Monday, December 31, 2007

UPDATED: Blogger\Blogspot Malware Gang

Well I've posted this info about these blogs in several forums, even posted to StopBadware.org. Lets see how long it takes Google to remove these, even if they are not currently spewing malware. My documentation ought to be good enough. Updated Info......

Saturday, December 29, 2007

1-5 PCs Unpatched; Flag Malware Sites

Couple of new links in the forums today.

From security researchers in Denmark comes the stat that 1 in 5 machines are unpatched Windows OSes. This of course could lead to zombie armies that run amok across the Net giving me loads of HijackThis! log files to do. Read on about my hobby-to-be continued-for-the-foreseeable-future

And from a malware specialist who has written some great detailed analysis of RBN comes a challenge for users to ruin a malware gangs holidays

Thursday, December 27, 2007

Malware @ Blogspot Blogs......Again

After a short while of inactivity, it appears the BMG(Blogger Malware Group) are at it again. After reading another security blog, I wandered on over and was not disappointed. Every blog I hit once I saw a pattern delivered a good payload of malware, calling out to the same sites. Read about the details here...

Sunday, December 23, 2007

Merry X-Mas Storm Worm!!

The latest variant of the Storm worm is out and about. Some details can be read here in the forums and that thread is linked to more detailed analysis.

Friday, December 21, 2007

Friday Forum Roundup

Was a busy day and I didn't have time to post these as they were added to the forum so here's the round up.

A security and privacy researcher informs as to the effectiveness of crowd rating phish sites. His discovery may well shock you at how easy the system can be 'gamed'.

PG is out once again, donning his 'Godamm Batman' attire to show a script kiddie how easily they get 0wnd. Always a good read.

Anti-virus vendor AVG has subpoenaed major software and Internet companies to gain counterfeiters info and none of these companies have complied.

And some guys got busted over on MySpace for mass spamming so you know it won't be a very good X-Mas for those guys...I know a tear welled up in my eye too....NOT!!

Then the good folks at eWeek share with us a researchers reverse engineering of malware that showed how very complex and professional it is in it's distribution.

Finally we have some launch dates for F-1 cars in '08 and the hpHosts competition comes to an end.

Thursday, December 20, 2007

Sears.com Installs Spyware & Proxy!

Wow...this sounds really bad. A researcher from CA, formerly PestPatrol joined a community for Sears.com and got something he didn't bargain for....spyware! A proxy was installed and tracked and sent information to a
third party marketing company!
Read on for frightening details.

Teens Cherish Privacy

As more teens blog, IM and create pages on social networks, it has begun to look as tho they cherish their personal info. Most are very selective with whom they share that info with. That can only be a good thing

Kaspersky Update Cripples Boxes

It would seem the latest update from Kaspersky to their anti-virus has caused a few systems to crash, and it's the second time this week. See what happens to systems....

New Version: AVG Anti-Virus Free Edition

The good folks at AVG Grisoft have just updated the free version of their popular free anti-virus program. Details & download link

RBN Business End Examined

Our favorite RBN blog has a look into the business end of getting paid thru rogue installs of the gang most reportedly responsible for all the malware on the Net. Very well detailed with graphics and links.

Wednesday, December 19, 2007

Google Ad Accounts Hijacked

Another problem related to Google ad accounts. It seems they are being hijacked to rogue servers and of course offering users the usual...malware.

Google is aware of the problem and working to eliminate as many of these accounts as possible.

Google Orkut Worm Spreading

Those of you who use the Google Orkut social networking site need to read about the worm spreading which infects you just by viewing it! 400,000 already infected.

Tuesday, December 18, 2007

Tuesday Forum Threads

Tuesday was a busy day in the forums. And I didn't get a chance to post 'as it happened' what with X-Mas stuff to get done still.

Direct Revenue is back in the news, with Dutch firms being fined for unauthorized installs. Who knew? Too bad the gang in the states didn't get what they deserved.

The Zone alarm\Ask.com toolbar thread links to some very interesting ommentary, mostly against, where there is always one guy who see the ruckus over naught. Probably one of the affiliates, they can never see the unethical side of things.

Speaking of Zone Alarm, there seem to be some problems with the latest updated version, so if you have it let us know if you're experiencing troubles.

Got Google's toolbar? Then you'll want to read this about an unpatched hole, leaving users exposed to phish attempts.

Bit Defender released its Top 10 Malware for '07 today as well. I don't suppose anything new will crop up to make the list.

Last but not least, a security researcher thinks Facebook's registration page asks for a little too much info about you and expresses concerns. To be honest, I think he has a point.

Well there you have it, lots of reading to catch up on....enjoy and don't forget to offer your thoughts. The forum only thrives when the people are heard.

Monday, December 17, 2007

Zombie to Botnet to.....?

A security researcher thinks the botnet as it's become to be known as needs to be called something else. Their reasoning is that it no longer properly describes the level of activity that it does. Got any suggestions?

Zone Alarm & Ask.com Toolbar, Money For Them, Annoyance For You

Well Zone Alarm has decided to try and make a few buck off unknowing users.

Following Webroot's lead, they've added a 'spyblocker'\toolbar. Of course the install option is already ticked for your convenience, isn't that nice of them? Ummm...no thanks ZA.

And by pre-ticking that lil box, it almost guarantees many installs, thereby leading to mucho money for ZA and of course Ask.com a well. Vent your
anger here....

Sunday, December 16, 2007

Complex Trojan Stealing Bank Info

A highly crafted trojan is stealing bank account info from certain types of accounts and doing so very quietly. It's one of those types of programs that even tho made by lowlifes, researchers are impressed by the complexity. Lets hope this trend does not take off

Friday, December 14, 2007

RBN: They Can Run, But They Can't Hide

With success comes notoriety. In most cases this is a good thing. Unless of course you're a criminal enterprise. In that case, the more exposure you get the more you increase your chances of getting caught and or having to uproot your operations. This is the challenge facing the Russian Business Network. Read more on RBN tracking

Password Recovery....Too Easy?

A researcher writes about the weakness of password recovery questions and wonders why they are not more complex and or more in number. How hard are your pw questions....?

Thursday, December 13, 2007

Root Kits On One In Five PCs

The folks over at PCWorld have a new set of stats, collected with Prevx that indicates root kits are on 20% of all machines. Read More Here.

Wednesday, December 12, 2007

Hot Phish & Spam Links, Cookie Issues & HP Laptop Security Woes

Once again, the Phish & Spam forum are taking the bustling 'n' hustling title for the day. Symantec has a new trend to speak of, fake newsletters. Anything you can think of, spammers will try. And then some.

From a respected security analysis, we get an overlook of the last year in spam. Trends new and old, site life for phishes and more.

As spam increases each year, it climbs higher as a total amount of email sent. These numbers almost can't be believed, upwards of 90% were spam in '07

Own an HP laptop? It appears some of the software involved exposes users to a risk of getting hijacked

For the last entry into the daily grind we have a couple of tools which may allow some cookie security holes to be exposed or created. There may finally be a reason to fear cookies.

Tuesday, December 11, 2007

Patch Tuesday, Dec '07

Today MS released 7 updates to Windows users. 3 critical, and 4 inportant. Be sure to get yours. Check 'em out.

Trend Micro Monthly Round Up

Well it's time for a monthly round up of what's been hot and popular with the scumbags who make malware and today Trend Micro has Novembers details

Encrypt Your MSN IM Convos

Today we have a small tool which will help keep your MSN IM conversations limited to who you want to receive them. A must have for all those 'personal' IMs we all make eh?? Not to mention it may keep the boss from knowing you're planning to sneak off to a game one afternoon. Check it out now....

Phishing & Spam News Today!!

This morning starts out with a bang in the Phishing and Spam forum, with articles from Symantec referencing credit unions and community banks being targeted, and we have the best and worst domain registrars from Brian Krebs at Security Fix.

Then at Computer World they look at the latest Web 2.0 trends which may affect DNS servers. Finally we have Avert Labs talking about recent trends in spam and phishing campaigns.

Whew....that wore me out, go check 'em out and drop a comment.

Monday, December 10, 2007

Links In The forum Dec 11

It would appear something that's been being talked about has finally come about, malware using RSS feeds to push files to users. Took them long enough, we've been hearing about the possibility for a couple of years, I've got two links related in this latest thread

A phishing campaign that's been going on for a month at least gets some updated info, and of course the home sites are in China, the new play ground for scumbags, go figure

The rogues list from Malwarebytes gets some new additions this last week or so

For a little chuck at the expense of MS, some people have come up with what may or may not be Windows error messages

Symantec Monthly Spam Report

This month Symantec catalogs the holiday spam subjects, looks at the last 12 months of wonderful inbox filling spam and mentions new email harvesting campaign by spammers. See more here...

MS Launches New Password Site

MS has decided to offer users a new way to keep track of their passwords, with a new site. I guess they figure if they make it easy enough, then users won't have so much trouble remembering longer, complex pws and make things a tick safer. Read about it here and comment

Friday, December 07, 2007

Exploits Held In Search Cache

As ever expansive as search is becoming, who would think that you could find all sorts of exploit code hiding where it could circumvent security software? Not me.....

RBN Rogue Spreading Domains

As RBN gets more exposed, so to do their inner workings. One thing that has come to light is their ever increasing amount of rogue spreading domains

Jedi Tool Dissection

Continuing on the George Lucas\StarWars connection, we have a look at the innards of a lightsabre

Dec. 6 Forum Links

It's that time of the month, MS has released Decembers Bulletin Advanced Notice, with 4 critical updates and 3 important one.

In Kaspersky's quarterly malware code analysis we get a break down of the hottest trends in malware. Always interesting stuff there.

Interested in how bots work on the Web? Then this in depth read of an IRC botnet is for you.

For those of us who are true geeks, a look into George Lucas' Skywalker Ranch sound studios will be a pretty cool quick tour.

Wednesday, December 05, 2007

Dec 5 Threads....

Looks like MS pulled out all the stops when it came to naming the next iteration of IE. Probably cost them hundreds of thousands, maybe millions in consumer testing, brand recognition and the like. ....See if it was worth it

It looks like they've found a way to make cookies a bit more of a threat. With new variants, they can circumvent some cookie control apps and anti-spyware tools. Read the crumby details here

With Vistas spiffy aero looks and improved over all display, it appears that MS decided to put a twist on the BSOD....now Vista offers a PSOD.

AV vendors have gathered to see if they can nail down testing guideline that will give users a sense of conformity. Yeah, sure....we all know how well the naming convention meeting went. More here...

Todays Links

There is a new tactic malware scum are trying out. Rather than telling users they need a codec to install, instead they say there is an error with playback to get their crap installed. Found by MS MVP WinHelp2002, Read more about it...

Researchers at F-Secure claim malware has risen 100% over the last 12 months, doubling the amount it took 20 years to get to. Pretty scary....comment here

To soften the bad PR they have gotten, MS has decided to soften their policy on pirated software and re-do the whole set up. See the details here

Come into the forums and meet our latest moderator, he's been with us since the get go....Meet Johnincal