Monday, December 31, 2007

UPDATED: Blogger\Blogspot Malware Gang

Well I've posted this info about these blogs in several forums, even posted to Lets see how long it takes Google to remove these, even if they are not currently spewing malware. My documentation ought to be good enough. Updated Info......

Saturday, December 29, 2007

1-5 PCs Unpatched; Flag Malware Sites

Couple of new links in the forums today.

From security researchers in Denmark comes the stat that 1 in 5 machines are unpatched Windows OSes. This of course could lead to zombie armies that run amok across the Net giving me loads of HijackThis! log files to do. Read on about my hobby-to-be continued-for-the-foreseeable-future

And from a malware specialist who has written some great detailed analysis of RBN comes a challenge for users to ruin a malware gangs holidays

Thursday, December 27, 2007

Malware @ Blogspot Blogs......Again

After a short while of inactivity, it appears the BMG(Blogger Malware Group) are at it again. After reading another security blog, I wandered on over and was not disappointed. Every blog I hit once I saw a pattern delivered a good payload of malware, calling out to the same sites. Read about the details here...

Sunday, December 23, 2007

Merry X-Mas Storm Worm!!

The latest variant of the Storm worm is out and about. Some details can be read here in the forums and that thread is linked to more detailed analysis.

Friday, December 21, 2007

Friday Forum Roundup

Was a busy day and I didn't have time to post these as they were added to the forum so here's the round up.

A security and privacy researcher informs as to the effectiveness of crowd rating phish sites. His discovery may well shock you at how easy the system can be 'gamed'.

PG is out once again, donning his 'Godamm Batman' attire to show a script kiddie how easily they get 0wnd. Always a good read.

Anti-virus vendor AVG has subpoenaed major software and Internet companies to gain counterfeiters info and none of these companies have complied.

And some guys got busted over on MySpace for mass spamming so you know it won't be a very good X-Mas for those guys...I know a tear welled up in my eye too....NOT!!

Then the good folks at eWeek share with us a researchers reverse engineering of malware that showed how very complex and professional it is in it's distribution.

Finally we have some launch dates for F-1 cars in '08 and the hpHosts competition comes to an end.

Thursday, December 20, 2007 Installs Spyware & Proxy!

Wow...this sounds really bad. A researcher from CA, formerly PestPatrol joined a community for and got something he didn't bargain for....spyware! A proxy was installed and tracked and sent information to a
third party marketing company!
Read on for frightening details.

Teens Cherish Privacy

As more teens blog, IM and create pages on social networks, it has begun to look as tho they cherish their personal info. Most are very selective with whom they share that info with. That can only be a good thing

Kaspersky Update Cripples Boxes

It would seem the latest update from Kaspersky to their anti-virus has caused a few systems to crash, and it's the second time this week. See what happens to systems....

New Version: AVG Anti-Virus Free Edition

The good folks at AVG Grisoft have just updated the free version of their popular free anti-virus program. Details & download link

RBN Business End Examined

Our favorite RBN blog has a look into the business end of getting paid thru rogue installs of the gang most reportedly responsible for all the malware on the Net. Very well detailed with graphics and links.

Wednesday, December 19, 2007

Google Ad Accounts Hijacked

Another problem related to Google ad accounts. It seems they are being hijacked to rogue servers and of course offering users the usual...malware.

Google is aware of the problem and working to eliminate as many of these accounts as possible.

Google Orkut Worm Spreading

Those of you who use the Google Orkut social networking site need to read about the worm spreading which infects you just by viewing it! 400,000 already infected.

Tuesday, December 18, 2007

Tuesday Forum Threads

Tuesday was a busy day in the forums. And I didn't get a chance to post 'as it happened' what with X-Mas stuff to get done still.

Direct Revenue is back in the news, with Dutch firms being fined for unauthorized installs. Who knew? Too bad the gang in the states didn't get what they deserved.

The Zone alarm\ toolbar thread links to some very interesting ommentary, mostly against, where there is always one guy who see the ruckus over naught. Probably one of the affiliates, they can never see the unethical side of things.

Speaking of Zone Alarm, there seem to be some problems with the latest updated version, so if you have it let us know if you're experiencing troubles.

Got Google's toolbar? Then you'll want to read this about an unpatched hole, leaving users exposed to phish attempts.

Bit Defender released its Top 10 Malware for '07 today as well. I don't suppose anything new will crop up to make the list.

Last but not least, a security researcher thinks Facebook's registration page asks for a little too much info about you and expresses concerns. To be honest, I think he has a point.

Well there you have it, lots of reading to catch up on....enjoy and don't forget to offer your thoughts. The forum only thrives when the people are heard.

Monday, December 17, 2007

Zombie to Botnet to.....?

A security researcher thinks the botnet as it's become to be known as needs to be called something else. Their reasoning is that it no longer properly describes the level of activity that it does. Got any suggestions?

Zone Alarm & Toolbar, Money For Them, Annoyance For You

Well Zone Alarm has decided to try and make a few buck off unknowing users.

Following Webroot's lead, they've added a 'spyblocker'\toolbar. Of course the install option is already ticked for your convenience, isn't that nice of them? thanks ZA.

And by pre-ticking that lil box, it almost guarantees many installs, thereby leading to mucho money for ZA and of course a well. Vent your
anger here....

Sunday, December 16, 2007

Complex Trojan Stealing Bank Info

A highly crafted trojan is stealing bank account info from certain types of accounts and doing so very quietly. It's one of those types of programs that even tho made by lowlifes, researchers are impressed by the complexity. Lets hope this trend does not take off

Friday, December 14, 2007

RBN: They Can Run, But They Can't Hide

With success comes notoriety. In most cases this is a good thing. Unless of course you're a criminal enterprise. In that case, the more exposure you get the more you increase your chances of getting caught and or having to uproot your operations. This is the challenge facing the Russian Business Network. Read more on RBN tracking

Password Recovery....Too Easy?

A researcher writes about the weakness of password recovery questions and wonders why they are not more complex and or more in number. How hard are your pw questions....?

Thursday, December 13, 2007

Root Kits On One In Five PCs

The folks over at PCWorld have a new set of stats, collected with Prevx that indicates root kits are on 20% of all machines. Read More Here.

Wednesday, December 12, 2007

Hot Phish & Spam Links, Cookie Issues & HP Laptop Security Woes

Once again, the Phish & Spam forum are taking the bustling 'n' hustling title for the day. Symantec has a new trend to speak of, fake newsletters. Anything you can think of, spammers will try. And then some.

From a respected security analysis, we get an overlook of the last year in spam. Trends new and old, site life for phishes and more.

As spam increases each year, it climbs higher as a total amount of email sent. These numbers almost can't be believed, upwards of 90% were spam in '07

Own an HP laptop? It appears some of the software involved exposes users to a risk of getting hijacked

For the last entry into the daily grind we have a couple of tools which may allow some cookie security holes to be exposed or created. There may finally be a reason to fear cookies.

Tuesday, December 11, 2007

Patch Tuesday, Dec '07

Today MS released 7 updates to Windows users. 3 critical, and 4 inportant. Be sure to get yours. Check 'em out.

Trend Micro Monthly Round Up

Well it's time for a monthly round up of what's been hot and popular with the scumbags who make malware and today Trend Micro has Novembers details

Encrypt Your MSN IM Convos

Today we have a small tool which will help keep your MSN IM conversations limited to who you want to receive them. A must have for all those 'personal' IMs we all make eh?? Not to mention it may keep the boss from knowing you're planning to sneak off to a game one afternoon. Check it out now....

Phishing & Spam News Today!!

This morning starts out with a bang in the Phishing and Spam forum, with articles from Symantec referencing credit unions and community banks being targeted, and we have the best and worst domain registrars from Brian Krebs at Security Fix.

Then at Computer World they look at the latest Web 2.0 trends which may affect DNS servers. Finally we have Avert Labs talking about recent trends in spam and phishing campaigns.

Whew....that wore me out, go check 'em out and drop a comment.

Monday, December 10, 2007

Links In The forum Dec 11

It would appear something that's been being talked about has finally come about, malware using RSS feeds to push files to users. Took them long enough, we've been hearing about the possibility for a couple of years, I've got two links related in this latest thread

A phishing campaign that's been going on for a month at least gets some updated info, and of course the home sites are in China, the new play ground for scumbags, go figure

The rogues list from Malwarebytes gets some new additions this last week or so

For a little chuck at the expense of MS, some people have come up with what may or may not be Windows error messages

Symantec Monthly Spam Report

This month Symantec catalogs the holiday spam subjects, looks at the last 12 months of wonderful inbox filling spam and mentions new email harvesting campaign by spammers. See more here...

MS Launches New Password Site

MS has decided to offer users a new way to keep track of their passwords, with a new site. I guess they figure if they make it easy enough, then users won't have so much trouble remembering longer, complex pws and make things a tick safer. Read about it here and comment

Friday, December 07, 2007

Exploits Held In Search Cache

As ever expansive as search is becoming, who would think that you could find all sorts of exploit code hiding where it could circumvent security software? Not me.....

RBN Rogue Spreading Domains

As RBN gets more exposed, so to do their inner workings. One thing that has come to light is their ever increasing amount of rogue spreading domains

Jedi Tool Dissection

Continuing on the George Lucas\StarWars connection, we have a look at the innards of a lightsabre

Dec. 6 Forum Links

It's that time of the month, MS has released Decembers Bulletin Advanced Notice, with 4 critical updates and 3 important one.

In Kaspersky's quarterly malware code analysis we get a break down of the hottest trends in malware. Always interesting stuff there.

Interested in how bots work on the Web? Then this in depth read of an IRC botnet is for you.

For those of us who are true geeks, a look into George Lucas' Skywalker Ranch sound studios will be a pretty cool quick tour.

Wednesday, December 05, 2007

Dec 5 Threads....

Looks like MS pulled out all the stops when it came to naming the next iteration of IE. Probably cost them hundreds of thousands, maybe millions in consumer testing, brand recognition and the like. ....See if it was worth it

It looks like they've found a way to make cookies a bit more of a threat. With new variants, they can circumvent some cookie control apps and anti-spyware tools. Read the crumby details here

With Vistas spiffy aero looks and improved over all display, it appears that MS decided to put a twist on the Vista offers a PSOD.

AV vendors have gathered to see if they can nail down testing guideline that will give users a sense of conformity. Yeah, sure....we all know how well the naming convention meeting went. More here...

Todays Links

There is a new tactic malware scum are trying out. Rather than telling users they need a codec to install, instead they say there is an error with playback to get their crap installed. Found by MS MVP WinHelp2002, Read more about it...

Researchers at F-Secure claim malware has risen 100% over the last 12 months, doubling the amount it took 20 years to get to. Pretty scary....comment here

To soften the bad PR they have gotten, MS has decided to soften their policy on pirated software and re-do the whole set up. See the details here

Come into the forums and meet our latest moderator, he's been with us since the get go....Meet Johnincal

Wednesday, November 28, 2007

RBN Directly Behind Google Search Poisoning

Well as no surprise, the RBN was behind the recent Google search poisoning. Lots of good detailed analysis will keep RBN moving, and that's never good if you're a criminal. Too much time spent on evading the authorities will cause
Read On...


Defeating CAPTCHA encoded websites is one malware scumbags biggest problems.

But they have ways of doing, including service that use the human element. Likely some third world country paying absurdly small amounts of money. More Here

Gromozon Gang Turns To Rogues & Social engineering

Looks like the boys behind Gromozon malware have turned to social engineering and rogues to pull in unknowing users. Read All About It!!....

Fake YouTube Links, New Spam Gang?

Well in the phishing and spam forum we have two new items. The first deals with some spam containing fake YouTube links that -GASP! to malware! OMG! Whoda thunk they could do that? Hehe.

Next we have what looks to be some gang trying to reach Storm worm gang notoriety. Using celebs names as bait, they of course get suckers to install their trojans by duping them into opening emails. Uh-Huh...When will people get a clue? Have you been suckered in?

Corrupted Google Searches = Malware

I for one trust Google to provide fairly safe search results. But in this day and age of malware scumbags looking at every vector to infect, they've combined two tactics, a type of 'seeding' of key search words and drive-by downloads.

While doing a search for my son I stumbled upon some odd search results which led to something that has gotten huge and is making alot of news on main media sites. I call it Google Poisoning.

Tuesday, November 27, 2007

More IFRAME Exploited Sites Found

Researchers are finding more malicious hacking of well visited popular sites using IFRAME exploits to take them over. And as usual, these exploits can be traced back to......give ya 2 guesses.

FTC: 8 Mil ID Theft Victims

From the FTC, over 8 million people victims of ID theft. In at least half of the instances less than $500 was pilfered. In 10% of the incidents over $6000 was taken. Read More Here.....

Hotmail & eBay Phish, New Online Bak Threat

This morning PG alerts us to a Hotmail & eBay phish that didn't quite work as well as it could have, but it got at least one poor soul. Be sure to check out the image of the obvious mistake.

And then F-Secure notes that there is a new threat to online banking. They call it 'Man in the browser'. Read on for details on both....

Pr0n Ring Busted, EBook & Equifax Scam?

Couple of interesting reads in our General Software\Internet forums today, first up we have a Mom who helps police in Spain bust a kiddie pr0n ring after she stumbles upon some images. Resulting in 13 arrests. Always a good thing to rid the Net of low life, sick scumbags such as these pedophiles.

Then we have an instance of a blogger who made an innocent post about a charge to his credit card from a company he'd never heard of. Suddenly the post takes on a life of its own as others also complain of the same thing. The link appears to be Equifax. Investigations are of course ongoing.

Offer your opinons here....

Monday, November 26, 2007

MS Learning From WGA Fiascos, To What End?

Based on the last summers fiasco with WGA, MS claims it's learning from those mistakes. Some people would suggest to simply dump it. What do you think?

Windows Bug Found, All OSes Affected

udjitjvqMS has been alerted to a serious bug in all Windows operating systems which could allow malicious code to execute, especially not in the US.Herrre We Go Again......

Tuesday, November 20, 2007

New Spam Campaign w\.scr Files

Two top anti spam companies find new campaign spreading trojan using a .scr file. Y-A-W-N....spam, What, me worry? Nope

WinPatrol 'Top 9 Windows Utilities'

Hot on the heels of WinPatrol's birthday, comes an award as one of 'Top Windows Utilities' by a popular online website. It's almost as if everyone has begun to find out what I've always thought, Scotty is just one of the best pieces of software you can have on your PV. Don't you think so?

3 Good Reads Today

We've got 3 new stories which I think are good reading for all.

First we have RBN involved with a hack. The site pages affected have been pulled but those guys get into everything.

Secondly, with holidays around the corner you can bet malware scumbags are spooling up email spam attacks to try and trick users with social engineering tactics. Watch your inbox for those amazing deals which seem to good to be true, because they are.

And lastly, in an effort to curb the malware guys researchers suggest trying to hit them where it hurts, the pocket. Too bad they can't all agree on how to do just that. Then there's the problem of prosecution. The scumbags hide out in countries that don't exactly have any real effectual policy on Net crime.

Read more and add your thoughts.....

Monday, November 19, 2007

Huge China Based Phish Attack On MySpace

Looks like MySpace has fallen victim to a huge China based phish campaign. All domains involved end at that TLD, .cn. I'm sure the MySpace IT staff is on the job tho, all 1-2 of them. Unless it's holiday season. Or after 5PM. Phishing For
IDs @ MySpace

Spell Carefully When You Search

This isn't exactly new information here. Many of you know this, misspell a search, and you can land on some malware site. But for those who don't know.... Get educated some

By 2010, Net Too Clogged

Researchers predict by then we won't be able to use the Net. Too many viral sites, online purchases and search engines will be the end of the Net as we know it. Yeah, yeah sure sure, talk about FUD. The Sky Is Falling....NOT

More Rogue Banner Ads

Yes, this is becoming a more popular trend these days. Seems like every week we find another site with rogue banner ads. Follow The Latest Banner Ad Problem

Sunday, November 18, 2007

New MSN IM Trojan On The Loose

eSafe security researchers have discovered a new MSN trojan spreading thru the Net. It's controlled via an IRC channel. More Here....

Happy Birthday WinPatrol!!

Scotty is 10 years old tomorrow. For ten years BillP has been offering this freeware product which has helped countless Net users regain some control of their machines.

As the Net has become ever more dangerous, Bill has added many security related tools to keep that control. And never has a cooler more concerned guy for the Joe Net user. And it's been free for the basic program, which for each upgrade still includes some neat stuff.

So everyone help Bill blow out the candles and wish for WinPatrol's continued stride to becoming one of the Nets most popular 'must haves' on any system.

HAPPY BIRTHDAY Scotty & Bill! Celebrate here.....

Friday, November 16, 2007

McAfee: Doom & Gloom, or FUD?

The researchers at McAfee are predicting more complex and intelligent bots, as well as attacks of gaming sites and more concentrated effort to breaking Vista in 2008. More here....

Economy Of Malware Tools

Back in October a security researcher had a look into the economy of proprietary tools used and sold by malware authors. It's a pretty interesting read, they really do operate as small, but illegal businesses. Tracking The Tools....

Thursday, November 15, 2007

RBN Not 'Gone' At All

Not that anyone really expected them to fold up and go home, but some further analysis into their core IPs show no changes at all. Follow The Detectives...

Zlob Boys Change Things Up

As opposed to the Storm worm gang, the asshats that push the fake codecs, which turn out to be Zlob infections have finally made a slight change. Instead of tricking users into installing a codec, they're now saying you need to update your flash player. See More here....

Wednesday, November 14, 2007

RBN Into Rogue Ad Serving Too

Well, it's not like this would surprise anyone. The RBN seem to have a hand in just about every illegal operation on the Net. Why not ad serving? There sure is alot of it going on these days. RBN Does Banner Ads....

Y-A-W-N...New Storm Tactic......

Yeah, those boy backing the Storm worm keep coming up with new ways to try and hide. Now they're using re-directs to Geocities web pages. Read on.....

Google BlogSpot:Malware Source Part 2

Yes, that's right, the BMG have recently changed things up for the worse since last time.

Now you can get, along with the latest info in the blog sphere, a Vundo\Virtumondo infection, any form of SDBot variants, RDBot backdoors and Zlob infections. Of and it goes without saying you'll also be able to get the generic annoying type of adware that comes with the previously mentioned goodies.

And I didn't have to do a thing, just land on one of the thousands and thousands splogs which are set up just to do this, spread malware. Google knows about them. Myself and one of the Blog*Stars have communicated information all about this amazing nastiness running around. All you have to do is go 'Next Blog' hunting. But I warn you not to do this unless you have a machine you don't care much about and has no data on it, because these blogs can crush the average machine to bits.

See what I got with no effort at all. And pray you don't ever run into one of these. Google BlogSpot: Great Place For Malware

Tuesday, November 13, 2007

This Weeks Storm Update

This weeks variant is a stock scam and a pop up as well. As per usual, don't open any unknown or even ever so slightly suspicious emails. If you do....well then you sure won't do it a second time now will ya? Storm Worm Update Thread

Nov. MS Updates

This months Microsoft Updates are now available. Only two, one labeled as critical, the other important. Git 'em quick!

RockPhish Spam Gang Using YouTube

Looks like this gang have picked YouTube for a campaign of spam. Naturally, if you open any unwanted emails, you deserve what you get, so pay attention!!
RockPhish Gang Spam Info

ZoneAlarm Anti-Spyware Free!

In an effort to get users protected as well as push their new ForceField virtual browser, CheckPoint software, makers of Zone Alarm security products is offering ZA Anti-Spyware for free. The virtual browser is also free. Check it out here

Monday, November 12, 2007

RBN Setup Shop In India?

Well it looks as tho after running out of China, perhaps due to the quick research of determined security researchers, the RBN boys have popped up in India.

As per usual, screen caps and direct code snippets supply all the info you need to draw your own conclusions. Lets hope India does not become a haven for malware as it has for outsourcing. Follow the bouncing gang....

Sunday, November 11, 2007

MySpace Bands Hacked

If you've got a band on MySpace or have a fav band bookmarked, you're goint to want to read this and learn about this hack. Seems tons of band profiles have been hacked pretty good, and MySpace does not appear to have a handle on it yet.

MySpace Band Hacks Galore

Saturday, November 10, 2007

RBN Moves Off Radar?

The Russian Business Network set up shop in China on approximately Nov. 8. As of late Friday, they have disappeared off the radar.

Could the RBN gang be diversifying their network? Perhaps the publicity has them breaking things up to try and subvert quick attention? Read what the experts think.....

Friday, November 09, 2007

Email Poll In forum

Well I have a new poll in the forum. It's an inquiry into how often you check your email through out the day. Why don't you check it out and vote

Thursday, November 08, 2007

RBN: Whack-A-Mole

Well the boys over at RBN have started what amounts to a shell game of sorts. They have begun to use a different IP than they had previously. This is not anything new or unexpected.

They've been doing this since 2004. What's new is that they are now monitored by a lot of people. People who are just as motivated to exposing them as they are to ripping people off. They keep moving, the security community keeps whacking them down. Watch the shell game

Rogues List Update Info

Well after a long time off I'm back to updating the RogueRemover rogues thread. Far too many for me to list as it's been 10 weeks. See More Here.

Wednesday, November 07, 2007

IEDefender Rogue Devs Try Defending Actions

These rogue developers tried to defend their unethical lowly existence to several seasoned security experts. It was a slaughter. Read On!

Russian Business Network Offline?


Brian Krebs of Security Fix @ the Washinton Post says it's possible RBN may relocate servers to China.

Well at Trend Labs is reporting that IPs related to RBN are no longer resolving. This could be one of two things, either they have been shut down, or they are re-configuring.

Wanna guess where I'm putting my money? Wait...there's more!!

Sorry, I ain't been posting much

Sorry it's been so long since my last blog. Had a case of the 'blahs' and could not get motivated.

Here is a round up of the last couple of weeks and I promise to blog more regularly.

Child porn websites 'worsening'
Sophos: Top spam-relaying countries - US leads the way
Magazine Sites Serving Malware
Corporate malware on the rise
Bots Rise in the Enterprise
Internet Researchers Discover New Hacking Service Site
FTC: Let us fine spyware operations, already!
New WinPatrol Features: Windows Update & Browser Alerts
Botnet on Demand Service
Storm Worm Updates [Oct 30]
MessageLabs Intelligence Report for October 2007
Whois studies approved, privacy deferred
AOL to let users block targeted Web ads???
Police dismantle global child porn network
Hijacking Flash banner advertisements again...
Do Search Engines Need To Be Regulated?
Russian Business Network: Cyber Criminal Haven

Wednesday, October 17, 2007

Been Slow In Forums And I've Been Busy

These last two weeks I've been very busy with a new 'old' PC that's been giving me fits still and working on a series of splog farms right here on Blogger. Stay tuned for more on this, it involves a huge amount of blogs, like over 3000, all of them connected and all pure spam.

This last week or so has been a little quiet tho, here are a couple hi-lights:

New TLD: .asia

Phishtank First Annual Report

Storm Worm Ratchets Up

This latest version is now set up to propagate by looking for address books to cultivate and spam, and also looks for files related to websites, such as .htm, .html, and .php files and inject malicious IFRAME code into them.

This is a big step for this gang and researchers say it's a step that indicates there may be sales on the code soon to come. Read More Here

Tuesday, October 02, 2007

AIM Flaw Exposed, No Fix Yet

Looks like yet another security exploit has been found in AIM. AOL admits so, but no fix in sight. Read & Disucss Here

Sunday, September 30, 2007

Weekly Roundup-Sept 30

Apologies for not blogging the last week or so. I've been involved with a 'donated' Pc for me to play with and it's been giving me fits with every turn.

Here is a round up of the some of the forum topics:
WinPatrol PLUS Data Collection

Radical Rethink Of The Net Under Way

AOL AIM Security Hole

MS Extends XP's Life For OEMs

.Net Domain Becoming Havin For Cyber Criminals

Report: Increase In Phish Attacks, New Techniques

Thursday, September 20, 2007

Spyslay: New Rogue?

Looks like this is a brand new rogue, not much via Google at all. They joined my site and left a link to it in their siggy. Guess that was a bad idea, eh?

When you go to their site you get an immediate re-direct for another known rogue install. Guess who spread the news all over the Net? This will be updated as more info is found. Read More Here

Blogger Malware Gang Update

Well today the Blogger Malware Gang(BMG) changed things up some. I got hit yesterday with a rogue anti-spyware install. But we're onto them, quick as a cobra to a mongoose. Read Details Here

Wednesday, September 19, 2007

Blogger\Blogspot Malware: Reloaded

I got two links yesterday from Chuck, of The Real Blogger Status and boy oh boy, they sure did not disappoint.

After clicking a single link, each leading to an .hk(Hong Kong) domain and sitting there a few minutes while IM'ing Chuck, things started to happen and happen fast.

First hint was Process Explorer activity. I noticed in my task tray it began to get jumpy and was figuring I'd see the same as
last time. But no, this was not the same.....this would turn out to be much worse.

The activity got so crazy I was expecting the machine to freeze up, but it didn't. It maintained a balance of activity with files loading and deleting themselves for at least 45 minutes. In that while I got Drive Cleaner installed as well as a few rootkits too.
See The Carnage Here

Wednesday, September 12, 2007

Gromozon Malaware SSL Certified?


How can this happen, a notoriously famous piece of malware gets 'certified' by a popular and well known Internet certificate issuing company. Something is wrong, very wrong.

One would think that they would have this company on a blacklist of sorts yes? Read & Discuss Here

Tuesday, September 11, 2007

MS Windows Monthly Security Updates

MS has released their monthly updates for Windows OSs. One critical and 3 important.

See some details right here

MS Windows Monthly Security Updates

MS has released their monthly updates for Windows OSs. One critical and 3 important.

See some details right here

Sunday, September 09, 2007

WinPatrol Minor Update

BillP has yet made available another WinPatrol update. With the recent change in v12 to the 'newer' Scotty icon and subsequent complaining that many users like the older icon, Bill now has included an option to use either or. Really, now how cool is Bill? Read More Here


With all the hoopla that seems to be heaped upon each and every new Storm\Nuwar\Peacomm\Peed\Zhelatin worm I thought I'd make a quick little template for these alerts so security people could make posting said alerts a little bit easier.

Mind you, I may not give too much attention to this because it's the easiest thing to avoid. Just don't open any unknown\odd\unusual\ emails! Plain as that. If you do, then you deserve what you get. Yea, it's harsh....get over it.

See my post here

Monday, September 03, 2007

Spybot Search and Destroy 1.5 Final Release

Safer-Networking finally releases the new, latest and greatest Spybot Search & Destroy. Accept no substitutes, as many use the 'Spybot' name to rip off the good people who made the application the big success it is today.

They made a ton of improvements and its already Vista capable right out of the box, unlike some other anti-spyware company that took another month or so.

To read about all the highlights and check out the home page right here,

Bot Infections Multiply Like Bunnies: SDFix to The Rescue

Within the world of malware there are a couple of infections which seem to develop new variants very quickly. The type which seem to be the fastest, with new variants uncovered daily are of the 'bot' variety. These include but are not limited to backdoors, proxies, password stealers, downloaders\droppers and spambots.

Their names can strike fear in the hearts and minds of IT professionals all across the world not to mention make a home user nearly passout. Hacker Defender, InfoStealer, Rustock are but to name a few.

These can in many cases be cleaned up, tho to be honest, wiping the drive and reformatting to reinstall Windows is probably the best advice. If you have one of these then you'll be needing to use a specialized tool called SDFix, by Andy Manchesta.

Do not attempt to clean any bots on your own. These can require some specific registry fixes even before you begin cleaning, not to mention many bots are coded to prevent running of removal tools. Instead first install and run HijackThis! and post the resultant log into my Countermeasures: Extraction Hlep forum and I'll assist in removal.

Sunday, September 02, 2007

'Next Blog' Button Infects Users

Just the other week, I posted about WinAntiVirus links which were found to be on some blogs. All of which were taken down by Google. Now these were specific blogs created to drive traffic to either infect or dupe users.

Then Sunbelt Blog posted about Storm worm links embedded into Blogger\Blogspot blogs. Again, specifically created to infect.

This weekend I decided to go looking for malware and boy did I find it! First link I hit, POW!! Malware got installed immediately. And some not very well detected malware either. I went out twice and got infected within 1 minute the first time and within 3 minutes the second time and I found a bunch of blogs all pushing the same malware. Read more about it, see the scan results right here

Friday, August 31, 2007

Not Just Pr0n Sites Infect

So there you are thinking you're all safe and sound cause you don't surf those nasty pr0n sites and can't get slammed with nasties right? WRONG!

A honeypot study shows that the percentage of other types if sites that contain malware are right behind those adult content sites, and not that far behind either.

I guess we only hear more about the adult content sites because there are more people perusing those sites than others. Ever get infected by a site which looked' safe? Talk about it right here

Malware Authhors 'Spamdexing'

Looks like the malware scumbags have come up with a new tactic to try and rope in victims. They seed forums with bogus posts, luring users with pix of their fav celeb and then once at the site, users get prompted for a codec install.

It's called Spamdexing. Wanna voice your outrage? Read more and join the discussion

Wednesday, August 29, 2007

Zango: Another Hit In The Bulkhead...YEAA

Well Zango has once again been beaten by the legal system. Their suit against a well known anti-virus company has been thrown out. That's twice in one two days even! Could this be the beginning of the end? We can only hope. Karma, it's a bitch. Read More And Share Your Opinion

Tuesday, August 28, 2007

Storm Embedded Links In Blogs!

Sunbelt researchers find Storm related links, supposedly pointing to YouTube embedded in blogs. Read More Here

Ad-Aware 2007: Vista Ready

Lavasoft has finally come out with a Vista capable version of Ad-Aware.
Read More Here

Monday, August 27, 2007

MS WGA Servers Fixed

Well it appears that the WGA servers have been fixed. According to MS, only about 12,000 machines were affected. And I think more than half of them posted somewhere about it. Read More Here

Sunday, August 26, 2007

Zango Hijacking Search Results?!

OK, like this should surprise....................who? Certainly not anyone familiar with any of their other tactics at trying to gain installs via any sneaky way they can thing of.

Lowlife scumbags and the FTC let them slip right thru their fingers. Read More Here

Saturday, August 25, 2007

New Storm Worm Tactic

It looks like the scumbags behind the Storm worm have changed things up again. Now they have begun to circulate spam with links 'supposedly' to YouTube, but in fact are bots controlled and designed to deliver malware. As usual, users need to be vigilant and never open any emails from someone you don't know, and even if you do know them, verify the contents of any links. Read More Here

MS WGA Servers Down, Chaos Ensues......Not Really

UPDATE: MS Claims to have fixed the problem, see forum thread.

Ok, it would seem there is a glitch with MS Windows Genuine Advantage servers. Users are being told thier copies of Windows are invalid. It affects Vista users more than most others. Just what MS didn't need. Read More Here

Friday, August 24, 2007

Rogue\Suspect Software Ads In Blogger Blogs

Recently while perusing Digg, I came across a blog on Google Blogger domains pushing rogue software, WinFixer to be specific. I buried it and with the help of another blogger, had it shut down.

Now we're on a mission, looking for more rogues. They seem to run in groups, and almost all are identical in design and content, with a big 'ad' right at the top.

We're hopeful that Google will step up and do something about what could be a very serious problem for unsuspecting users. It's not so much the software that's bad, but they want you to buy the stuff to remove threats and we all know that's a scam. Read More Here

Thursday, August 23, 2007

Open Any eCards Lately? HijackThis Analysis Required

Well, if you have, shame on you. If you opened on and then clicked on the link contained therein, you ought to be smacked! People like you make spammers rich just on curiosity alone. WAKE UP!

NEVER open emails unless the sender is known to you. NEVER click a link in a suspicious email. If you have done so, you'll need to get HijackThis! from here
and install as instructed. Then post a log into my
Extraction Help Forum

Of course you'll need to register to gain access and post the log.

I'll be all over it, like white on 3, 5 or 10 day waiting at this forum, no sir.

Wednesday, August 22, 2007

Update Your YaHoo IM

The folks at YaHoo have issued a security patch for their IM users. Read More Here

Monday, August 20, 2007

Tech Support Alert Mentions Us!

qtkbkOnce again my site has been featured in a newsletter which as it turns out has brought over two dozen new users to the site. After being mentioned in TechSupport Alert Newsletter the doors were busted down by people looking to join! An amazing display of how popular it is and how much they regard Gizmo's

They featured us as a site to get quick HijackThis! analysis.

I've been mentioned in several other newsletters, Clif Notes, InfoPackets, BootLIST, LanagList and Daves Computer Tips.

But none of those have ever generated this level of new user memberships. Not to take away from any of those publications mind you.

So thanks to everyone who joined, thanks to Gizmo(I emailed him personally to do so) and I hope the new users find the site\forum contains info they find helpful.

Friday, August 17, 2007

Got Pop Ups? Spyware? Unknown Rogue Apps?

Then you may have something on your system which you didn't ask for. Likely you're not sure where you even go it.

But help is just a few clicks away. Find out if your system is dragging due to malware installed, using up your CPU and making regular normal day to day operations a real painfully slow process.

With a HijackThis! log file I can help you find and remove these bits of annoying software\files\folders registry entries.

And it won't take 3 days. Or 5 days. Or 10 for that matter. I can get you going right away.

Join the forum and drop your log into the Countermeasures: Extraction Help section.

I'm waiting.

Weekly Round Up- Aug. 17 2007

Well the week started out with the concern over domain name parking and how users can be re-directed to malware sites via ads. Seems to be a growing trend, malware\rogue affiliates use legit means to sneak in thru the back door on viable sites.

Tuesday brought us a new blog by PayPal. Why this wasn't started sooner I have no idea. You'd think it would be a no brainer, so they could address the latest security concerns as it relates to phishing emails.

Wednesday was a busy day. We were warned about the threats about cyber squatting. This is when the bad guys buy up domains looking to make a fast buck. 248% increase in one year!

Wednesday was also the day we found that nearly 60% of are clueless as it regards to online threats. This day also brought us new ransomeware. Then there was the 0 day YaHoo! IM exploit

Thursday brought news of rogue DNS servers which could re-direct users to malware sites when errors were made looking for legit sites.

Friday looks sort of quiet so far. Just an article about ad servers perhaps clogging the Tubes. And a related one about some websites actually blocking FireFox users because they don't spend any money on said sites.

There was also an update to the Malwarebytes Rogues list.

Thursday, August 02, 2007

New Release: WinPatrol 2007 v12

I had a brief exclusive on this a few days ago, but now it's official, WinPatrol 2007 v12 now release to the masses.

What's new? A new Scotty icon which looks marvelous and there are two new report buttons, one provides a HijackPatrol log(similar to HijackThis!) and a SpreadSheet log button as well. It's now easier to access PLUS features as well
as update future options.

Read More Details Here

Tuesday, July 31, 2007

Zango Busted By Ben Edelman

Once again, the venerable Ben Edelman has caught the scumbags at Zango doing the things they were told and agreed not to do. The FTC leveled a fine for these
types of practices. Yet it seems the 3 million was not quite enough of a deterrent.

I'd make a 3 million dollar bet the FTC don't do much of anything different. Launch big investigation, make a bunch of press releases, give the illusion that they're gonna do something. And in the end, it all turns out to be smoke and mirrors. Zango pays some minute fine, FTC feels better, Zango laughs all the way to the bank.

Rinse wash and repeat. Read More and Discuss

Monday, July 16, 2007

Vista & Spam\Phish Forums Busy This Week

Lots of tips and news on Vista and Vista SP1. Read More In Vista Forum

FBI says more spam prosecutions coming, Symantec monthly spam report and instant phishing scams for sale. Read More In Phishing & Spam Forum

Tuesday, July 10, 2007

Tuesday, July 03, 2007

AOHell Forcing AIM Updates

AOHell is forcing users of its AIM IM software to upgrade or be unable to use the product. Read & Discuss Here

And don't forget to Digg It!

iPhone Phish & 30K New Malware Sites Daily

iPhone phish spotted in the wild already, but the spammers weren't as fast as the malware guys. Read & Discuss Here

And up from 5,000 sites per month, new malware sites take a huge jump in just a few months. YIKES! Read & Discuss Here

Monday, July 02, 2007

New Rogues Aplenty

We have several new entries into the Rogue anti-spyware listings. We now have three great resources for this, Eric Howes' list (no recent updates), as well as the developers of RogueRemover at Malwarebytes and finally Security Cadets.

With these guys on the job, rogues don't stand a chance in hell of getting too many victims to bite on their sleazy products. Read & Discuss Here

Got one of these rogues on your system? Post a HijackThis! log into our Countermeasures: Extraction Help Forum

Saturday, June 30, 2007

Weekly Round Up

As I was away for most of the week, I'll give a little round up of what's been posted since my return.

Another Fake MS Email Update Alert

As usual, don't click these emails, you're likely to need a visit to our Extraction Forums

Why We Click On Spam

A bit of research into the hows and whys of the social engineering tricks spammer use.

Another Storm On The Net

Latest variants of the Storm worm have resurfaced and are filing inboxes over the Net.

iPhone Hype = Malware Ripoffs

It didn't take long for first iPhone scam site\malware to surface.

Cybergangs Duke It Out On Net

Rival gangs expend time on eachother, which could be good for us.

Matrix Needs An Adjustment Perhaps?

Net traffic has spiked in some parts of the world with no exact cause pinned down as yet.

Sunday, June 24, 2007

Brief Vacation

I'll be taking a few days off to hit Disneyland with the family, so this blog won't be updated until I return

Wednesday, June 20, 2007

WinPatrol A Virus!??

Some false\positives from some Kaspersky and a couple of others, claiming WinPatrol is a nasty. Corrected for the most part. Read & Discuss Here

Tuesday, June 19, 2007

Thursday, June 14, 2007

Malware Costs Down, Profits Up

As malware scumbags fine tune their targeting, the over all costs to end users go down, while their profits go up. Read & Discuss Here

What is 'meocentrism'?

This is a new term for online advertising. It was made up by some guy. Maybe not specifically for the adware business, but it certainly sounds much better than the one word that strikes fear into the hearts of users globally.....adware!

And who is behind this push for the new terminology? It appears to be WhenU, but I'm unsure at this time. It would seem fit a theme WhenU CEO Bill Day touted last year when he said "Adware as a term will die in twelve months". Sounds like they have begun down that path with this association. Read More & Discuss

Zone Alarm For Vista

CheckPoint Software Technologies, parent company behind Zone Alarm products announces availability for Vista compatible products. Official launch June 14. Read More Here

Tuesday, June 12, 2007

MS Updates, Julie Amero, YouTube Worm, HijackThis!

This months Windows updates are out, be sure to check them out. Four critical ones, one important and one moderate.

Malware researchers have banded together to help prevent a fiasco such as the Julie Amero case from ever happening again. It has some very prestigious malware researchers involved, its called the Julie Group

And a new worm uses a video from YouTube to infect users. While they watch the vid, malware downloads a trojan to steal your info. I'm surprised there has not been more of this, read on.

Finally I have HijackThis! analysis available and it's fast too. No days of waiting to get assistance to remove malware. So if you have any unwanted software on your machine, join the forum and drop a log into Countermeasures: Extraction Help forum.

Sunday, June 10, 2007

New Rogues: ContraVirus & SpyCrush

Two new rogues have hit the scene, ContraVirus and SpyCrush. Each is targeted by special removal tools already. Read More Here

As usual, if you're infected with either of these or any other SmithFraud\Zlob variants, be sure to have us look at a log in our Countermeasures: Extraction Forum.

Friday, June 08, 2007

Ad-Aware 2007 Released...But Troubled

Lavasoft released their new version of Ad-Aware yesterday, Ad-AWare 2007, after much beta testing. Well, I guess it wasn't quite enough. Several users have complained about glitches, system crashes and Vista incompatibility too.

Read & Discuss In Our Forum

Malware Launch Points

F-Secure security firm researches the most popular launch points for malware. Nicely done with detailed analysis and screen shots. Read & Discuss Here

Cexx Forums Back Online

Cexx forums was returned to service shortly after me posting my previous entry about it. Sorry for my delay in reporting that here.

Wednesday, June 06, 2007

Cexx Forums Offline

Well it looks as tho the recent story about Dreamhosts being hacked has affected Cexx forums in that when you go there as of this writing, you get a blank page. The admin is well aware and is working to restore status as quickly as possible. Keep an eye on this blog for its return to service.

Tuesday, June 05, 2007

Zango vs. Spyware Doctor...Who Won?

Zango recently filed a lawsuit against Spyware Doctor. Just earlier today, Zango was denied a TRO. They then claimed that because Spyware Doctor changed its detection of Zango that they were victorious by forcing their hand.
Read & Discuss Here

Monday, June 04, 2007

Site Advisor: State Of Search Engine Saftey

McAfee SiteAdvisor team posts up a state search engine safety write up. This follows previous write ups and of course it's never very good news. Another reason for users to use things like SiteAdvisor or other related browser
protection devices.
Read & Discuss Here

Friday, June 01, 2007

Good Reading In Our Forums

The spam and phishing forum has been very busy this week. Friday brings no end. A bit on the major spammer arrested and why it won't impact your inbox.

And then a look into what the future of spamming techniques holds

Then we have a bit of a technical read about the effectiveness of anti virus software

Lastly there is a new MSN IM worm spreading

Enjoy and don't forget to let us know what you think.

Wednesday, May 30, 2007

IM Threats Increase Dramitically

IM threats increase over 70% since last year, averaging a new threat every day. Read & Discuss Here

Two Good Reads: Google Security Efforts & Firewall Testing

Google has recently rolled out a security blog and released a technical paper and now the just bought out an anti-malware company as well. And one of their employees wrote a cool app for webmasters to check and see if their sites have
malicious code.
Read & Discuss Here

And I stumbled upon a neat write up showing a bunch of firewall testing tools to see how secure you really are. Read & Discuss Here

Digg links for both on respective page.

URL Phishing Flood & New Image Spams

Read about the latest image spam technique and about how phishers try to flood phishing filters with a huge jump in URLs since last month in the forum. Read & Discuss Here

Sunday, May 27, 2007

InfoStealer Trojan Injects Code To Fool Users

Users who routinely adhere to good security behavior and type in urls to their banks as opposed to following links can be duped into giving their info anyway. It seems as tho the creators of this malware have injected to to add fields for additional info. They never cease to amaze me in their abilities to circumvent almost any sort of barrier put up. The good folks at Symantec provide anlysis. Read & Discuss Here

Saturday, May 26, 2007

Interesting Entries In The Forum

Read about the man who owns the Internet, its pretty interesting.

Then there is the big deal about Dell & Google, they are making money installing some 'extra' software.

Speaking of Dell, you will soon be able to buy them at Walmart.

And a lemon law for computers?

Finally for some laughs watch some funny techy videos.

Don't forget to take the time to comment on what you see, I'm always interested in seeing what people like and don't like.