The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
Now that is something really funny:
A plugin for google mail that prevents you from sending emails completely drunken!
No, it’s not a joke it really exists here: click
Sometimes people have really strange ideas… This time it was even funny and entertaining. The plugin activates itself during weekends, so not much of use for me since my beer evening is usually monday evening. Oh wait, you can even configure that? Downloading it right now!
Signing off (completely sober!)
Michael St. Neitzel
I was privileged and honored last week to give an address to Virus Bulletin delegates at the Virus Bulletin 2008 conference in Ottawa, Canada.
I’ve posted it here, so if you’re masochistic enough to watch me bloviate for 40 minutes on the state of the industry, feel free to watch the show (I apologize for the poor audio quality).
(Clicking will launch a new window; expect a small delay.)
Podcast version here (mp3). A copy of the Powerpoint is here (pdf). The survey data (including the raw Perseus files) is here. Feel free to contact me directly with any follow-up questions or if you want the financial data I used in my analysis.
Alex Eckelberry
Zlob Trojan Distributing site:
91.203.92.11 Vmpupdate. com
Once the Trojan is installed it further downloads and installs VirusResponse Lab 2009 rogue security product.
66.232.113.62 Virus-labs2009. com
66.232.113.62 Virus-response. com
66.232.113.62 Virusresplab. com
66.232.113.62 Virusresponse2009. com
Scam Internet Security Page:
91.203.92.11 Homepageroze. com
404ErrorpageScam:
91.203.92.12 Dnserrorz.com
Security Guide Scam Page:
91.203.92.11 Linkondezktop. com
Ad-Server-Gate Pages:
91.203.92.12 Fghin. com
91.203.92.11 Pbkjh. com
Protection Center Scam Page:
91.203.92.12 Asecurevillage. com
Scam Security Toolbar site:
91.203.92.12 Toolbarfornew. com
IE AntiSpywareStore site:
208.72.168.92 Iexplorerfile. com
Please stay clear of all these sites.
Bharath M N
After weeks of drama, it appears that Intercage is down for the count.
Gadi Evron has a post, here.
One down. A few more to go…
Alex Eckelberry
I got back last night from the Virus Bulletin 2008 conference in Ottowa, Canada. This event followed on one I attended the previous week, where I spoke on a panel at MAAWG in Ft. Lauderdale. I’m ready to stay home for a while…
A lot of happened there, but I’ll be picking up some bits and pieces in upcoming blog posts.
For the time being, however, I have a video made by Graham Cluley and Carole Theriault at Sophos. And Sunbelt’s Micheal St. Neitzel has some pics on Flickr, here.
You can watch the video here if the above embedded video doesn’t display. I’m the one who can’t make up his mind about the lipstick…
Alex Eckelberry
Rogue Mania brought to you by Innovagest 2000.
eAntivirusPro is a new clone of Antivirus XP 2008 rogue security product.
Sites used:
218.106.90.227 eantivirus-payment. com
218.106.90.227 e-antiviruspro. com
A typical FakeScare scanner page used by this group.
AntiMalware 2009 is yet another clone of Antivirus XP 2008 rogue security product.
A typical FakeScare scanner page used by this group.
ekerberos is another rogue security product from Innovagest 2000.
ekerberos is a renamed clone of short lived ikerberos rogue security product.
218.106.90.227 ekerberos. com
Bharath M N
Installing a fake codec from upgrade-your-software com gets you all kinds of ugly stuff, including the error screen above (which pushes Innovative Marketing’s PersonalAntiSpy rogue security product).
Patrick Jordan
This is something making the rounds right now. A trojan downloader which infects a system with rogue security product Antivirus XP.
Alex Eckelberry
A lengthy, but very interesting write-up on trustmarks (BBB Online, Trust Guard, TRUSTe, etc.).
The most important test for privacy protection in the trustmarks environment is the underlying standards or requirements that are applied by each scheme. Perhaps expectations here should be realistic – what standard should a consumer expect in a market where a business can buy a legitimate looking privacy seal for $15.99 a year?
Indeed, the privacy standards are appallingly low for trustmarks. Attempts to impose higher standards (during the early stages of trustmark development) appeared to fail on commercial grounds. For example, TRUSTe originally had three privacy seals, indicating whether the collection and disclosure of personal information occurred using a colour scheme.
and
The most significant criticism of trustmarks is that in practice they have proved to be virtually worthless in the face of major privacy breaches. Their privacy standards are low to begin with, but even these rules are simply not enforced against large, paying members.
Or, you can just skip to the conclusion.
Alex Eckelberry
(Thanks, Ben)
This is particularly nasty spam pushing a fake codec trojan:
If you go to that link, you get to a very convincing site pushing a fake codec. That CNNWorld was created yesterday, hosted in Iran.
Alex Eckelberry
A new batch of Security Scam Hijacker sites, Thanks to Patrick Jordan for the information.
Zlob Trojan Distributing site:
77.91.231.183 Wmpware. com
77.91.231.201 Newwmpupdate. com
Scam Internet Security Page:
91.203.92.12 Homesecuresite. com
404ErrorpageScam:
91.203.92.11 Dnserrorview. com
Security Guide Scam Page:
91.203.92.12 Screenlinkz. com
Ad-Server-Gate Pages:
91.203.92.12 Yrhfn. com
91.203.92.11 Ungds. com
Protection Center Scam Page:
91.203.92.11 Secureharley. com
Scam Security Toolbar site:
91.203.92.11 Ienewbar. com
IE AntiSpywareStore site:
92.62.101.84 Qwertypages. com
Please stay clear of these sites.
Bharath M N
Thanks to Patrick Jordan for the information.
PersonalAntiSpy Free is a new rogue security product brought to you by Innovative Marketing
PersonalAntiSpy Home Page
93.190.139.197 Personalantispy. com
Typical fake/Scare scan page
Once the rogue is installed it annoys with a series of fake alert notification.
Bharath M N
The endless supply of Zlob Trojan parades the internet once again with their new scam sites.
Zlob Trojan Distributing site:
77.91.231.201 Movsdlls. com
77.91.231.183 Mediamswares. com
Scam Internet Security Page:
91.203.92.11 Asafetysite. com
404ErrorpageScam:
91.203.92.12 Errordnsurl. com
Security Guide Scam Page:
91.203.92.11 Linksondesktop. com
Ad-Server-Gate Pages:
91.203.92.11 Gfbwd. com
91.203.92.11 Ogjtu.com
Security Center Scam Page:
91.203.92.12 Waysofsecurity. com
Scam Security Toolbar site:
91.203.92.12 Toolbarunit. com
IE AntiSpywareStore site:
92.62.101.83 Ieprogramming. com
As we always say please stay clear of these sites.
Bharath M N
Platrium, Zango’s new adware, has been “provisionally certified” by TRUSTe.
Alex Eckelberry
(Thanks, Ben)
If you’re trying to get a grasp as to what the heck happened over the past few days in the financial markets, probably the best explanation is on the Freakonomics blog. Well worth reading.
As an economist, I am supposed to have something intelligent to say about the current financial crisis. To be honest, however, I haven’t got the foggiest idea what this all means. So I did what I always do when something related to banking arises: I knocked on the doors of my colleagues Doug Diamond and Anil Kashyap, and asked them for the answers. What they told me was so interesting and insightful that I begged them to write their explanations down for a broader audience. They were kind enough to take the time to do so. In what follows, they discuss what has happened in the financial sector in the last few days, why it happened, and what it means for everyday people.
Link here (via Jeff Nolan).
Alex Eckelberry
Thanks to Patrick Jordan for the information.
Zlob Trojan Distributing site:
77.91.231.201 Movsdevices. com
77.91.231.183 Wmptools. com
Scam Internet Security Page:
91.203.92.12 Homesiteurls. com
404ErrorpageScam:
91.203.92.11 Urlsofdnserrors. com
Security Guide Scam Page:
91.203.92.11 Fastshortcuts. com
Ad-Server-Gate Pages:
91.203.92.12 Xbstw. com
91.203.92.12 Eufnt. com
Security Center Scam Page:
91.203.92.11 Protectnotice. com
Scam Security Toolbar site:
91.203.92.11 Securealertbar. com
IE AntiSpywareStore site:
92.62.101.84 Ierenewals. com
Other sites used in this scam
Antivirus 2009 Fake/Scanner page:
84.16.252.138 Vassariumpromo. com
Please stay clear of these sites.
Bharath M N
All that craziness that the world was going to end turned out for naught. But it was fun while it lasted.
Incidentally, there’s a great webcam of the LHC here. Worth watching for a a minute or two — fascinating to watch the scientists at work.
Alex
So… what kind of domains are on Intercage?
Gary Warner wanted to find out and has now posted the Mother of all Lists of (almost) all Intercage domains.
From Gary: “The domains listed … all came from the sites above, but it is not an entirely complete result. My tool would only allow 2,000 domains per IP, and there were two IPs that exceeded that limit. 69.50.188.3 had 3,978 domains listed, and 69.50.160.211 had more than 10,000 domains listed. Both of those result sets were truncated as a result.” (More explanation here).
At any rate, the list, sans those two IPs, is here (txt).
Nice work, Gary. A very useful list indeed.
Alex Eckelberry
Wow. Just… wow.
EstDomains, Inc: Global Struggle Against Malware Distribution
EstDomains, Inc, a US-based domain name Registrar, officially declares opposition to malware mongers in order to protect Internet users from attacks on their computers or stealing of their important data. EstDomains, Inc pays special attention to domain name holders’ private data protection and secure money transaction operations. It can be said in all modesty that EstDomains, Inc has succeed in protecting its customers from any possible occurrence of fraudulence or cracking. However, being an eminent member of interactive community, EstDomains, Inc management along with other giants of online industry continues its struggle against malicious software distribution and is giving its best to work out even more efficient solutions for detecting malware sources.
More here (thanks Ferg).
Alex Eckelberry