October 2006

winhelp2002 reported an interesting list of deactivated domains.

One item in particular caught my eye.

Zango/180Solutions (Adware.180Solutions) has quietly started deactivating some of their sites
flingstone.com | n-case.net | radiopranks.com | searchbrowser.com | searchbarcash.com

Read the full article here

Check out winhelp2002’s The HOSTS File
Hosts File FAQ

The MySpace saga continues:

Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim’s username and password to a remote server hosted in France.

Article

PCWorld Reports that the attack was shut down by MySpace around 10 a.m. Pacific this morning.
Apprantly the attacker had registered an account named login_home_index_html, therefore the MySpace page hosting the fake login appeared to be a legitimate place where users could sign onto the service.

If, as is typical with such sites, MySpace has a database of user names that are off limits why did they allow the registration of login_home_index_html ?

Beats me and just another reason MySpace is blocked in my household.

Looking for Halloween themed sites? You may end up with a nasty Trick and no Treat.

Details from Patrick Jordan, otherwise known as Webhelper.

To tighten your security against injected iframes code to the Cactus families Vxgame site & megacount.net; disable the IFrame setting in IE:

Internet Options > Security tab > Custom Level button

Scroll down to: Launching programs and files in a IFrame

Select: Disable (IE7 by default is already set to Prompt)

CIAC BULLETIN
R-024: Symantec Device Driver Elevation of Privilege
[SYM06-022]

PROBLEM: There is a vulnerability in a device driver which, if successfully exploited, could allow a local attacker to execute arbitrary code with elevated privileges or to crash the system.
PLATFORM: Symantec AntiVirus Corporate Edition 9.0.3 and earlier
Symantec Client Security 2.0.3 and earlier
DAMAGE: A successful exploit could potentially allow a local attacker to execute code of their choice with elevated privileges, or to crash the system.
SOLUTION: Apply current patches.

LINKS:
CIAC: BULLETIN
Symantec: SYM06-022
CVE:CVE-2006-3455

Today we released Internet Explorer 7 for Windows XP. I encourage everyone to download the final version from http://www.microsoft.com/ie

IEBlog

IE7 Installation and Anti-Malware Applications

A few people have asked why we recommend temporarily disabling anti-virus or anti-spyware applications (which I’ll refer to together as anti-malware) prior to installing IE7, so here’s a little insight to the situation.

Article

Internet Explorer7 support page

Warning: FAKE IE7 SITE
The Register
“Trojan download site spoofs IE7 release outlet”

Hackers have created a bogus Internet Explorer 7 download site that attempts to load Trojan code onto the PCs of visiting surfers.

Traffic to the malicious website is being driven by a spoofed email message, claiming to be from support@microsoft.com, offering a link to download Release Candidate 1 (RC1) of Microsoft Internet Explorer 7.

Suzi Turner interviewed Ben Edelman who has posted a new article where he presents and critiques the current installation and operation practices of certain toolbars provided by InterActiveCorp/Ask.

Both writeups make for an interesting and informative read; Ben Edelman’s article has screenshots as well as a video made on October 15, 2006 showing a non-consensual installation of the Ask toolbar.

Suzi Turner’s Article

{ 0 comments }

Thousands of emails have been sent out by fraudsters spoofing MySpace.

The message in the email states, “You’ve got a new song from (name) on MySpace!”, inviting recipients to click on an url that directs to a site claiming to sell MP3 music.

This is a scam to collect credit card information for fraudulent use.

Advisory at Fortinet

PC Advisor
James Niccolai

One week after it added the creator of a Windows Messenger add-on to its list of MVPs (Most Valued Professionals), Microsoft has revoked the award after critics pointed out that the program is used to distribute adware.

Article here

Patchou AKA Cyril Paciullo, creator of Messenger Plus! received a Microsoft MVP Award and many are not happy about it.

Sandi Hardmeier, a current MVP, has documented the adware that “sponsors” Patchou’s product for a long time.

In an April 2006 post she recommended no one install the SPONSOR program.

Patchou has a new “distributor” for his sponsor, called “Circle Development Ltd”, but don’t be fooled into thinking that Patchou’s turned into one of the good guys… NO HOW, NO WAY!!! It’s still malware, and even worse, it pushing betrayware/rogueware… fake or disreputable antispyware applications, and advertisements that are entirely unsuitable for an underage audience (yes, I know, the MP sponsor program EULA stipulates that you must be 18 to use the program, but I have yet to see ANY underage user told he cannot install the sponsor, even at www.msgplus.net’s help forums and anyway, let’s get real here…. who’s going to want cutesy sounds and the other stuff that comes with MP? Not ‘grown up’ corporate users, that’s for sure)

Rather than repeat the story and for more links:
Vitalsecurity
Security news and information

{ 1 comment }