Wednesday, November 28, 2007

RBN Directly Behind Google Search Poisoning

Well as no surprise, the RBN was behind the recent Google search poisoning. Lots of good detailed analysis will keep RBN moving, and that's never good if you're a criminal. Too much time spent on evading the authorities will cause
mistakes.
Read On...

CAPTCHA For $$

Defeating CAPTCHA encoded websites is one malware scumbags biggest problems.

But they have ways of doing, including service that use the human element. Likely some third world country paying absurdly small amounts of money. More Here

Gromozon Gang Turns To Rogues & Social engineering

Looks like the boys behind Gromozon malware have turned to social engineering and rogues to pull in unknowing users. Read All About It!!....

Fake YouTube Links, New Spam Gang?

Well in the phishing and spam forum we have two new items. The first deals with some spam containing fake YouTube links that -GASP!-...re-direct to malware! OMG! Whoda thunk they could do that? Hehe.

Next we have what looks to be some gang trying to reach Storm worm gang notoriety. Using celebs names as bait, they of course get suckers to install their trojans by duping them into opening emails. Uh-Huh...When will people get a clue? Have you been suckered in?

Corrupted Google Searches = Malware

I for one trust Google to provide fairly safe search results. But in this day and age of malware scumbags looking at every vector to infect, they've combined two tactics, a type of 'seeding' of key search words and drive-by downloads.

While doing a search for my son I stumbled upon some odd search results which led to something that has gotten huge and is making alot of news on main media sites. I call it Google Poisoning.

Tuesday, November 27, 2007

More IFRAME Exploited Sites Found

Researchers are finding more malicious hacking of well visited popular sites using IFRAME exploits to take them over. And as usual, these exploits can be traced back to......give ya 2 guesses.

FTC: 8 Mil ID Theft Victims

From the FTC, over 8 million people victims of ID theft. In at least half of the instances less than $500 was pilfered. In 10% of the incidents over $6000 was taken. Read More Here.....

Hotmail & eBay Phish, New Online Bak Threat

This morning PG alerts us to a Hotmail & eBay phish that didn't quite work as well as it could have, but it got at least one poor soul. Be sure to check out the image of the obvious mistake.

And then F-Secure notes that there is a new threat to online banking. They call it 'Man in the browser'. Read on for details on both....

Pr0n Ring Busted, EBook & Equifax Scam?

Couple of interesting reads in our General Software\Internet forums today, first up we have a Mom who helps police in Spain bust a kiddie pr0n ring after she stumbles upon some images. Resulting in 13 arrests. Always a good thing to rid the Net of low life, sick scumbags such as these pedophiles.

Then we have an instance of a blogger who made an innocent post about a charge to his credit card from a company he'd never heard of. Suddenly the post takes on a life of its own as others also complain of the same thing. The link appears to be Equifax. Investigations are of course ongoing.

Offer your opinons here....

Monday, November 26, 2007

MS Learning From WGA Fiascos, To What End?

Based on the last summers fiasco with WGA, MS claims it's learning from those mistakes. Some people would suggest to simply dump it. What do you think?

Windows Bug Found, All OSes Affected

udjitjvqMS has been alerted to a serious bug in all Windows operating systems which could allow malicious code to execute, especially not in the US.Herrre We Go Again......

Tuesday, November 20, 2007

New Spam Campaign w\.scr Files

Two top anti spam companies find new campaign spreading trojan using a .scr file. Y-A-W-N....spam, What, me worry? Nope

WinPatrol 'Top 9 Windows Utilities'

Hot on the heels of WinPatrol's birthday, comes an award as one of 'Top Windows Utilities' by a popular online website. It's almost as if everyone has begun to find out what I've always thought, Scotty is just one of the best pieces of software you can have on your PV. Don't you think so?

3 Good Reads Today

We've got 3 new stories which I think are good reading for all.

First we have RBN involved with a Monster.com hack. The site pages affected have been pulled but those guys get into everything.

Secondly, with holidays around the corner you can bet malware scumbags are spooling up email spam attacks to try and trick users with social engineering tactics. Watch your inbox for those amazing deals which seem to good to be true, because they are.

And lastly, in an effort to curb the malware guys researchers suggest trying to hit them where it hurts, the pocket. Too bad they can't all agree on how to do just that. Then there's the problem of prosecution. The scumbags hide out in countries that don't exactly have any real effectual policy on Net crime.

Read more and add your thoughts.....

Monday, November 19, 2007

Huge China Based Phish Attack On MySpace

Looks like MySpace has fallen victim to a huge China based phish campaign. All domains involved end at that TLD, .cn. I'm sure the MySpace IT staff is on the job tho, all 1-2 of them. Unless it's holiday season. Or after 5PM. Phishing For
IDs @ MySpace

Spell Carefully When You Search

This isn't exactly new information here. Many of you know this, misspell a search, and you can land on some malware site. But for those who don't know.... Get educated some

By 2010, Net Too Clogged

Researchers predict by then we won't be able to use the Net. Too many viral sites, online purchases and search engines will be the end of the Net as we know it. Yeah, yeah sure sure, talk about FUD. The Sky Is Falling....NOT

More Rogue Banner Ads

Yes, this is becoming a more popular trend these days. Seems like every week we find another site with rogue banner ads. Follow The Latest Banner Ad Problem

Sunday, November 18, 2007

New MSN IM Trojan On The Loose

eSafe security researchers have discovered a new MSN trojan spreading thru the Net. It's controlled via an IRC channel. More Here....

Happy Birthday WinPatrol!!

Scotty is 10 years old tomorrow. For ten years BillP has been offering this freeware product which has helped countless Net users regain some control of their machines.

As the Net has become ever more dangerous, Bill has added many security related tools to keep that control. And never has a cooler more concerned guy for the Joe Net user. And it's been free for the basic program, which for each upgrade still includes some neat stuff.

So everyone help Bill blow out the candles and wish for WinPatrol's continued stride to becoming one of the Nets most popular 'must haves' on any system.

HAPPY BIRTHDAY Scotty & Bill! Celebrate here.....

Friday, November 16, 2007

McAfee: Doom & Gloom, or FUD?

The researchers at McAfee are predicting more complex and intelligent bots, as well as attacks of gaming sites and more concentrated effort to breaking Vista in 2008. More here....

Economy Of Malware Tools

Back in October a security researcher had a look into the economy of proprietary tools used and sold by malware authors. It's a pretty interesting read, they really do operate as small, but illegal businesses. Tracking The Tools....

Thursday, November 15, 2007

RBN Not 'Gone' At All

Not that anyone really expected them to fold up and go home, but some further analysis into their core IPs show no changes at all. Follow The Detectives...

Zlob Boys Change Things Up

As opposed to the Storm worm gang, the asshats that push the fake codecs, which turn out to be Zlob infections have finally made a slight change. Instead of tricking users into installing a codec, they're now saying you need to update your flash player. See More here....

Wednesday, November 14, 2007

RBN Into Rogue Ad Serving Too

Well, it's not like this would surprise anyone. The RBN seem to have a hand in just about every illegal operation on the Net. Why not ad serving? There sure is alot of it going on these days. RBN Does Banner Ads....

Y-A-W-N...New Storm Tactic......

Yeah, those boy backing the Storm worm keep coming up with new ways to try and hide. Now they're using re-directs to Geocities web pages. Read on.....

Google BlogSpot:Malware Source Part 2

Yes, that's right, the BMG have recently changed things up for the worse since last time.

Now you can get, along with the latest info in the blog sphere, a Vundo\Virtumondo infection, any form of SDBot variants, RDBot backdoors and Zlob infections. Of and it goes without saying you'll also be able to get the generic annoying type of adware that comes with the previously mentioned goodies.

And I didn't have to do a thing, just land on one of the thousands and thousands splogs which are set up just to do this, spread malware. Google knows about them. Myself and one of the Blog*Stars have communicated information all about this amazing nastiness running around. All you have to do is go 'Next Blog' hunting. But I warn you not to do this unless you have a machine you don't care much about and has no data on it, because these blogs can crush the average machine to bits.

See what I got with no effort at all. And pray you don't ever run into one of these. Google BlogSpot: Great Place For Malware

Tuesday, November 13, 2007

This Weeks Storm Update

This weeks variant is a stock scam and a pop up as well. As per usual, don't open any unknown or even ever so slightly suspicious emails. If you do....well then you sure won't do it a second time now will ya? Storm Worm Update Thread

Nov. MS Updates

This months Microsoft Updates are now available. Only two, one labeled as critical, the other important. Git 'em quick!

RockPhish Spam Gang Using YouTube

Looks like this gang have picked YouTube for a campaign of spam. Naturally, if you open any unwanted emails, you deserve what you get, so pay attention!!
RockPhish Gang Spam Info

ZoneAlarm Anti-Spyware Free!

In an effort to get users protected as well as push their new ForceField virtual browser, CheckPoint software, makers of Zone Alarm security products is offering ZA Anti-Spyware for free. The virtual browser is also free. Check it out here

Monday, November 12, 2007

RBN Setup Shop In India?

Well it looks as tho after running out of China, perhaps due to the quick research of determined security researchers, the RBN boys have popped up in India.

As per usual, screen caps and direct code snippets supply all the info you need to draw your own conclusions. Lets hope India does not become a haven for malware as it has for outsourcing. Follow the bouncing gang....

Sunday, November 11, 2007

MySpace Bands Hacked

If you've got a band on MySpace or have a fav band bookmarked, you're goint to want to read this and learn about this hack. Seems tons of band profiles have been hacked pretty good, and MySpace does not appear to have a handle on it yet.

MySpace Band Hacks Galore

Saturday, November 10, 2007

RBN Moves Off Radar?

The Russian Business Network set up shop in China on approximately Nov. 8. As of late Friday, they have disappeared off the radar.

Could the RBN gang be diversifying their network? Perhaps the publicity has them breaking things up to try and subvert quick attention? Read what the experts think.....

Friday, November 09, 2007

Email Poll In forum

Well I have a new poll in the forum. It's an inquiry into how often you check your email through out the day. Why don't you check it out and vote

Thursday, November 08, 2007

RBN: Whack-A-Mole

Well the boys over at RBN have started what amounts to a shell game of sorts. They have begun to use a different IP than they had previously. This is not anything new or unexpected.

They've been doing this since 2004. What's new is that they are now monitored by a lot of people. People who are just as motivated to exposing them as they are to ripping people off. They keep moving, the security community keeps whacking them down. Watch the shell game

Rogues List Update Info

Well after a long time off I'm back to updating the RogueRemover rogues thread. Far too many for me to list as it's been 10 weeks. See More Here.

Wednesday, November 07, 2007

IEDefender Rogue Devs Try Defending Actions

These rogue developers tried to defend their unethical lowly existence to several seasoned security experts. It was a slaughter. Read On!

Russian Business Network Offline?

UPDATE 12PM MST:

Brian Krebs of Security Fix @ the Washinton Post says it's possible RBN may relocate servers to China.

Well at Trend Labs is reporting that IPs related to RBN are no longer resolving. This could be one of two things, either they have been shut down, or they are re-configuring.

Wanna guess where I'm putting my money? Wait...there's more!!

Sorry, I ain't been posting much

Sorry it's been so long since my last blog. Had a case of the 'blahs' and could not get motivated.

Here is a round up of the last couple of weeks and I promise to blog more regularly.

Child porn websites 'worsening'
Sophos: Top spam-relaying countries - US leads the way
Magazine Sites Serving Malware
Corporate malware on the rise
Bots Rise in the Enterprise
Internet Researchers Discover New Hacking Service Site
FTC: Let us fine spyware operations, already!
New WinPatrol Features: Windows Update & Browser Alerts
Botnet on Demand Service
Storm Worm Updates [Oct 30]
MessageLabs Intelligence Report for October 2007
Whois studies approved, privacy deferred
AOL to let users block targeted Web ads???
Police dismantle global child porn network
Hijacking Flash banner advertisements again...
Do Search Engines Need To Be Regulated?
NOW, A WAY TO STOP ID THEFT
Russian Business Network: Cyber Criminal Haven