Blog

Basically, the rogue antispy was directing the victim to a genuine Microsoft address, but was modifying the html on the fly as it came back from the real Microsoft page. It made it read that Microsoft was recommending that the victim should buy the rogue. That’s a pretty good trick that will catch a lot of folks, and it reminded us of another one that we frequently see. It works like this… The victim attempts to reach Microsoft, or receives a link like http://go.microsoft.com/?linkid=9480113 and if you go there on a normal computer, you see a page like this (click to enlarge)… ...

SafetyAntispyware is a new rogue anti-spyware application. However, the functionality follows the same pattern as other rogues. First, it will detect some fake infections. Then it will ask the user to license the product to remove these “threats”. It will also keep reminding the user about these fake infections and will urge the user to activate the software. For more information Click Here.

There were two news stories recently that seemed to coincide. In the first, Cisco issued an annual security report which said the two current targets of the Internet criminal underground are banks and social networks. Banks because, well, we all know what they keep there. Social networks are targets because that’s where weakly protected password databases are kept and the passwords they contain probably are used on a lot of other sites as well. ...

The SecurityTool rogue security product, which first turned up early in October, is still active and trying to avoid countermeasures by setting up 12-24 download sites per day. It comes in two flavors online scanner scam: and fake codec scam: For more information Click Here.

I’ve been saying this for a long time. P2P networks are have the risk of accidently getting something you really don’t want… Matthew White, of Sacramento, California, has found himself in a rather unfortunate situation; he’s been accused of downloading child pornography. On the advice of his public defender, White is pleading guilty in hopes of cutting his potential 20-year sentence down to three and a half years. After serving his time, White will have to serve 10 years of probation and register as a sex offender. ...

Email is still the most common method used for security update notifications from all major vendors, but it is also the most commonly used trigger for launching the chain of infection attacks by malware writers. When I came to work today I found in my Inbox a message from Microsoft with the Security Bulletin Advance Notification for December. I immediately clicked on one of the links to visit the yet to be published December Security Bulletin and investigate how many critical vulnerabilities will be fixed this month. ...

This is a new one: bribeware. They’ll pay you a dollar to install their product. Nice idea, but unfortunately in this case it comes bundled with malware. We detect it as C4DLMedia, a group of installers that include adware and agents that change browser home pages. It’s considered a “moderate” risk. I wonder if Microsoft considered this for VISTA. C4DL Media might have a marketing problem with the dollar bribe though. In places where a dollar is worth enough to make this worth the effort there probably isn’t any Internet connectivity.

According to the 2002 Census of the Population, 42% of the population of Ireland has the ability to speak Irish. Irish has also had official and working language status at the EU level since January 1, 2007. Recently, some examples of spam messages in Irish—the official language of the Republic of Ireland—have been observed. While the Irish translation is generally pretty good in this example, there are some anomalies between how certain phrases have been constructed. For example: ...

It has come to our attention recently that a website is giving out instructions on how to use a low tech social engineering trick to view private Facebook profiles. To view the instructions, a third-party application must be first downloaded and installed. While this application is not malware, it may impact computer performance. The instructions then describe how to view private Facebook profiles, with the result being that a Facebook user may receive a friend request from a person that is already on their friend list. ...

We recently alerted our readers to spam campaigns using the H1N1 vaccination program to prompt recipients to open the mail. And we have frequently mentioned that crooks love to take advantage of news, disasters, and other events. Now that the final draw for the FIFA World Cup in South Africa next year has taken place, it is time to remind you that sports events are no exception to the rule. I’ve already found some examples. The first is a fake lottery. In this case, the source claims the recipient has won a large sum of money from the South African Football Association. After contacting the lottery manager, the victim of the scam will be asked to pay “processing fees” or “transfer charges” so that the winnings can be distributed. Don’t expect to ever see a payment. ...