The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
Virus Trigger is a new rogue security product and a near clone of VirusResponse Lab 2009.
Virus Trigger Home page
74.50.110.184 Systemtrigger. com
74.50.110.184 Virtrigger. com
74.50.110.184 Virtriggersupport. com
74.50.110.184 Virus-trigger. com
74.50.110.184 Virus-triggers. com
74.50.110.184 Virustrigger2009. com
Bharath M N
Great blog post by Didier Stevens, who spent some times “looking over the shoulder” of a malware author (by analyzing a malicious PDF and seeing the incremental updates made).
Link here.
Alex Eckelberry
A new method of spamming is being used by the typical Viagra/Levitra/Cialis crew.
First, you get an email like this inviting you to join a Yahoo group:
Cute. This is a form of reputation hijacking, where a completely legitimate service (Yahoo Groups) gets right through all spam filters.
Clicking “Join this group!” gets you to the standard Yahoo Groups page. Except it’s got an ad for spammed prescription meds.
Of course, the purpose is not to get you to join any group (or as a phishing attempt, as some might think). It’s simply a ruse to display an ad for spammed prescription drugs.
If you join, of course, you’ve just given a nice free gift as well — your email address to a Yahoo Group run by spammers.
Here’s the HTML code they’re using (for fun, see if you can spot the mistake they made).
Reputation hijacking is a big part of the future of malware social engineering and spamming. Expect plenty more of the same.
Alex Eckelberry
Zlob Trojan Distributing site:
92.241.191.31 Cmplcoupler. com
Scam Internet Security Page:
84.16.228.142 Startedwebsite. com
404ErrorpageScam:
84.16.228.143 404dnswebsite. com
Security Guide Scam Page:
84.16.228.142 Linksyoulike. com
Ad-Server-Gate Pages:
84.16.228.143 Ygvtf. com
84.16.228.142 Mjuie. com
Protection Center Scam Page:
89.149.208.44 Websafenotice. com
Scam Security Toolbar site:
89.149.208.44 Baryouneed. com
IE AntiSpywareStore site:
208.72.168.94 Tryoutietool. com
Please stay clear of these sites.
Bharath M N
Following on F-Secure’s blog entry today, we’re certainly seeing a fair number of these. Subject lines include:
Obama’s Win Reshapes the Race
USA Election 2008 Results
Election Center 2008 – Election Results
Election 2008: Time lapse of U.S. counties
The new President’s cabinet?
Obama win preferred in world poll
Can Obama win popular vote but lose election?
And I’m sure more to come.
Be careful, alert your users, this thing is tricky..
Alex Eckelberry
Our contest winners for this year’s Halloween:
1st place went to Kara Kritzer in marketing:
2nd place went to Kendra Wallace (marketing) and Alanna Rubin (accounting) as dead dolls:
3rd place went Matthew Pratser (tech support) as the purple hippopotamus:
4th place was tied – Amanda Dunphy (accounting) as a vampire and Eric Hanna (tech support) as Fatman not Batman.
Well done to the winners.
Alex Eckelberry
We’ve updated VIPRE with a new hotfix. There’s a bunch of nifty little features and fixes we’ve added.
There’s a new agent for VIPRE Enterprise as well that mirror many of the new features in the consumer version.
The changelog for this update is here.
Alex Eckelberry
If you write about malware, how many times a day do see something like this?
There’s absolutely no sound grammatical reason to consider the word “trojan”, in the context of malware, a proper noun.
This capitalization came from the original long-form, Trojan horse, which become shortened to “trojan”.
Spell checkers aren’t wrong to recommend capitalizing the word, since it very well could be a reference to a citizen of Troy (a Trojan), the Trojan horse, or even the USC Trojans. But I see no technical reason to capitalize the word itself in the context of malware, since it’s clearly a common noun.
One would capitalize Trojan when using the compound “Trojan horse” in the context of malware, given that this is the use of the original proper noun in an analogous context.
If you agree or think otherwise, comment!
Alex Eckelberry
Sunbelt runs a number of communities, and a very high traffic one is the NTSysAdmin list.
Recently, I asked how the recession is affecting buying decisions and got some interesting feedback. You can read the responses here.
Short story: It’s a mixed bag.
Alex Eckelberry
Well, this is really frustrating. As DNW says it:
Domain registrar EstDomains might remain an accredited domain registrar after all.
Yesterday Domain Name Wire reported that EstDomains received a notice of termination from Internet Corporation For Assigned Names and Numbers (ICANN). ICANN cited the conviction of EstDomains’ president Vladimir Tsastsin for credit card fraud, money laundering and document forgery in February as the reason for the termination.
The company claims that Tsastsin resigned his position back in June, so the reasoning for ICANN’s termination is invalid. ICANN has issued a stay while it considers the matter. EstDomains will retain its accredited status during review.
More here.
You can see Estdomains’ request to ICANN here.
Alex Eckelberry
IMHO, TrueBlood is one of the best shows on cable, and we have a small but growing fanatic following of the show here.
Sunbelters Kara, Kendra and Alanna keep a blog up on the show. You can subscribe to it at http://trublood.blogspot.com/
Alex Eckelberry
A tragic story: Jessica (“Jess”) Kalish, an executive at IS3 (makers of the Stopzilla antispyware program) was found brutally murdered last Thursday. Police now allege that Carol Anne Burger, a Huffington Post writer from whom Jess was working through a divorce, killed her by stabbing her multiple times with a screwdriver (Burger has since committed suicide).
I first got to know Jess last December, when I blogged about the StopZilla toolbar’s use of Ask in its search results. She was a gracious, friendly, likeable person with a good sense of humor (and, endearingly, an appreciation of The Bard). Later, I met her in person in DC at the Antispyware Coalition meeting. Her equanimity and affable demeanor clearly brought value to her organization.
All of us here at Sunbelt extend our heartfelt condolences to her family and friends during this difficult and very sad time. I’m sure she will be missed by many.
Alex Eckelberry
Win Defender 2009 is a clone of Total Secure 2009 rogue security application. This rogue belongs to IEDefender family.
Win Defender 2009 Home page
200.63.45.55 Windefender-2009. com
200.63.45.55 Windefender2009. com
Bharath M N
It’s the hip thing to do in tech these days: Extoll the benefits of a candidate on your blog.
Well, I steer clear of politics on this blog.
Except, there is one little thing: I live in Florida…
So, I’m going to play it safe and vote for both candidates!
See? Simple!
On another note, my father, God rest his soul, told me back in the 2004 election that what one of the parties needed was a jingle.
At the time, I thought it was rather quaint. But having seen the incessant negative ads on both sides, I think of a kinder, gentler time — when all that really was required was a good jingle. So take some time this evening to take a look at a different time in our history of campaigns, at the LivingRoomCandidate.org.
See you on Tuesday.
Alex Eckelberry
You may receive a Bebo PM with something like this:
OMG TELL ME ITS NOT TRUE ABOUT YOU!
HEY DID YOU SEE WHAT THEY WROTE ABOUT YOU IN THEIR BLOG? LOL! TELL ME IT’S NOT TRUE. TAKE A LOOK AT AMYSBEBOBLOG. COM
Well, going to Amysbeboblog. com actually redirects to a Bebo phishing site.
Notice the domain, “beboq”.
Alex Eckelberry
(Credit to Johannes Betz for the tip)
This is really good news. Mikko Hyppönen has a good writeup at the F-Secure blog.
Alex Eckelberry
I’m sure you’ve heard of Azure, Microsoft’s new cloud initiative. Marcio Castilho and Alin Irimie, two senior developers here, have been following it closely and started a blog on the technology, azurejournal.com.
If you’re a developer interested in this subject, feel free to add his blog to your feed.
Alex Eckelberry
A video made by a Canadian Mac reseller.
I don’t know really what else to say.
Alex Eckelberry
(Thanks, Michael)
