demand that every file, every folder, every registry key, be removed when software is uninstalled and will accept no reasoning nor excuse for its remaining, even if this means that any protection against misuse of trial software is lost.  Is this right?  In short, no.  We have to find a balance - a sustainable balance between the needs of the end user, and the needs of the business that services them.

Then there is the question of advertising and adware.  To some, all adware is bad.  To others, adware is acceptable with full disclosure, but at the same time long spiels of disclosure text are not acceptable.  So, how much disclosure is enough, and how should it be communicated?  The greater the disclosure, the more the user has to read and acknowledge, and the greater the risk of confusion.  For what its worth, my personal opinion is that the traditional requirement that an EULA be displayed and acknowledged should be discarded.  Instead, a succinct list of important points should be displayed, with further detail (aka the full EULA) to be made available on clicking a link.  Or, the most important words in an EULA should be highlighted in bold font to draw the eye.

How does all of the above tie in with why I decided to work with TRUSTe?  I'm getting to that :)

After many years of watching and talking - of thinking and listening - of agonizing and beating of my breast (ok, I admit it, that last one was deliberately over the top) here are the beliefs on which I stand.  I admit that over the years my stance has changed - in the past I have held extremist (and dare I say unrealistic) views about software and software behavior, but so be it.  As far as I am concerned, the ability to stand up and say "yeah, I was wrong" is just as important as being right:

Adware is not all bad.  I have said several times over the years that I believe that every (wo)man deserves their wage, and I do not have a problem with software authors earning an income from adware.   That being said, I also believe that users of software are entitled to know exactly what the adware is, what it will do, and what effect it will have on their computers and their privacy and they *must* be given a clear opportunity to decline the adware if they so desire.  I also believe that those who offer software for download have the right to refuse to supply us with their wares, or limit its functionality, if we are not willing to accept adware or pay for the software.  I do NOT believe that anybody has the right to try and get around such requirements.  We do not have a God-given right get stuff for free, or to play the system, just because we found it on the Internet (yeah yeah, just so you know I don't download movies off the Internet, or burn copies of CDs or DVDs or use pirated software - sucks to be me, but I put my money where my mouth is - do as I do, not just as I say).

Advertising is not all bad.  Once again, I believe that every (wo)man deserves their wage.  Reality is that it costs money to build and maintain a web site, and make it available to the masses.  The alternative to advertising is for web sites to move to a user pays, access by registration only, model, and that is something I do NOT want to see.  I do not use ad blockers and only recommend that web page advertising be blocked when the web site in question is displaying malvertizing, and that web site has refused to address the problem  after being warned - safety must come first).

"The Internet", as the average user understands it, can not survive on philanthropy.

Good Internet behavior should be acknowledged and encouraged.

Work to rehabilitate and then forgive.  Without a chance at redemption we eventually succumb to exhaustion and the temptation to continue down the path we have been treading.  It is wrong to be so unwaveringly hard on somebody that they despair of forgiveness.

After many emails and phone calls I can say that I honestly believe that my beliefs and stance, and the beliefs and stance of those who work under the TRUSTe banner, can walk in tandem.  And I do not easily lay my reputation on the line.  It was hard fought for, and hard won.  I am very aware that my readers' trust has been hard gained and can be easily lost but I truly believe that TRUSTe are not the "public relations front for privacy abusive online companies" that some believe them to be.  TRUSTe have lofty goals, and the best of intentions, and deserve my support.

My personal opinion is that an important piece of the TRUSTe message and mission is missing from the public perception.  A lot of people have focused on who TRUSTe has certified (and that certified party's pre-existing reputation), and TRUSTe's failures and missteps over the years, but how many have sat down and deeply considered the question of, or had a substantial one-on-one heart-to-heart with somebody at TRUSTe about, *WHY* TRUSTe does what it does and what its end goal is?  Well, I did just that, and after all the talking and all the listening I believe that a primary goal of TRUSTe, in my own words, is to acknowledge and encourage good behavior; to rehabilitate, support and guide companies in the transition from bad netizen to good netizen, and to offer a chance at redemption and forgiveness, while at the same time maintaining a framework to discipline offenders.  TRUSTe aims to encourage best practice, to encourage businesses to continue working toward a lofty standard, and they offer bad actors the chance of redemption.  That is why I agreed to work with them, even though that means putting my own reputation on the line.  Of course, by doing all of this TRUSTe put their own (and my) reputation on the line every time that they certify (even provisionally) an ex-bad actor, but that is the risk that they (and I) must take.

I don't want to be the unforgiving disciplinarian who is always wielding the big stick, and always hitting my correspondent over the head with the fact that they did bad things in the past, and I don't want TRUSTe to be that either.  I see no long term benefit.

I will end with a commentary about the change from not-for-profit to for-profit.  I recently spent a week at TRUSTe's office in San Francisco, working with the team behind the Trusted Download Program, and I was there when the change from not-to-profit to for-profit was in its final stages - I was in the room when the announcement was made to all staff and I have spoken in person with Fran Maier as well as TRUSTe management and employees about their dreams and goals and plans for TRUSTe and the effect that the change will have on day to day operations.  It saddens me to see anybody allege that now that TRUSTe is a 'for-profit' that TRUSTe (and by association the people behind it) are only in it for the money, because I have seen no sign that such an allegation is true.

I have had far more time to consider this change, to talk to TRUSTe, to ask the hard questions and consider the responses I have received - by phone, by email and in one-on-one conversations where I can look them in the eye and watch them as they respond - than have most, if not all, commentators on this change.  I see an opportunity for TRUSTe to improve and grow, not only to offer more services to clients but also, most importantly from my perspective, improve compliance monitoring.  After all, that is why they brought me on board.  And I can tell you this - every time I have brought an issue to TRUSTe's attention they have acted on the information I have supplied, and I have been happy with the steps that they have taken.  Every...single...time.  

"What issues?" I hear you say.   Sadly, I am not in a position to share specifics - you will have to take my word on trust (no pun intended).   I can only hope that I have, over the years, proven myself to be trustworthy in your eyes, and that you will give me, and TRUSTe, the benefit of the doubt.

For now, I need some rest.

Sandi.

A malvertizement featuring XE Radio rears its head again

Interestingly, the malvertizement features the same campaign as the MediaMan malvertizement that Kimberley found on isuisse, iquebec, ibelgique and ifrance back on 10 July.

Screenshots of the XM Radio malvertizement:

We see various domains when hit by a malicious redirect, including:

stathisranch.net/crossdomain.xml

stathisranch.net/c/index.php?<<removed>>

profitabill.com/?cmpid=asbarrator (this is the same as the MediaMan malvertizement mentioned above)

adnetserver.com/?<<removed>>

adverdaemon.com/?<<removed>>

antispywaremaster.com/data/<<removed>>

sicherheitstool.com/kontroller/?<<removed>>

New malvertizement featuring Levis, myownpursuit.com (Lexus) and the re-emergence of Lady Speedstick

There have been several malvertizements in circulation, being:

unicastads.com/<removed>/728x90.swf (the original malicious ad has already replaced with a 'clean' one)

unicastads.com/<removed>/300x250.swf (the original malicious ad has already replaced with a 'clean' one)

trueffect-cdn.com/<removed>/300x250.swf

trueffect-cdn.com/<removed>/728x90.swf

pointroll-ads.com/<removed>/300x250.swf?

unicastads.com is registered via Estdomains, as is trueffect-cdn.com and pointroll-ads.com.

At time of writing, the Levis malvertizement is leading users to fraudware sites, including "Vista Antivirus 2008".  The pointroll-ads.com SWF also leads victims to fraudware sites, including tds.internetsecuritydeluxe.com/<removed>.  I fully expect these two advertisements, now they have been 'outed' to also be 'cleaned'.

Watch out for these malvertizements...

I have not seen a malvertizement featuring this site before - muchmusic.com

dreammates.com - this one dumped me at virusremover2008.com (domain created on 20 May 2008)

Developments in the malvertizing world - a new distribution conduit involving MySpace

Kimberley writes about a new distribution conduit that she has found - in this example it is an old malvertizement with a currently inactive campaign.

Details here:  Bluetack Forum

In short, funmunch.com is offering a "MySpace Banner" for download that is, in fact, a malvertizement (an old one, but still a malvertizement).

Here's the question - why would funmunch.com make the banner available for download in the first place, presumably without being paid for it, and why would they have left it there after the inevitable complaints were received (of course, we're assuming that MySpace users actually downloaded and used the SWF file, and that victims (sorry, visitors) to the MySpace pages were savy enough to work out how they being hijacked).

Coincidentally, a Jane McIntyre posted a comment to my blog, advising that she had been hijacked while surfing MySpace, and dumped at maxconvert.com (hosted in the Ukraine).  I have highlighted maxconvert.com before, and it was discovered that maxconvert.com  shares A records with promoplexer.com (a domain associated with fraudware) - a peak at that domain revealed associations with macsweeper and cleantor (both fraudware).

I'm not surprised that the criminals behind malvertizements are using whatever conduit they can to distribute their wares.  As advertising networks have gotten better at spotting dodgy advertisements and as the networks pressure their clients (even 'self managing' clients) to check advertising when it is accepted, and as the major web sites have also become more cautious when accepting advertising, and as the names/domains behind malvertizements become more well known, I get the feeling that the pushers of malvertizing are finding it harder and harder to get their wares on to high profile, high traffic sites, with the result being that they are having to pimp their ads to lower traffic, less well known sites where, thankfully, the impact of malvertizing is proportionally lower.

Now, if only we could get MySpace to clean up their act...

Off topic: World's oldest blogger dies...

How sad, even though it is an event that comes to us all.

An Australian lady credited as being the oldest blogger in the world, Olive Riley, died on Saturday - her blog was a lovely thing to read.

Although her blog, www.allaboutolive.com.au, seems to no longer exist (there is no A Record and according to domain tools, no web site), but you can can get a taste of what she wrote about at a temporary blog set up by a friend called "World's Oldest Blogger".

The Sun Java installer still sucks....

I was prompted to install the latest update to Sun Java a short while ago, and the installer still sucks.

1. The installer still triggers a UAC prompt.
2. The installer still does NOT remove old versions of Java - old versions that take 136 megabytes per version.
   
3. The option to install Open Office is still enabled by default, and the English language skills of whoever it was that coded the text on the installer screen need attention. 
   
   I swear, if I see a press releases trumpeting an increase in "users" of OpenOffice...
   
4. There is still no cancel button, and the openoffice.org graphic sucks ... look how pixelated the text and graphics are.
   

ALERT: new malvertizement protocols, courtesy of Kimberley

As always, Kimberley's report makes for fascinating reading:

http://www.bluetack.co.uk/forums/index.php?s=&showtopic=18064&view=findpost&p=88026

What is especially interesting is that the advertisement in question that started the whole thing was NOT a SWF - it was a GIF - hosted by 247mediadirect.com.  The end target, a malicious SWF, is hosted at the same IP.

Hosted (again) in Malaysia, a Robtex search reveals many connections between 247mediadirect.com and known malvertizement domains:

Hostnames sharing IP with A-Records
ns1.aboutstat.com | ns1.adlbrite.com | ns1.akamahi.net | ns1.entrerrenglonadura.com | ns1.googiesindication.com | ns1.newstat.net | ns1.officialstat.com | ns1.quinquecahue.com | ns1.stat-diagnostic-imaging.net | ns1.statetstr.com | ns1.stathisranch.net | ns1.stathome.net | ns1.staticglobalsources.com | ns1.staticglobalsources.net | ns1.station-appraisals.com | ns1.station-appraisals.net | ns1.statnation.net | ns1.statsla.net | ns1.statworld.net | ns1.thetechnorati.com | ns1.vozemiliogaranon.com

Domains using this as nameserver
aboutstat.com | adlbrite.com | akamahi.net | entrerrenglonadura.com | googiesindication.com | newstat.net | officialstat.com | quinquecahue.com | stat-diagnostic-imaging.net | statetstr.com | stathisranch.net | stathome.net | staticglobalsources.com | staticglobalsources.net | station-appraisals.com | station-appraisals.net | statnation.net | statsla.net | statworld.net | thetechnorati.com | vozemiliogaranon.com

WHOIS:

Registrant: Media Hosting Ltd. 32 Jacka Blvd St Kilda VIC, Melbourne 3182 AU +61-03-9534-52830

Domain Name: 247MEDIADIRECT.COM

Administrative Contact: Pearson, Ross rpearson79@yahoo.com 32 Jacka Blvd St Kilda VIC, Melbourne 3182 AU +61-03-9534-52830

Technical Contact: Pearson, Ross rpearson79@yahoo.com 32 Jacka Blvd St Kilda VIC, Melbourne 3182 AU +61-03-9534-52830

247mediadirect.com was created on 18 May 2008.

The WHOIS information looks legitimate, BUT, the phone number has one too many digits for Melbourne (or the whole of Australia for that matter), and as far as I can tell there is no such company as Media Hosting Ltd - and the address is a parking area close to the ocean.

The building that you see in the picture is "Donovans", a restaurant:

BTW, we have seen 247mediadirect.com before (back in January):
http://www.bluetack.co.uk/forums/lofiversion/index.php/t18306.html

ALERT: malvertizement featuring classmates.com

Campaign URLS (you will note that the campaign is identical to the one for the Skype malvertizement):

waytotheprofit.com/?cmpid=contangogo
station-appraisals.com/c/index.php?id=<<removed>>

ALERT: Malvertizement featuring Skype

No company is safe from impersonation....

Campaign URLS:

waytotheprofit.com/?cmpid=contangogo
station-appraisals.com/c/index.php?id=<<removed>>

The waytotheprofit URL leads us to an adverdaemon.com URL, and from there to the fraudware site - I ended up at a German site, being sicherheitstool.com.

Robtex reports that "sicherheitstool.com is a domain controlled by two nameservers at sicherheitstool.com themselves. They are on the same IP network. Incoming mail for sicherheitstool.com is handled by one mailserver which are also at sicherheitstool.com. sicherheitstool.com has one IP record . virusvakt.com, winanonymous.com, avsystemcare.com and at least seven other hosts point to the same IP."

sicherheitstool.com is hosted by Webair Internet Development Inc (http://www.webair.com/).  Feel free to complain to them ;o)

Hostnames sharing IP with A-Records
anchisupaisutsu.com | .anchiwamu2008.com | .antiespiadorado.com | .antispionagepro.com | .antispywaresuite.com | .antivirusforalle.com | .antiviruspcsuite.com | .antiworm2008.com | .avsystemshield.com | .bugdokter.com | .debellaworm2008.com | .defensaantimalware.com | .discosemerros.com | .diskfejlfri.com | .diskrensare.com | .driveproteccion.com | .errorsoshi.com | .fjernervirus.com | .ingavirus.com | .ingenmulighetforvirus.com | .keineviren.com | .kyouikyuuen.com | .maximumantivirus.com | .meinbesterschutz.com | .menacerescue.com | .mistikotitatuipologisti.com | .nettordinateur.com | .onlinepcguard.com | .orantiespion.com | .pcprivacytool.com | .pcrengoringsmaskine.com | .pcsikker.com | .pcveiligheidstool.com | .pcvirusless.com | .plattefehlerfrei.com | .pp-total.com | .privacidadeprotegida.com | .protecaoconfiavel.com | .proteccionconfiable.com | .puliscitutto.com | .rescatedeamenazas.com | .riscattodaminacce.com | .safepctool.com | .shinraihogo.com | .sikkerpcredskap.com | .sistemaimune.com | .skyddsverktyg.com | .smittfri.com | .solutionreg.com | .suiteantispyware.com | .supashuri.com | .suspenzorpc.com | .trojansfiltre.com | .trustedprotection.com | .turvapc.com | .utiledereparation.com | .utilisateursur.com | .virtualpcguard.com | .virusdeteccion.com | .virusfrittsystem.com | .virusstopper.net | .virusuwadame.com | .virusvakt.com | .winanonymous.com | .winsecureav.com | .winspycontrol.com | adioserrores.com | alltiettantivirus.com | anchisupaisutsu.com | anchiwamu2008.com | antiespiadorado.com | antiespionspack.com | antigusanos2008.com | antispionage.com | antispionagepro.com | antispypremium.com | antispywarecontrol.com | antispywareseigyo.com | antispywaresuite.com | antiver2008.com | antivirusaskeladd.com | antivirusgenial.com | antivirusordi.com | antiviruspcpakke.com | antiviruspcsuite.com | antiviruspertutti.com | antivirusscherm.com | antivirussolusjon.com | antiworm2008.com | antiwurm2008.com | aucunsvirus.com | avsystemcare.com | avsystemshield.com | bedreigingsmonitoor.com | bedsteantivirus.com | bereiniger.com | beschermingstool.com | besutohogo.com | bogyotsuru.com | bortmedvirus.com | bugdokter.com | bugsdestroyer.com | debellaworm2008.com | defectshuri.com | diannaoqingjieji.com | discerrorfree.com | discosemerros.com | discosenzaerrori.com | discosinerrores.com | diskfejlfri.com | diskrensare.com | disqudurprotection.com | dokterfix.com | doraibuhogo.com | drivedefender.com | driveproteccion.com | echterschutz.com | effaceurvirus.com | einaprivadesapc.com | elmejorantivirus.com | errclean.com | errorfri.com | errorout.com | errorskydd.com | errorsoshi.com | fehlerbeseitiger.com | fejlrenser.com | fejlreparering.com | felfixare.com | festplattenreiniger.com | fiksfeil.com | filtrodetrojan.com | filtrotroiani.com | fixmenaces.com | fullsystemprotection.com | goldenantispy.com | gorudenanchisupai.com | harddiskvakt.com | harddrevvagt.com | herramientadereparacion.com | hukommelsesbeskytter.com | keinegefahr.com | keinestoerungen.com | konsekieraser.com | kontentsueraser.com | kyoishusei.com | kyouikyuuen.com | liberapc.com | lifelongpc.com | lungavitapc.com | maskinpcpro.com | maximumantivirus.com | megaviruskit.com | megliopc.com | meinbesterschutz.com | melhorpc.com | memoiredefenseur.com | menacerescue.com | menacesecure.com | mendingtool.com | miavcompleto.com | mijnantivirus.com | minnesverktyg.com | mistikotitatuipologisti.com | moncontenuassistant.com | munazifalhasob.com | nettordinateur.com | nientevirus.com | nochanceforvirus.com | nocompromaat.com | noespias.com | norwayvirus.com | nowayvirus.com | nulinfektioner.com | oczyszczaczkomputerza.com | onlinepcguard.com | pasokoneiju.com | pc-prot.com | pcbeskyttelse.com | pcohneviren.com | pcopschoner.com | pcopschoningsstel.com | pcprivacytool.com | pcrengoringsmaskine.com | pcsegura.com | pcsikker.com | pcsikkerhed.com | pcsod.com | pcsuanbukkon.com | pcvirusless.com | pembersihkomputer.com | plattefehlerfrei.com | pp-total.com | privacidadeprotegida.com | privacidadplus.com | proteccionconfiable.com | protectingtool.com | protectioncomplete.com | protejaseudrive.com | protejasudrive.com | protezionesoft.com | puliscitutto.com | puliturasystem.com | regbotemedel.com | regrensere.com | rejishufuku.com | rensningverktyg.com | reparameacas.com | reparamenazas.com | repareja.com | reparetudo.com | rescatedeamenazas.com | riscattodaminacce.com | sanitardiska.com | schijfhersteller.com | schutztool.com | semerros.com | senzaerrori.com | shinraihogo.com | shufukutsuru.com | sikkerpcvaerktoj.com | sininfecciones.com | sistemaimune.com | skyddsverktyg.com | sletingenvirus.com | solutionreg.com | stoltbeskyttelse.com | suiteantispyware.com | supashuri.com | suspenzorpc.com | sysdepannage.com | syskontroller.com | systemesansvirus.com | systemordnare.com | tabortvirus.com | toroianfiruta.com | trojanerfilter.com | trojansfilter.com | trojansfiltre.com | tryggdator.com | turvapc.com | utiledeprotection.com | vacinatotal.com | varrevirus.com | vigilamenazas.com | virenfrierpc.com | virenloescher.com | virenstopper.com | virtual-leatherman.com | virtualpcguard.com | virusdeteccion.com | virusdifesa.com | viruseffaceur.com | virusfjernere.com | virusforsvar.com | virusfrittsystem.com | virusgarde.com | virusschlacht.com | virusseigyo.jp | virusstopper.net | virusudryddet.com | virusuwadame.com | virusvakt.com | virusvanguard.com | wegvonviren.com | winadsiz.com | winanonyme.com | winanonymitet.com | winanonymous.com | winanzen.com | winbescherming.com | windefensa.com | winhogo.com | winpcalmeglio.com | winpcdocteur.com | winpcdoctor.com | winpcdoktor.com | winpckontroll.com | winpcrensare.com | winpcrensere.com | winriservatezza.com | winsecureav.com | winsikkerantivirus.com | winsikretav.com | winspycontrol.com | winsurffilter.com | wintemizleyicisi.com | wintrygghet.com | wirusumuryokuka.com | www.antiwurm2008.com | www.avsystemcare.com | www.besutohogo.com | www.ingavirus.com | zebraantivirus.com

Domains sharing mailservers
acchiappavirus.com | adiosvirus.com | allertaminacce.com | antiamenazas.com | antievidence.com | antivirusfiable.com | antivirusforalle.com | antivirusmagique.com | anzentsuru.com | apagahistorico.com | apolloantivirus.com | archivoprotector.com | archivosenestado.com | atemaiserro.com | atrapavirus.com | aucunchoixpourvirus.com | aucunefaute.com | aucuninfection.com | aucunmenace.com | avseguro.com | bandoaivirus.com | bandoalleinfezioni.com | bastioneantivirus.com | beskyttelseonline.com | beskyttendevaerktoj.com | blanchdisc.com | borresuspasos.com | bossedeserreurs.com | brossedesfautes.com | bugseraser.com | caiforavirus.com | chasseurdeserreures.com | cleanpctool.com | confidentsurf.com | confidentuser.com | contenteraser.com | curerrores.com | dataconfidentiality.com | defensecelebre.com | defensededriver.com | defensedinformation.com | defensedudisque.com | defensenetsurfage.com | defensivesystem.com | dejitarufukugen.com | dejitarukyoikira.com | dejitaruwakuchin.com | detapurotekuta.com | detaripea.com | detectaerrores.com | diskassistent.com | disksizesaver.com | disksparare.com | disukushuri.com | driversecurise.com | einwandfreierpc.com | eliminadordeamenazas.com | elmejorantivirus.com | emperahogo.com | enmiendaerrores.com | eracheisa.com | erasutoppu.com | erreurchasseur.com | errorfighter.com | essentialeraser.com | extremuclean.com | fairukyua.com | feilvakt.com | fejlreparering.com | felfixare.com | ferramentasegura.com | festplattentool.com | fiksdinpc.com | filtredetraces.com | fixthemnow.com | fjernervirus.com | foutenwacht.com | geheugenredder.com | guardiandelaprivacidad.com | gubbishremover.com | hackerstaisaku.com | herramientasegura.com | historialout.com | ingavirus.com | ingenmulighetforvirus.com | inmunepc.com | kakujitsutsuru.com | keinespurenlassen.com | keineviren.com | knowhowprotection.com | konsekiauto.com | kontentsufiruta.com | kurinkonseki.com | kyoiireza.com | largavidapc.com | limpietodo.com | lomejorenantivirus.com | longlifepc.com | lungavitapc.com | manutencaopc.com | menacefighter.com | menacemonitor.com | menacescrubber.com | monitordeamenazas.com | mycontentassistant.com | nettoyeurdeserreures.com | nettoyeurdevirus.com | ohnespurensurfen.com | omelhorantivirus.com | onlineverktyg.com | onrainpurotekuta.com | oruripea.com | pasderreurs.com | pasdesfautes.com | pasendommagement.com | pasplusdespertes.com | pasplusdevirus.com | pcantiviruspro.com | pcassertor.com | pcboosterpro.com | pcbunan.com | pceternel.com | pcforfender.com | pchealthkeeper.com | pchjaelper.com | pckairyo.com | pclibredevirus.com | pcpropre.com | pcredskab.com | pcsansbug.com | pcsecuresystem.com | pcsecurise.com | pctoolpro.com | pcultralimpia.com | pcveiligheidstool.com | perfektantivirus.com | preservingtool.com | privacidadyseguridad.com | privacywarrior.com | protecaoconfiavel.com | proteccioncompleta.com | proteccionimperial.com | protecteurdinfo.com | protectionassuree.com | protectionconue.com | protectiondedriver.com | protectiondenetsurfage.com | proteggidati.com | puraibashihosho.com | puraibashitoshinrai.com | rendimientototal.com | rensanu.com | reparaerrores.com | reparemenaces.com | repareya.com | rimuoviciarpame.com | riparaminacce.com | riparasubito.com | safeharddrive.com | safepctool.com | safudaijoubu.com | salvaspaziosudisco.com | sansendommagement.com | sansinfections.com | sayonarabaggu.com | schijfruimteredder.com | schutzderdaten.com | schutzfuerpc.com | secretosasalvo.com | secretoseguro.com | sefunahimitsu.com | sekretessforsvarare.com | senzadoppioni.com | shingaidome.com | shinraihogo.com | shinraipafomansu.com | shisutemudifensu.com | sichererschutz.com | sikkerbrukere.com | sikkerpcredskap.com | sikkersystem.com | sinataques.com | sinrrastros.com | sinsenales.com | sistemaprotegido.com | sistemupyua.com | sisutemuantei.com | sisutemuorugurin.com | skyddsprogram.com | smittfri.com | speichertool.com | stopbedreiging.com | stopminacce.com | storageprotector.com | succesantivirus.com | surfforsure.com | syssauvegarde.com | systemesansfaute.com | systemhoover.com | systemschild.com | tackanejvirus.com | tilforlatelig.com | trasheraser.com | trojansdestroyer.com | trustedantivirus.com | trustedprotection.com | trygpcbruger.com | turnkeyantivirus.com | uk.prevedhosting.net | unidadessanas.com | usuarioprotegido.com | utiledereparation.com | utilisateursur.com | vaktmotvirus.com | virenvernichter.com | virusbekaemper.com | viruskrakker.com | virussperr.com | virusurimuva.com | virusvanger.com | virusvijand.com | volumformatredskap.com | wirusufinisshu.com | wirusukyua.com | wirusushattodaun.com | yourprivacyguard.com | zentaiwakuchin.com

Domains sharing nameservers
acchiappavirus.com | adiosvirus.com | antiamenazas.com | antievidence.com | antivirusfiable.com | antivirusforalle.com | antivirusmagique.com | anzentsuru.com | apagahistorico.com | apolloantivirus.com | archivosenestado.com | atemaiserro.com | atrapavirus.com | aucunchoixpourvirus.com | aucunefaute.com | aucuninfection.com | aucunmenace.com | avseguro.com | bandoalleinfezioni.com | bastioneantivirus.com | beskyttelseonline.com | beskyttendevaerktoj.com | blanchdisc.com | borresuspasos.com | bossedeserreurs.com | brossedesfautes.com | bugseraser.com | chasseurdeserreures.com | cleanpctool.com | cleanuptool.com | confidentsurf.com | confidentuser.com | contenidoseguros.com | contenteraser.com | curerrores.com | dataconfidentiality.com | defensecelebre.com | defensededriver.com | defensedinformation.com | defensedudisque.com | defensivesystem.com | dejitarufukugen.com | dejitarukyoikira.com | dejitaruwakuchin.com | detapurotekuta.com | detaripea.com | detectaerrores.com | diskassistent.com | disksizesaver.com | disksparare.com | disukushuri.com | doubledefender.com | driversecurise.com | einwandfreierpc.com | eliminadordeamenazas.com | emperahogo.com | enmiendaerrores.com | erasutoppu.com | errorfighter.com | essentialeraser.com | extremuclean.com | fairukyua.com | feilvakt.com | fejlfripc.com | fejlreparering.com | felfixare.com | ferramentasegura.com | festplattentool.com | filtredetraces.com | fixthemnow.com | fjernervirus.com | foutenwacht.com | geheugenredder.com | guardiandelaprivacidad.com | gubbishremover.com | hackerstaisaku.com | herramientasegura.com | historialout.com | ingavirus.com | ingenmulighetforvirus.com | inmunepc.com | keinespurenlassen.com | keineviren.com | knowhowprotection.com | konsekiauto.com | kontentsufiruta.com | kurinkonseki.com | kyoiireza.com | largavidapc.com | limpietodo.com | lomejorenantivirus.com | longlifepc.com | lungavitapc.com | manutencaopc.com | menacefighter.com | menacemonitor.com | menacescrubber.com | monitordeamenazas.com | mycontentassistant.com | netsurfageassure.com | nettoyeurdeserreures.com | nettoyeurdevirus.com | ohnespurensurfen.com | omelhorantivirus.com | onlineverktyg.com | onrainpurotekuta.com | oruripea.com | pasderreurs.com | pasdesfautes.com | pasdesmenaces.com | pasendommagement.com | pasplusdespertes.com | pasplusdevirus.com | pcantiviruspro.com | pcassertor.com | pcboosterpro.com | pcbunan.com | pceternel.com | pcforfender.com | pchealthkeeper.com | pchjaelper.com | pcinforedder.com | pclibredevirus.com | pcredskab.com | pcsansbug.com | pcsecurise.com | pctoolpro.com | pcultralimpia.com | pcveiligheidstool.com | poseidonantivirus.com | preservingtool.com | privacidadgarantizada.com | privacidadyseguridad.com | privacywarrior.com | protecaoconfiavel.com | proteccionasegurada.com | proteccioncompleta.com | proteccionimperial.com | protecteurdinfo.com | protectiondedriver.com | protectiondenetsurfage.com | proteggidati.com | puraibashihosho.com | puraibashitoshinrai.com | rendimientototal.com | rensanu.com | reparaerrores.com | repareja.com | reparemenaces.com | repareya.com | rimuoviciarpame.com | riparaminacce.com | riparasubito.com | safeharddrive.com | safepctool.com | safudaijoubu.com | salvaspaziosudisco.com | sansendommagement.com | sansinfections.com | sayonarabaggu.com | schijfruimteredder.com | schutzderdaten.com | schutzfuerpc.com | secretosasalvo.com | secretoseguro.com | sefunahimitsu.com | sekretessforsvarare.com | senzadoppioni.com | shingaidome.com | shinraihogo.com | shinraipafomansu.com | shisutemudifensu.com | sikkerbrukere.com | sikkerpcredskap.com | sikkersystem.com | sinataques.com | sinrrastros.com | sinsenales.com | sistemaprotegido.com | sistemupyua.com | sisutemuantei.com | sisutemuorugurin.com | skyddsprogram.com | smittfri.com | speichertool.com | stopbedreiging.com | stopminacce.com | succesantivirus.com | surfforsure.com | syssauvegarde.com | systemesansfaute.com | systemhoover.com | systemschild.com | tackanejvirus.com | tilforlatelig.com | trustedantivirus.com | trustedprotection.com | trygpcbruger.com | turnkeyantivirus.com | uk.prevedhosting.net | unidadessanas.com | usuarioprotegido.com | utiledereparation.com | utilisateursur.com | vaktmotvirus.com | virenvernichter.com | virusbekaemper.com | virussperr.com | virusurimuva.com | virusvanger.com | virusvijand.com | volumformatredskap.com | winchesterprotector.com | wirusufinisshu.com | wirusukyua.com | wirusushattodaun.com | zentaiwakuchin.com