Thứ Sáu, 24 tháng 12, 2010

It's now 00:00 so officially Christmas day. Whether like me, you're working today, or are taking the day off, I hope you all have a great Christmas!

Thứ Bảy, 18 tháng 12, 2010

hpHOSTS - UPDATED December 18th, 2010The hpHOSTS Hosts file has been updated. There is now a total of 123,150 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 18/12/2010 14:00Last Verified: 17/12/2010 16:00Download hpHosts now!http://hosts-file.net/?s=Download

Thứ Năm, 16 tháng 12, 2010

They say impersonation is the sincerest form of flattery, wonder if ID theft victims believe that?I happened across a few domains a few days ago, that piqued my interest. They piqued my interest because their Google entry appeared to be a direct copy of parts of the hpHosts site. Looking further showed that actually, they'd not copied the site - they were pointing to it in their A records.

Thứ Hai, 13 tháng 12, 2010

I've been involved in take down and cleanups and whatnot for longer than I care to remember now, and along the way, there's always been one constant - the refusal of some hosts/ASNs/registrars, to do their job (i.e. enforce their AUP/ToS) and take action against abuse (and in most cases, to bother replying at all). eNom for example, who for years blatantly ignored abuse and were found to be
A well-placed Chinese security official has been given a suspended death sentence for taking bribes in exchange for his role in an antivirus software fraud scheme. Yu Bing, former director of the Internet monitoring department of Beijing’s Public Security Bureau, had his agency send out a “virus warning” telling the public to download software from the company Rising Antivirus, to combat a

Thứ Ba, 9 tháng 11, 2010

I've got an update on SurfTown coming shortly (still not cleaned their network!!), but in the meantime, a look at what was reported to me as a spammer site, using the same well known fake news site layout, is sending people to SmileyCentral when you click their links - nice to know IAC are still not trying to put a stop to this .... (though perhaps not surprising).The site, grantsguide.info is
I am happy to report, I've gotten most of the problems sorted out, so most of the resources are now back online. fSpamlist was moved to an external server owned by Josh, to minimize the downtime.References:Issues: Yet more connectivity issueshttp://hphosts.blogspot.com/2010/11/issues-yet-more-connectivity-issues.html

Chủ Nhật, 7 tháng 11, 2010

Oh joy. As if BT hadn't made things horrid to begin with, with outages sporadically over the past few weeks, it seems something has gone awry again today.Unfortunately, whilst the primary hpHosts server seems to be working, the rest are not, nor is the mail server (has a motherboard issue). I've done what I can from here, but won't actually have direct access to the servers until later this

Thứ Sáu, 5 tháng 11, 2010

Recent reports from various sources in the security industry show that a large takedown of servers associated with the “Bredolab” trojan occurred within the past few weeks. While most of the reports have focused around the idea that this infrastructure was solely related to the command and control of Bredolab, our research shows that these servers were used as an all-purpose hosting

Thứ Bảy, 30 tháng 10, 2010

Alot has been publicized regarding malicious hosts, both by myself and many others. Of course, in the cybercrime world, along with campaigns to infect you, the criminals are also fighting with each other, to out-do each other.ASs such as AlfaHost (AS50793), Ecatel (AS29073), GlobalNET (AS42560), VLineTelecom (AS39150), ALTNET-LV (AS41390), Akrino Inc (AS44571), VolgaHost (Bondarenko Dmitriy

Thứ Tư, 27 tháng 10, 2010

A while ago now, I was asked to test AnchorFree's "Hotspot Shield", to determine whether or not it did what it claimed. I've had no contact with their software or website ever since, and as such, was rather shocked this morning when an e-mail came through to an e-mail address I'd only ever used for them (was a tracked e-mail address), pointing me to a fake Adobe site.This e-mail from
I do sometimes wonder what some of the folks over at Microsoft are smoking. Sure, they're mostly obsessed with "social media" (aka social networking - YUCK!), but this does not excuse their trying to push things like this down my throat.Take Windows live Essentials 2011 for example, I'm not annoyed it's being pushed through MU (Microsoft Update), it's a Microsoft product and WLM is installed.

Thứ Hai, 25 tháng 10, 2010

hpHOSTS - UPDATED October 25th, 2010The hpHOSTS Hosts file has been updated. There is now a total of 125,886 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 25/10/2010 16:00Last Verified: 24/10/2010 18:00Download hpHosts now!http://hosts-file.net/?s=Download

Thứ Sáu, 22 tháng 10, 2010

Okay, so Surftown (or the sites actual owner), have finally cleaned the first site I reported (simple-tea.dk), but what about the rest?At the time of writing this, there are hundreds of sites on 212.97.132.0/24 (Surftown IP range), and SurfTown whilst having been notified of this by myself, and others, have yet to do anything to either suspend or cleanup the sites, let alone prevent it happening
Following the recent network downtime, I am pleased to report, it appears to have now sorted itself out.Still unsure as to the exact cause, but at least it's back and stable (lasted over 24 hours now). I'm continuing to monitor it of course - just incase (seems to be one thing after another lately, so I'm obviously skeptical).

Thứ Ba, 19 tháng 10, 2010

At around 23:00 GMT London yesterday, the internet connection to the hpHosts network went down. I spoke with the ISP and was told there were no problems at either their end, or any reported problems or expected maintenance at BT's end (though BT never told them about the work they were doing last time).The connection came back around 02:15 this morning, but problems have developed with the

Thứ Năm, 14 tháng 10, 2010

A friend alerted me, after reading my blog, to a plethora of other sites on SurfTown IP space he'd found, that were also carrying malicious code.SurfTown did get back to me after my last blog, telling me it had been cleaned up but alas - it hadn't. A quick check showed the infection was very much still there, and indeed, a quick check a second ago, shows it's still there as of 15-10-2010 03:03 (

Thứ Tư, 13 tháng 10, 2010

I've no idea when this actually happened, but it seems the IWF (Internet Watch Foundation) have re-designed their website.Quite why they've done this is a mystery. However, one thing is clear - it's no longer as simple to report anything to them if you have flash/ActiveX disabled, and don't know the direct URL to the report form (it's https://www.iwf.org.uk/report by the way).Unfortunately,

Chủ Nhật, 10 tháng 10, 2010

There's two kinds of parking pages - the annoying kind, and the less annoying kind.The annoying kinds are those such as dedicated parking servers, that shove sponsored rubbish in your face, should you go to a domain that used to exist, has just been created, or has been suspended or {insert some other reason here}.The less annoying kind, are those with a plain page, and simple text telling you

Thứ Năm, 7 tháng 10, 2010

I contact a slew of domain owners, hosts and registrars each day both via e-mail and telephone, to get domains/IPs cleaned, suspended or completely nuked. The vast majority generally go something like this;1. Contact domain owner/host/registrar2. Report what was foundIn the case of domain owners, I typically also have to give advise on what's needed as far as getting it cleaned up and secured,

Thứ Sáu, 1 tháng 10, 2010

I've just had a call from a company calling themselves GFK NOP (gfknop.com), telling me they were conducting a survey on how satisfied people are with their banks or some rubbish like that. The call came from 0207890905.Now here's the problem - I'm ex-directory and TPS - which means they shouldn't have my number. When quizzed as to where they got it, I was told they obtained it using "standard

Thứ Ba, 28 tháng 9, 2010

"Issue #41 is out, and as usual, we’ve got lots of great stuff for you. We’ve got an overview of running Windows apps on Ubuntu, a feature on running a business with Ubuntu, more interviews, how-tos, and everything else in between!This month:- Command and Conquer. - How-To : Program in Python – Part 15, Virtualize Part 4 – FreeBSD, and Run A Business With Ubuntu. - Review – TuxGuitar. - Top 5 –

Chủ Nhật, 26 tháng 9, 2010

The new router sorted the problem out, so all sites are now functioning properly again. My apologies for the disruption folks.References:http://hphosts.blogspot.com/2010/09/hphosts-network-issue.html

Thứ Bảy, 25 tháng 9, 2010

An issue has been identified that's causing extreme slow connections to the hpHosts network, affecting;hosts-file.netforum.hosts-file.netverify.hosts-file.net*.mysteryfcm.co.ukfspamlist.comforum.abelhadigital.comAmongst others. I've ruled out the majority of the internal hardware, and suspect an external issue (will be speaking to the ISP once I've ruled out the rest of the hardware).Apologies

Thứ Năm, 23 tháng 9, 2010

There's a new release of the SBST (Spambot Search Tool) folks. This is a bug fix release to give me more time for the re-write and move to it's own dedicated domain (more on that in due course).Download:Homepage:

Thứ Tư, 22 tháng 9, 2010

hpHOSTS - UPDATED September 22nd, 2010The hpHOSTS Hosts file has been updated. There is now a total of 125,866 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! Latest Updated: 22/09/2010 19:30Last Verified: 22/09/2010 17:00Download hpHosts now!http://hosts-file.net/?s=Download

Thứ Ba, 21 tháng 9, 2010

We all know that marketing depts will try almost every trick in the book to get people to take notice of their company and whatever products or services are on offer, but there are certain companies out there that need to get their acts together, as the type of marketing being used is highly misleading at best.Hot on the heels of CheckPoint's scareware, I came across an affiliate that was leading

Chủ Nhật, 19 tháng 9, 2010

I received a rather strange e-mail earlier, quite obviously spam, but strange none the less.Why strange you ask?, well when an e-mail arrives and the subject contains the words "exclusive movies", it's usually going to be one of two things - fake meds, or malware. In this case however, there's a bunch of links to .rar files hosted at filesonic.com. The details of one of the e-mails (I've received

Thứ Sáu, 17 tháng 9, 2010

Zone Alarm has long been considered a good product to have on your PC by some (never liked it myself personally, but that's just me), so imagine everyones surprise when the developers of ZoneAlarm decide to use scareware tactics.There's been a rash of complaints on the Zone Alarm forums, amongst other places, concerning a dialog that's been popping up (see top left), with information about a

Thứ Năm, 16 tháng 9, 2010

Ever wonder whether posting what you're doing, where you're going, and when, was a bad idea or not? Wonder no more. Not sure about anyone else (though sure I'm not the only one), but I've told people for years not to announce this kind of information anywhere, especially online - and have largely been ignore.I'll not bother saying "I told you so", I'll just point you to this instead (and nope -
Parents and teens now have access to a free downloadable e-book from Microsoft called “Own Your Space,” which aims to instruct teens and other new internet users how to stay safe while online. Specifically, the book addresses common security threats like phishing scams as well as modern-day social issues like cyber-bullying and cyber-stalking.http://on10.net/blogs/sarahintampa/

Thứ Hai, 13 tháng 9, 2010

The newly discovered IMDDOS Botnet is a commercial DDoS service. The botnet grew large very quickly. Beginning testing in April 2010, it reached a production peak activity by the second week of August of 25,000 unique recursive DNS lookups/hour to the command-and-control (CnC) servers.This paper details the growth of the IMDDOS Botnet, the commercial aspects of its operation, the technical

Thứ Bảy, 11 tháng 9, 2010

Before you read this, just an FYI folks, I know the hpHosts release is a little late, this is due to my being down the other end of the country between Tuesday 7th - Thursday 9th. I'm now expecting to have a release out by Thursday/Friday.Over the course of the last few weeks, our malware sandboxes have analyzed several interesting specimens with malicious activities that include the making of

Thứ Sáu, 3 tháng 9, 2010

We've all got very old machines that we'd love to use, but sadly, they won't run newer versions of Windows and indeed, newer versions of some Linux distro's. Thankfully there's someone out there that has seen fit to work on a Linux based distribution for this very purpose (time to pick out my 486 hehe (did also have a Victor from 1981, but some idiot threw that out)).http://pupweb.org/wikka/

Thứ Ba, 31 tháng 8, 2010

Just a note folks, the competition ends today, so if you're taking part in the competition (i.e. haven't went straight for the PTAC instead), get those entries in;http://forum.hosts-file.net/viewtopic.php?f=27&t=2077

Chủ Nhật, 29 tháng 8, 2010

It’s hard to believe, but we’re already at issue 40! We’ve got a lot of great stuff for you in this issue, including a spiffy new logo redesign by Thorsten Wilms. You might also notice a slight font change-that’s the new (official) Ubuntu font.This month:- Command and Conquer. - How-To : Program in Python – Part 14, Virtualize Part 3 – OpenSolaris, and ADSL Modem As A Switch. - Review – SOFA

Thứ Tư, 25 tháng 8, 2010

I've mentioned Sagade Ltd before, it's a totally Black Hat Latvian network that should be blocked on sight. Google's Safe Browsing diagnostic for this range is fairly damning:....There's very little point playing whack-a-mole with these Latvian IP addresses. It's probably worth null-routing the entire country until some government agency that isn't being paid off by Russian organised criminals
Just a reminder for those of you taking part - there's less than a week left to get your comments and suggestions finalised and posted!http://forum.hosts-file.net/viewtopic.php?f=27&t=2077
Latvia is definitely becoming a problem when it comes to black hat hosting. The 159.148.117.0/24 range (159.148.117.0 - 159.148.117.255) is another malicious block, forming part of AS2588 belonging to Latnet (similar to microlines.lv). At a rough calculation, roughly half the IP address ranges I am currently blocking are based in Latvia.This bunch of domains is a mix of fake pharma sites, browser

Thứ Sáu, 20 tháng 8, 2010

AdvancedDefrag.com has now been de-listed, after a test of their latest version showed it no longer met the inclusion criteria (the major improvement to their software is that their trial version, is actually a trial now, not a demo).After years of bundling the Swizzor trojan (created by Patchou so I'm told), Patchou/Yuna Software, have finally removed Swizzor from their MessengerPlus installer.

Thứ Sáu, 13 tháng 8, 2010

Just a note folks, the server housing surl.co.uk, avantbrowser.com, forum.avantbrowser.com and it-mate.co.uk amongst others, is unreachable at present. I'm trying to get through to the host to find out what's going on as I can't reach Anderson (servers owner) at present.Checking a few other IPs on the same /24 suggests this may actually be a problem internal to the superb.net network. I'll update

Thứ Năm, 12 tháng 8, 2010

Spamhaus has uncovered a fake spam filter company which was pirating and selling DNSBL data stolen from major anti-spam systems including Spamhaus, CBL and SURBL, republishing the stolen data under the name "nszones.com". Nszones operates a 'remove your IP' scam charging naive internet users to be removed from the pirated nszones DNSBLs. Nszones also attempts to sell 'commercial subscriptions' to

Thứ Tư, 11 tháng 8, 2010

Just a note folks. This morning, the PSU in the fSpamlist server decided to die, having popped in a replacement it appears the death decided to cause some corruption whilst it was at it.I've got the machine running a check on the partitions as I write this, and hope to have the server back online within the next few hours. In the meantime, please accept my apologies./edit 09:19The server is now
Like free? Like Paragon Software products? Good!I am pleased to announce, with special thanks to Paragon Software, I've got 15 licences to give away for their Virtualization Manager 2010 Professional software.So what do you need to do? Well, all you need to do, is try Go Virtual, which is the free version of VM 2010 Professional, and post your findings regarding it (thinks you like, things you

Thứ Ba, 10 tháng 8, 2010

Those of you investigating cybercrime will already be aware of eNom/DemandMedia and their involvement in such, and I'm pleased to announce the publication of a report concerning AS21740 and their involvement in cybercrime, by HostExploit.As part of a series of reports on ‘Cybercrime USA’, HostExploit presents a detailed analysis on Demand Media/eNom’s position as #1 Bad Host in the HE Index of

Thứ Sáu, 6 tháng 8, 2010

Many have been writing about this topic lately, including myself and not surprisingly, as quick as we're having the domains and IPs nuked, they're bringing up new ones. My good friend David over at Eset, has thrown a ton of information together for you to digest - and if you've got time spare (or perhaps, meet with other parents when taking the kids to school or whatnot), see if you can have a
Checking up on the A records for Pegas, I noticed something that seemed odd. The NS records for ns1.pegas-dns.org were pointing to ns1.hosts-file.net and ns2.hosts-file.net - but this obviously isn't right (for starters, there are no ns1 and ns2 on the hosts-file.net DNS, and secondly, I own hosts-file.net).Thinking it could've just been a quirk or some such, with the site I was using to do the

Thứ Năm, 5 tháng 8, 2010

I hope you chaps and chapesses have some free time on the 10th, as you've got 14 bulletins to contend with, and the vast majority require a reboot. Most are for Windows, but as usual, there's other stuff thrown in such as Silverlight and Office.Those of you looking after networks will already be using something like WSUS to manage these, so just skip straight to the info itself.If you're a

Thứ Tư, 4 tháng 8, 2010

I'm a bit late in posting this but, better late than never.That’s right, Full Circle issue 39 is out! We’ve got a review of the iRobot iPad Android tablet, talk about virtualizing Fedora, virtual memory, new interviews, and more! (Oh, and we seem to have the recurring theme of ’13′ in our articles.)This month:- Command and Conquer.- How-To : Program in Python – Part 13, Virtualize – Fedora 13,

Thứ Bảy, 31 tháng 7, 2010

Sorry for the delay in publishing this folks.hpHOSTS - UPDATED July 31st, 2010The hpHOSTS Hosts file has been updated. There is now a total of 124,414 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy!Latest Updated: 31/07/2010 13:18Last Verified: 31/07/2010 15:00Download hpHosts now!http://hosts-file.net/?s=Download

Thứ Sáu, 23 tháng 7, 2010

Whilst I'm waiting for the test machine to process results regarding trojans in MessengerPlus (more on that when the test machine has finished with the results), I thought we'd do another Crimeware friendly article. This time, it's Interactive3D.Interactive3D have connections to various nefarious networks, such as root eSolutions (aka root SA), ServerBoost and KABELFOON, but one of their
I thought I'd check on where the domains previously housed on the now null-routed PegasHosting range, had moved to, if anywhere. The results speak for themselves; DOMAIN IP PTR ASN4aclepsa.com178.162.135.81178-162-135-81.no.name28753 178.162.128.0/17 NETDIRECT AS NETDIRECT Frankfurt, DEadjustedresults.com178.162.135.115178-162-135-115.pegashosting.com28753 178.162.128.0/17 NETDIRECT AS NETDIRECT

Thứ Tư, 21 tháng 7, 2010

Hotbar.com probably needs no introduction as an unpleasant piece of Slimeware, picked up from the ruins of Zango by a Washington State company calling itself Pinball Corporation. Traditionally, companies like Zango and Pinball work on a pay-per-install basis for their software, and recruit affiliates to get the software installed on end user's machines. Anyone who deals with affiliate marketing

Thứ Ba, 20 tháng 7, 2010

Just a note folks, geekstogo.com has been compromised again, and is currently serving malicious code, via;hxxp://www.geekstogo.com/blog/wp-includes/js/scriptaculous/effects.js?ver=1.8.3I've tried calling geekstogo.com but they rejected my call because my number is ex directory, and the host (SoftLayer) wasn't any help.The exploit itself is loaded from a Hanaro hosted IP address (219.255.13.77),
If you’re a corporate customer and you’ve ever had issues with mass malware infection or a critical false positive, you will have thought about support issues, of course, and larger sites might have a carefully negotiated, tailored contract in place to cover potential problems. For home users it’s a bit different, and many consumers prefer a free product with no support to a for-fee product that

Thứ Bảy, 17 tháng 7, 2010

Q. How do you know when it's time to re-evaluate the way you work and the way you store data?A. When it takes over 24 hours just to import the old Outlook PST fileBefore you look at me all confused. I've been working with a Toshiba Satellite L300 for well over a year or so now, and sadly, it's mouse button has broke, and it's become as unstable as hell. Yes, I could've just wiped Windows and

Thứ Năm, 15 tháng 7, 2010

At rank #1 of the ‘Top 50 Bad Hosts’, Demand Media/eNom (USA) earns the label of ‘worst host’ from security analysts HostExploit taking over the top spot from Ecatel (Netherlands). A detailed analysis shows high levels of Internet ‘badness’ and cybercriminal activity hosted by Demand Media/eNom in their role as an Internet Service Provider (ISP). HostExploit is pleased to present the Q2 2010

Thứ Tư, 14 tháng 7, 2010

hpHOSTS - Updated July 14th, 2010The hpHOSTS Hosts file has been updated. There is now a total of 124,502 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 14/07/2010 20:00Last Verified: 14/07/2010 21:00Download hpHosts now!http://hosts-file.net/?s=Download

Thứ Hai, 12 tháng 7, 2010

After seeing an article by Conrad over at dynamoo.com, I decided to get in touch with my contact at NetDirekt (cheers Frank!), and am happy to report, PegasHosting have now had one of their ranges null-routed.http://blog.dynamoo.com/2010/07/evil-network-pegashosting-network.htmlPegasHosting (178.162.135.0 - 178.162.135.255), an "ISP" based out of the Ukraine, have had a history of being 100%

Thứ Sáu, 9 tháng 7, 2010

I came across a rather intruiging domain whilst investigating a case - fadebook.info.The domain obviously set off alarms due to the obvious similarity to fadebook.info, and when deciding to look at it, wasn't expecting very much, just the usual phish if anything. However, upon closer inspection, it surprised me a little - it wasn't a facebook phish at all - it was something else.When first
Many of us beat the backup drum quite frequently, in the hopes that others will listen, and begin backing up their systems, websites and whatnot, so they've got something to fall back on, should disaster strike.I was given keys for a couple of Paragon applications a few months ago, so I could evaluate them, and am still in the process of doing that, but in the meantime, Paragon have announced

Thứ Năm, 1 tháng 7, 2010

Following in the footsteps of the lot I previously mentioned, we have theconsumerherald.com, which lives at;IP: 173.204.4.210IP PTR: yellowhammermg.comASN: 26228 173.204.0.0/17 SERVEPATH - ServePath, LLC.This lovely little fellow was found whilst checking up on darkprofits.com. Loading the site, I was pleasantly surprised to find it was now parked - but as with most parking servers, there was a

Thứ Hai, 28 tháng 6, 2010

hpHOSTS - Updated June 28th, 2010The hpHOSTS Hosts file has been updated. There is now a total of 124,285 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 28/06/2010 20:41Last Verified: 28/06/2010 22:38Download hpHosts now!http://hosts-file.net/?s=Download
In the past it was common for WinPatrol fans to report programs which were malicious, designed to steal data, monitor key strokes or create pop up ads. Sadly, the most common complaints I see now are for programs from legitimate companies.Google continues to top the list of companies wanting to make sure you have their toolbar and updates of anything else they feel you need, like it or not. A
Just a note folks, due to a connection issue (I suspect with the ISP, they suspect my exchange), the network will be unavailable for approx 1 hour, from 1500 today. Apologies for the disruption (though if it's any consolation, I don't have access to the o2 mobile connection either until tomorrow, so will be offline for an hour aswell).The next hpHosts release will be out this evening.

Thứ Bảy, 26 tháng 6, 2010

In this issue, a review of Ubuntu 10.04, a new series on virtualization, and much, much more. Also, don’t forget to listen to the companion Full Circle Podcast for some good insight into the Ubuntu world.This month:- Command and Conquer. - How-To : Program in Python – Part 12, a NEW SERIES: Virtualization, and Browser Blogging. - Review – Ubuntu 10.04. - Top 5 – Favourite Applications. - plus:

Thứ Sáu, 25 tháng 6, 2010

Look at the image to the left, what does it look like?No, that's not a trick question, it's a search engine right? A custom Google search perhaps? You'd be forgiven for thinking that, indeed, you could almost believe it's someones poor attempt at a parking page, given the domain is up for sale, courtesy of Sedo (more on that in a second).However, this typo-squatter, is hiding something more
It's exactly one year to the day, that Michael passed away, and fans such as myself, are still feeling the loss of a legend.Although I've never met him, I did see him live, and have been a fan for the vast majority of my life. His voice, his dancing, his personality, generosity, made him a true legend, someone that will never be forgotten, someone that has had a vast impact, and continues to have

Thứ Năm, 24 tháng 6, 2010

Remember this?, well now there's more.URL: www-career-digest.com/?tr=adbrcpc&wz=1277421813.1275&tr2=www.ethical-hackers.org&tr3=468-r&kw=&tr9= (ethical-hackers.org is where the advert was found)Host: www-career-digest.com - registered via 1 & 1 (Schlund)IP: whoIP PTR: Resolution failed ASN: 33070 174.143.0.0/16 RMH-14 - Rackspace HostingOrgName: Rackspace Hosting OrgID: RACKS-8Address:

Thứ Ba, 22 tháng 6, 2010

In a not so surprising turn of events, my favourite online rag, El Reg has reported that domain registrars have complained to ICANN, in not so many words, that they don't want to have to fight cybercrime.How was this going to happen you ask? By changing registrars ICANN contract to force them to fight it - something they should already be doing. We all know registrars are a huge part of the crime

Thứ Bảy, 19 tháng 6, 2010

We've all seen the adverts on TV and splashed on the web, telling us we can hide our browsing habits, by utilizing IE8' "InPrivate" browsing facility. But how private is this mode really? Will it for example, stop a suspicious spouse from spying on you? Will it prevent your employer or IT dept, finding out you're going to Facebook when you're meant to be working?You'd be forgiven if you'd said
If you're in the habit of using Facebook, don't worry, I forgive you. But joking aside, there's always a plethora of threats on social networking sites at any given time, and new ones are popping up on an almost daily basis.The latest of these, is detailed by my friend David at Eset;Blackhat SEO uses online games to distribute malwarehttp://www.eset.com/blog/2010/06/19/

Thứ Năm, 17 tháng 6, 2010

Moldova based ISP, StarNet (AS31252) has been on every security researchers radar for a considerable amount of time now, and this isn't looking to change any time soon.StarNet is just one of several ISPs in Moldova, that's a haven for criminals spreading a multitude of malicious content, and the largest portion of this, is rogues. Monitoring one of the MITMs they're using, you can see new domains

Thứ Tư, 16 tháng 6, 2010

Both Jart at HostExploit, and Pedro Bueno at McAfee, recently reported on botnets being used by the good guys, aswell as the bad. See;http://www.internetevolution.com/author.asp?section_id=717&doc_id=193286&f_src=internetevolution_section_717http://www.trustedsource.org/blog/422The problem here, is that we've known for years that the bad guys were using them, and likely knew but didn't want to

Thứ Ba, 15 tháng 6, 2010

We've got yet another domain involved in telephony based fraud folks. This time it's metsupport.com, which is housed at 74.208.232.54 (PTR: perfora.net, AS8560 74.208.0.0/16 ONEANDONE-AS 1&1 Internet AG) and registered to an entity in India (sound familiar? it should do, SupportOnClick, TechMyHelp, Comantra et al, are all based there and all involved in the same activity) called "MET", who
Browsing for prices on Amazon, I came across something that simply stopped me right in my tracks - almost £2000 for half a gig of PC133 for a desktop! (wasn't after it for a desktop, was looking for prices for PC133 SODIMMs);Don't want to pay that for half a gig? Then you're definately not going to like this one;There is of course, a serious point to this. There's been quite a few cases of online

Thứ Hai, 14 tháng 6, 2010

When is an online rag, not an online rag? When it's a scam of course.Investigating a site on Bizland IP space, that was previously carrying malicious content, I noticed an ad that immediately got my attention, and not in a good way either. There were 2 primary things wrong with it;1. It was delivered via AdBrite - a company known for allowing very questionable adverts on their network2. The

Thứ Năm, 10 tháng 6, 2010

I've just had an interesting conversation with Virgin Media. My mother has been receiving calls from 0116 225 3841 for the last 3 days, each time the phone was answered, the caller would instantly hang up without saying a word, giving the impression it's actually an automated dialer.I traced this number back to Virgin Media, and duly called them, having tried to call the number itself (constantly

Thứ Tư, 9 tháng 6, 2010

I've always avoided iPhones and the likes, and will be avoiding iPads and the likes too, primarily due to their cost, but namely because I've no need for them (my mobile makes and receives calls, and my laptop allows access to the internet and whatnot), but there's millions that do own an iPhone, and those of you with one, may have noticed a red tab on the outside? If so, your warranty is
Seems Comodo still aren't bothering to check who they're supplying SSL certificates to. Nice to know they give a damn isn't it.

Thứ Hai, 7 tháng 6, 2010

If you happen to be running a machine with the following wireless card (i.e. those of you with Toshiba Satellite laptops), be sure you read the details before updating;Atheros AR5007EG Wireless Network AdapterI've just had an update available for this via Windows Update, and whilst it mentioned a restart would be required (though this information was ONLY available in the extended details, which

Thứ Sáu, 4 tháng 6, 2010

Re-checking the list of domains previously mentioned, shows they're on the move to a new range. This time owned by known crimeware friendly ISP, ROOT SA (aka Root eSolutions, AS5577 212.117.160.0/19, AS44042). The new IP is 212.117.169.106.There's only a handful resolving to the new IP at the time of writing, so presumably the rest are awaiting DNS propagation.http://temp.it-mate.co.uk/

Thứ Năm, 3 tháng 6, 2010

Second update to this, and I'm pleased to announce, Redstation forced their customer to disable the sites completely (Redstation didn't want them on their network). A quick check has revealed those still resolving to the RedStation range, are now dead (sites resolve but fail to load), and those spewing malware, are now parked at parkwebwin-v03.prod.mesa1.secureserver.net (GoDaddy parking server).

Thứ Tư, 2 tháng 6, 2010

Just an update folks. Whilst the sites are still live, the downloads appear to have gone *for now* (pretty confident they'll be back). I did hear back from Redstation, who asked for evidence, and such was passed to them.If you've paid for ANY of the software they're scamming and infecting for, contact your credit/debit card company and ask for a charge back.In the case of these particular domains

Thứ Ba, 1 tháng 6, 2010

I come across hundreds of malicious sites each day, both compromised sites, and bad guys sites, and send hundreds of abuse reports each day for them.This morning, I received a rather strange e-mail from one of the hosting companies I'd sent an abuse report to, an e-mail with the following content;HelloCan you give me the ticket number of the tickets you have opened regarding the past?"It is a

Thứ Hai, 31 tháng 5, 2010

Remember the SMS fraud housed on the RapidSwitch range? Well, now we've got yet another network involved.This time, it's the turn of RedStation, AS35662. I've already dropped them an e-mail, but the notice on their contact page suggests this is going to have been a completely pointless exercise.Note to SolicitorsIf you are a solicitor and you wish to communicate with us about a website hosted on

Chủ Nhật, 30 tháng 5, 2010

Ah how this has made my day.Federal prosecutors have accused three men of running an operation that used fraudulent ads to dupe internet users around the world into buying more than $100m worth of bogus anti-virus software.The defendants operated companies including Innovative Marketing and Byte Hosting Internet Services, which perpetuated an elaborate scheme that tricked internet publishers into

Thứ Bảy, 29 tháng 5, 2010

http://paragon-software.com">Paragon Software recently gave away free licences for it's Virtualization Manager, and I decided to check it out. Sadly I was to be disappointed, as contrary to it's name - it's not virtualization software at all.I already knew I was going to be a little disappointed when I noticed it wouldn't actually allow me to run an ISO (tried ISOs of both Linux and Windows) as a
Full Circle issue #37 is out with a review of Lubuntu, more programming in Python, talk about streaming media, and more. Don’t forget to listen to the latest episode of our companion podcast for the full FCM experience!This month:- Command and Conquer. - How-To : Program in Python – Part 11, Adding Screenlets, and Streaming Media. - Review – Lubuntu. - MOTU Interview – Stefan Lesicnik. - Top 5 –

Thứ Sáu, 28 tháng 5, 2010

Not content with serving up fake AVs and the likes, it seems one of the blackhat SEO gangs have one again, turned to serving up exploits instead. Obviously this leads to a fake AV infection aswell, but I thought this worth mentioning.The story starts not surprisingly, at Google, where you're searching for your favourite TV show, news clip, or something completely random, such as why you always

Chủ Nhật, 23 tháng 5, 2010

Just a note folks. The maintenance took less time than expected, so MDL is now back online :o)
On the hunt as usual, I came across yet another rogue, again using xorg.pl etc via blackhat SEO, but using .tk domains (surprise surprise). What I did find rather humorous however, was a javascript file that was loaded.The javascript contained a lovely little snippet, and a note for the folks over at Eset (though evidently, the bad guys got their Star Wars and Star Trek mixed up, as it was the

Thứ Sáu, 21 tháng 5, 2010

hpHOSTS - UPDATED May 21st, 2010The hpHOSTS Hosts file has been updated. There is now a total of 125,099 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 21/05/2010 18:20Last Verified: 20/05/2010 16:00Download hpHosts now!http://hosts-file.net/?s=Download
Just a note folks. Malware Domain list will be unavailable from May 21st (1700 EDT) until Monday 24th (1700 EDT).

Thứ Tư, 19 tháng 5, 2010

I have just one thing to say - it's about bleedin time!http://sunbeltblog.blogspot.com/2010/05/us-federal-judge-shuts-down-3fn-levies.htmlReferences:Reporting abuse to APS Telecom/3FN? Your wasting your timehttp://hphosts.blogspot.com/2008/10/reporting-abuse-to-aps-telecom3fn-your.htmlAPS Telecom/3FN have some explaining to dohttp://hphosts.blogspot.com/2008/10/

Thứ Ba, 18 tháng 5, 2010

At 9:00am EST on Friday May14th AS50896 PROXIEZ lost its ability to infect the Internet. To avoid confusion there were ‘unsuccessful’ attempts to reconnect on Saturday & Sunday May 15/16th. This is where there may have been reports of connections to bots and Malware being still alive.The upstream peer AS50818 DIGERNET was also disconnected from the Internet @ 10:30am EST on Friday May14th.

Thứ Sáu, 14 tháng 5, 2010

AnchorFree have responded to Sunbelts blog concerning the adware nature of their software/service, and hillariously, have failed miserably.Read more at;http://sunbeltblog.blogspot.com/2010/05/anchorfree-responds-on-hotspot-shield.html
Do-it-yourself cyber-crime kits have emerged for the average PC user, with built-in anti-virus protection and complete online security avoidance features. Once upon a time, professional hackers needed the skills of willing script kiddies to exploit your PC or enterprise. Then along came the exploit kit, such as the “MPack,” courtesy of the RBN (Russian Business Network), and a new business

Thứ Năm, 13 tháng 5, 2010

We’ve gotten some inquiries about why VIPRE has been detecting Hotspot Shield (http://www.hotspotshield.com/) as adware since May 4. Some thought it might be a false positive. It isn’t.The Hotspot Shield web site carries the below graphic that says “NO spyware / adware.”Well just SAYING “NO spyware / adware” doesn’t make it happen. Here’s what the Hotspot Shield “terms of service” say (http://
It would seem CyberDefender Corporation, still haven't learnt from the already huge amount of bad publicity they've received from a plethora of avenues, as they are yet again, going after someone with their law firm, for publishing their findings and opinions. This time, it's Allen Harkleroad from statesboro.biz.A week or two ago I (Allen Harkleroad) expressed my personal opinion of MyCleanPC and

Chủ Nhật, 2 tháng 5, 2010

Remember this? Well this time, we've got the same fake IM advert and again, from mediafire.com, except;1. This time, the ad network is ad.z5x.net (owned by "DSNR Media Group", a company with ties to known scam sites such as usafis.org, ausfis.org, official-green-card.org and green-card-visa-usa.org);http://ad.z5x.net/rw?title=New%20offer%21&qs=iframe3%
Investigating malware, I was led to a URL at mediafire.com, a file sharing site similar to RapidShare, that is intent on shoving popups in your face.What (didn't) surprise me however, was an advert claiming to be an IM chat (yes of course it is), loaded via;http://ad.xtendmedia.com/rw?title=New%20offer%21&qs=iframe3%

Thứ Năm, 29 tháng 4, 2010

Please join me in congratulating the editors of FCM (Full Circle Magazine), for reaching their 3rd anniversary.Lets hope they'll get to including some security related stuffage at some point too ;o)Wow! I can’t believe it’s been three years. The release of issue 36 (and Lucid Lynx!) marks the 3rd anniversary of FCM. We’ve gone far from those first posts in the Ubuntu Forums and we have you — all

Thứ Ba, 27 tháng 4, 2010

Hat tip to Bill for the heads up. I've known about Sumatra for a while, but kept forgetting about it.Adobe makes extra money every time someone downloads and installs the Google Toolbar. I usually know better but even I didn’t see the check box in my haste to download most recent Acrobat reader. Given the number of vulnerabilities that keep occurring with the Acrobat reader I always recommend

Chủ Nhật, 25 tháng 4, 2010

Accredited by ICANN as of March 25th 2010, Turkey based registrar, Alantron (alantron.com, 212.175.233.69 - mailer2.alantron.com, TurkTelecom AS9121) has been a thorn in the side of the internet community, with so far, not a single legit domain having been registered by their "customers" (that I've seen). Every single one has been either spam/fraud (1, 2, 3), malware (1) or exploits.If you
I don't speak Polish, but the Google translation suggests xorg.pl advertises themselves as a free domain provider, much like dot.tk. The problem of course, is that like dot.tk, their service gets abused to hell and back.Normally, this wouldn't have earnt them a place in the crimeware friendly list. However, an exception has to be made in this case for one specific reason - the malicious "aliases"

Thứ Năm, 22 tháng 4, 2010

You'd have thought, given the amount of bad publicity that companies have received over the years, about their rather lackadaisical approach to your privacy, that they'd have learnt from their mistakes and started to take it a little more seriously - alas, not surprisingly, those of you thinking company x, y or z can be trusted - are very very wrong.Lets take Tagged for example, who were sued by

Thứ Tư, 21 tháng 4, 2010

hpHOSTS - UPDATED April 21st, 2010The hpHOSTS Hosts file has been updated. There is now a total of 127,058 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 21/04/2010 21:00Last Verified: 21/04/2010 06:00Download hpHosts now!http://hosts-file.net/?s=Download

Thứ Hai, 19 tháng 4, 2010

If you are hosting your site at Hostek.com, you are probably at a higher risk of being hacked. Why? Because they do not do the proper separation of accounts internally, so anyone can access the pages of everyone else.How do we know that? We were helping a friend with his site over there and when we checked their permissions, we found a big (BIG) security hole on Hostek. Every PHP script is

Thứ Bảy, 17 tháng 4, 2010

The owner and curator of bobbear.co.uk, a site that specializes in exposing Internet fraud scams and phantom online companies, announced Saturday that he will be shuttering the site at the end of April.Bobbear and its companion site bobbear.com, are creations of Bob Harrison, a 66-year-old U.K. resident who for the last four years has tirelessly chronicled and exposed a myriad of fraud and scam

Thứ Ba, 13 tháng 4, 2010

v0.49Changes:* Fixed a bug in functions.php (line 219)Ref:http://temerc.com/forums/viewtopic.php?p=3442085#p3442085* Fixed a bug in check_spammers_plain.php (line 128)Ref:http://temerc.com/forums/viewtopic.php?p=3442078#p3442078Download:http://support.it-mate.co.uk/?mode=Products&p=spambotsearchtool&act=DL

Thứ Sáu, 9 tháng 4, 2010

Yet more for your blocking funnage (I really do have to stop making words like "funnage", "stuffage" etc, up ....).Name: msnapps.netIP: 91.191.144.84IP PTR: srv584.sd-france.netASN: 35393 91.191.144.0/20 EURO-WEB-AS Euro Web NetworkName: f.msn-verif.comIP: 91.191.144.88IP PTR: srv584.sd-france.netASN: 35393 91.191.144.0/20 EURO-WEB-AS Euro Web NetworkName: msn-blocked.comIP:

Thứ Hai, 5 tháng 4, 2010

I said I'd get back to this, and I am (finally). If you read the previous article concerning Eveloz, you'll already be familiar with the back story concerning them, so lets continue.I've been monitoring Eveloz for quite some time now, as they've seemingly decided to be rather open about their provision of a haven for criminals, and things haven't stopped, changed or errr, well gotten anything but

Thứ Sáu, 2 tháng 4, 2010

Apologies for yet another bug fix folks. My fault for doing this stuff when I'm half asleep (I broke the last update).v0.48* Fixed display of results (now properly centered)* Modified check_spammers.php (submission to FSL/SFS)* Fixed IsValidEmail function+ Added resolve_host function (makes things a little cleaner)* Modified query so username + email are case insensitive.Download:http://

Thứ Năm, 1 tháng 4, 2010

We didn't exactly need anymore proof that Ecatel (AS29073) were crimeware friendly, but I came across ryan1918.com (again) earlier, and the following just kinda jumped out at me - thanks for providing the final nail in Ecatels coffin!I've already had Ecatels ranges blocked for some time now, and I believe this should now convince everyone else to do the same. To save you some time, these are all
You've been asking for it, and waiting patiently since Jack originally announced his changing the project to Open Source, and now - you've to wait no more. Great News, as of April 1st (and nope, it's not a AFJ!) is officially open source (released with a GPL licence), with the source code available at;http://www.curiostudio.com/forum/viewtopic.php?f=9&t=3073Source code is C++, for those wondering.

Thứ Tư, 31 tháng 3, 2010

Not entirely sure why at the moment, but both temerc.com and fluidhosting.com (temerc.com hosting company) are down at present.I'm still looking into why, and due to a very annoying difference in time (i.e. their being several hours behind us folk in the UK), is making contacting them a little difficult. I have ruled out an issue with DNS as they're resolving absolutely fine, and trying to load

Thứ Ba, 30 tháng 3, 2010

Apologies for the vURL Online server downtime earlier folks. Sadly the PSU died (was busy at the time so didn't notice right away). I've popped in an older spare PSU until I can get to the shop for a new one.

Chủ Nhật, 28 tháng 3, 2010

Just a note folks, there's now "profile cards" available for the IP's/email addresses, listed in fSpamList.Example84.237.157.41http://www.fspamlist.com/?c=profile&num=177292c3@pradas.infohttp://www.fspamlist.com/?c=profile&num=174253Note: Additional information on the domains in the e-mail addresses, should be listed on e-mail address profile/report cards, in due course

Thứ Sáu, 26 tháng 3, 2010

I am happy to announce, Josh at fSpamList has now added two RSS feeds;Latest additionshttp://www.fspamlist.com/feed.phpMost reported spammershttp://www.fspamlist.com/feed.php?most
Due to a bug in the SBST UI, v0.47 has now been released. Sorry folks.http://support.it-mate.co.uk/?mode=Products&p=spambotsearchtool

Thứ Năm, 25 tháng 3, 2010

I've re-released v0.46 of the SBST that was released a couple or so hours ago, due to a bug in the script that produces a warning when the whitelist is empty.http://forum.hosts-file.net/viewtopic.php?f=68&t=1955Download:http://support.it-mate.co.uk/?mode=Products&act=DL&p=spambotsearchtool

Thứ Sáu, 19 tháng 3, 2010

Just an update to this folks.100webspace.net never responded, the support@ address didn't bounce (so presumably they did actually receive it), but the postmaster@ address did.errorsguru.com is no longer a Paretologic affiliate, but instead, is now peddling a much much worse "fully fledged" rogue - RegTool. And what have errorsguru.com' hosting company had to say? Well, disgustingly "Robert R.,
Roughly two years ago, I began an investigation that sought to chart the baddest places on the Internet, the red light districts of the Web, if you will. What I found in the process was that many security experts, companies and private researchers also were gathering this intelligence, but that few were publishing it. Working with several other researchers, I collected and correlated mounds of

Thứ Năm, 18 tháng 3, 2010

Avant Force, the team (well I say Team, last I knew there was actually only my friend, Anderson Che, developing both Avant Browser and Orca Browser), have published an update on the blog, giving outlines of what's going on, with regards to Avant Browser and the much anticipated v12, previously scheduled for release both in January, then February 2010.Sadly, v12 is still not here, we're still with

Thứ Ba, 16 tháng 3, 2010

Going on a little hunt for new stuffage whilst the test machines image was restored, I stumbled upon a thread on the Avira forums, referencing hpHosts, nothing wrong there.http://forum.avira.com/wbb/index.php?page=Thread&postID=920112The post was alerting the Avira folk, to a SpyEraser variant at spyeraser-security.com (post references a different IP (91.201.28.20,AS44107 91.201.28.0/22
hpHOSTS - UPDATED March 16th, 2010The hpHOSTS Hosts file has been updated. There is now a total of 126,051 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 16/03/2010 14:00Last Verified: 16/03/2010 13:00Download hpHosts now!http://hosts-file.net/?s=DownloadJust a note folks, I am aware of the
There's many many ways to ensure your site will be blacklisted;1. Utilizing malware/exploits2. Developing/distributing [1]3. Using unethical means to promote a site or program4. Utilizing hijacks5. Utilizing blackhat SEO techniques... etc etc etc etcThe list goes on and on and on.Another method however, of ensuring you'll be blacklisted, is by spamming through compromised e-mail accounts. This is

Thứ Năm, 11 tháng 3, 2010

Dear 100webspace.net,I am writing this because you evidently couldn't be bothered to conform to the RFC's and have an active ABUSE@ address!!!When will these companies realise, if they're offering a service such as hosting, connectivity, they MUST provide a WORKING abuse@ address for abuse complaints.Ref:http://www.faqs.org/rfcs/rfc2142.htmlI've already had Paretologic kill off the errorsguru.com
Turkish based ISP, VITAL TEKNOLOJI (AS44565) have been appearing on my radar for quite some time, and not under the most flattering of terms - they've been and continue to be, home to a major source of badness. Namely, exploits and fake AV's.They actually have several ranges under their control, the most active of which are;79.171.16.0/2193.186.112.0/20188.124.0.0/19I can't say which has been the
A week of free technology events for developers, IT professionals and IT managersWhat's on for Developers?We'll be updating the agenda and session information over the coming days. Follow @uktechdays to be the first in the know.We're going back to basics and have hired two London cinemas during the week so we can deliver the kind of content you've been asking to hear about. Please note that we'll
I have had a few users telling me they were having problems both contacting me, and using the SBST. One user narrowed it down to undisposable.net, and I stupidly didn't think to check the site myself at the time.Checking undisposable.net today shows the site is offline. It's still resolving to 64.202.189.170, but no content is there, so it's failing to connect. There's no contact information in

Thứ Tư, 10 tháng 3, 2010

Going through the latest Google results for new malicious goodness, I stumbled upon a URL I was fully expecting to be serving me with a fake AV (the last 10 or so I'd checked had done), but alas no, not this time. This time I was to be served a page that led me to a fake search results page (PPC fraud);And from there, on to porntubevault.com, which leads you to Pinball Publisher Network.Where

Thứ Ba, 2 tháng 3, 2010

Sorry for the downtime folks. 89.15.156.197 (kobz-590f9cc5.pool.mediaWays.net) decided it would be fun to constantly flood the server./edit 01:20 03-03-2010This little bugger is back, this time using 83.14.243.106 (efj106.internetdsl.tpnet.pl)

Chủ Nhật, 28 tháng 2, 2010

... but I'll settle for having a laugh at a spam that's just came in. Laughing you ask? Well yes - for starters there's no plain text content, no subject and no HTML content.It would seem these silly spammers have decided it best to include the content in the actual headers (likely a bug in their auto-mailer);Return-Path: root@server.bestindiansexvideos.comDelivered-To: r00t-y0u_org@
In the magazine:- Command and Conquer.- How-To : Program in Python – Part 8, Digitally Retouching a Photo in GIMP, and The Perfect Server – Part 4.- My Story – a Linux User, and Powerpets.- Review – Acer UL30-A laptop.- MOTU Interview – Roderick Greening.- Top 5 – Reference Tools.- Ubuntu Women, Ubuntu Games, My Opinion, and all the usual goodness!Read morehttp://fullcirclemagazine.org/2010/02/27

Thứ Sáu, 26 tháng 2, 2010

It would seem, dear readers, that the folks at Sun Network have decided booting our friendly phishers, isn't a good idea after all, as they're now back yet again, spamming via MSN and whatnot, with links that lead to phishing scams such as the one in the screenshot to the left, that steal your MSN, Yahoo, AIM and GTalk credentials.Once stolen, you're then once again, redirected to ishowclips.com.

Thứ Năm, 25 tháng 2, 2010

I was notified earlier about tracox.pwnz.org, which has been reported as a botnet C&C for the Spybot.AVEO infection (Trend Micro has it pegged as WORM_IRCBOT.ABJ). After reading up on this, I'd strongly urge everyone blackhole it asap.Trend Micro's writeup also has reference to it's contacting r30686.ovh.net (yep, OVH again) which resides at 87.98.173.190, so I'd suggest blackholing that one too.

Thứ Tư, 24 tháng 2, 2010

I had an interesting conversation this morning with one of my local PC stores. First a back story ....Around Feb 4th, I bought a second hand hard drive for one of the servers (as it was only £20 (160GB HDD) I thought what the heck). I didn't get round to checking it until last week, and surprisingly, upon my booting the drive, I noticed the previous customers Windows installation was still

Thứ Tư, 17 tháng 2, 2010

It would seem folks, IAC/MindSpark aren't happy with their current methods of attracting new victims, err, users. Now they've decided to go with a scamming approach.What does this entail you ask? Well, look at the screenshot to your left - there's two adverts there. One asks which is a better presenter, offers a "free" (sic) $500 Visa gift card, and claims to be leading you to myrewardsvault.com
Some extremely great news just dropped into my RSS reader - Paperghost, aka Chris Boyd, has now joined Sunbelt' research team.Sunbelt now have without a doubt, the best damn researcher in the world. Congrats Chris!Read more over at the Sunbelt blog;http://sunbeltblog.blogspot.com/2010/02/uk-researcher-joins-sunbelt.html

Thứ Ba, 16 tháng 2, 2010

hpHOSTS - UPDATED February 17th, 2010The hpHOSTS Hosts file has been updated. There is now a total of 121,497 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 17/02/2010 05:00Last Verified: 16/02/2010 23:00Download hpHosts now!http://hosts-file.net/?s=Download
Here's some news from the ESET Virus Lab in Slovakia. One of our clients encountered an interesting infection within his network.The problem seemed to originate from the drivers CD that comes with the device he bought, the Habey BIS-6550HD, a fanless Atom-powered system, though we haven't seen the CD itself. Our analysis of the CD image supplied by the customer, which seems to date from July 2009

Thứ Năm, 11 tháng 2, 2010

The switch over has been made, tested and the gateway is now back online, so access to hpHosts, vURL etc, has been restored.
Just a note, due to Windows updates and a hardware replacement, the network gateway will be down for a few moments (basically to allow for the hardware to be replaced, and the Windows updates to be installed).As an aside, when hpHosts does come back online, I re-enabled the browsing facility yesterday, and there's also both a new updates RSS feed, and a new MMT (Misleading Marketing Tactics)

Chủ Nhật, 7 tháng 2, 2010

I thought I'd treat myself to a router upgrade, given the current one (DG384Gv2) was struggling with the traffic on the network, and opted for the DGN2000 (would've loved a newer and better one, but this one cost £94, the rest were over £150). Configuring it for the network took a couple seconds, which was great as I needed it done asap, and switching the old to the new took miliseconds (well all

Thứ Sáu, 5 tháng 2, 2010

It was a difficult choice deciding who should be in the firing line next, as far as being cybercrime friendly, as there's a multitude of choices, those I've not yet covered include VPLSNET (VPLS Inc. d/b/a Krypt Technologies), Masterhost, China (I'd be here all year with this one), Aruba (and if you're reading this Aruba - FIX YOUR DAMN ABUSE ADDRESS!), Peterhost, to name a few.I thought I'd

Thứ Tư, 3 tháng 2, 2010

One year ago, on the 2nd of February 2009, ZeuS Tracker was born (Introducing: abuse.ch ZeuS Tracker BETA). Today ZeuS Tracker looks back to a very successful year and I would like to use this event to write some words about ZeuS Tracker. During the last year, ZeuS Tracker has tracked more then 2′800 malicious ZeuS C&C servers. The ZeuS Tracker has captured more then 360MB ZeuS config files and

Thứ Ba, 2 tháng 2, 2010

You may have noticed over the past few days, that access to the hpHosts website has been sporadic at best. I just wanted to let you all know, although annoyed as hell, I do have a good excuse, well three actually;1. MySQL is being an absolute PITA2. Several IP's from one of NetDirekt's ranges, has been hammering the vURL server, which accesses hpHosts (I've temporarily disabled vURL's access to

Thứ Hai, 1 tháng 2, 2010

The validation and WhoIs hunt is completed, and although I've no doubt there's more domains owned by this person than those I've found, the following are those that are or have been, owned by Melissa/Bob/Jeremy, whatever he/she wants to call him/her self.Note: It's entirely possible that some of these are now legit, as quite a few on this list were obtained from a dated (08-30-2009) listFirst,
I'm happy to report, I've just been advised by Jeremy Zawodny at Craigslist, that the following two domains have now been taken offline;craigslistinc.orgcraigslistmarketing.orgSadly, dnblocker.com is still online, and hillariously, has tried changing the WhoIs information to "Bob Smith" in a poor attempt to hide .....Registrant:Bob Smith343 Mumby RoadGosport, Hampshire PO12 1AQUnited

Thứ Bảy, 30 tháng 1, 2010

Issue 33 is out: creating a media center, education, and syncA new month (well, in two days) and a new magazine issue is out.This month, we’ve got:- Command and Conquer. - How-To : Program in Python – Part 7, Create A Media Center with a Revo, Ubuntu and Boxee, and The Perfect Server – Part 3. - My Story – Ubuntu in Public Education, and Why I Use Linux. - Review – Exaile. - MOTU Interview –
* Fixed bug when SBST run on Windows Server systems (doesn't seem to like some of the error handling)* Fixed Colours for new manual submission ;o)Download:http://support.it-mate.co.uk/?mode=Products&p=spambotsearchtool
... awww, did my last post annoy someone? T'would seem so, as I noticed the following new user registration whilst going through the new account;Recognize the IP range? (same IP as the Craigslist fraud rubbish, and same range as Blackhatworld - both mentioned in the previous post).

Thứ Sáu, 29 tháng 1, 2010

I received an e-mail around 30 mins or so ago, pointing me to craigslistinc.org. The individual that reported it had been called by someone referencing this site, claiming to be an employee of Craigs List.I did a little digging and yep, it's a phishing scam. I decided to call Craigs List to inform them of the site, and the additional stuffage I found - a decision I was about to regret. Calling
Here’s something they don’t teach in marketing 101: If you’re pushing software that no one wants -- like, say, annoying adware -- and your downloads are going nowhere, what do you do?Answer: you push somebody else’s popular software AND BUNDLE YOUR CRAP WITH IT!Remember Zango? It was that irritating adware company that spent years and a million weasel words trying to make its operation seem

Thứ Ba, 26 tháng 1, 2010

Just a note folks, I'm beginning the conversion of the hpHosts databases as I write this, so the hpHosts website will be down for the next few hours whilst the conversion takes place.

Thứ Hai, 25 tháng 1, 2010

I've just gotten back folks, and am happy to announce, vURL has now been fully converted to MySQL, and is now back online.Please let me know if you notice any problems.

Chủ Nhật, 24 tháng 1, 2010

I’m curious and thinking a crazy single day experiment could be fun and may be worth the risk. So what the hell. If you want to upgrade to WinPatrol PLUS on January 29th, I’ll give you a lifetime WinPatrol membership for less than a dollar. Instead of the regular price of $29.95 I’ll provide a coupon on WinPatrol.com that brings the price down to $0.99 USD. That comes out to approx. .70 € to our

Thứ Bảy, 23 tháng 1, 2010

I'll not go into the ESG/SpyHunter history, you can read about that elsewhere. Suffice to say, after discussions with Enigma Software Group, and changes they made, I removed them from hpHosts back in 2008;http://hphosts.blogspot.com/2008/08/enigma-software-group-removed-from.htmlSo you'll forgive me for being surprised to receive an e-mail from their lawyer, threatening to sue me. I did however,

Thứ Năm, 21 tháng 1, 2010

I received an e-mail earlier, pointing to an Angelfire hosted site;yzisuteq.angelcities.com/utakeseh.htmlExpecting malware or fake meds, I decided to take a look to see which of the two it was. Surprisingly I was wrong - it was neither. The site leads to mobilnaked.com, a site completely in Russian (and annoyingly, given most of the text is actually image based, untranslatable with Google).

Thứ Tư, 20 tháng 1, 2010

We've seen a number of ads being punted through AdSlash.com to legitimate ad networks, but it appears that these are leading to a PDF Exploit (don't visit these sites, obviously!).For example:fwlink.nx7.zedo.com.adslash.com/?alx=a27131939386&td=qcbp71pz=42834&sz=728x90&_zm=359161&st=n1n4&id=131939386&zcw=gh17chl277&xryr=3913771&mp=1460h1fwlink.nx7.zedo.com.adslash.com/stats_js_e.php?id=131939386

Thứ Ba, 19 tháng 1, 2010

I received a rather surprising e-mail earlier. Surprising because it was sent to an e-mail address I used specifically for registering on the ukbusinessforums.co.uk website a few years ago, and not an address I'd published anywhere (and nope, I'd not given them permission to give it to anyone else).This particular e-mail is shown to the left, but in short, advertises pdf-adobe.org, which leads to
Remember this folks?http://hphosts.blogspot.com/2009/08/update-google-webalizer-exploits.htmlWell, I've been seeing more and more sites across LP IP ranges, containing malicious code, and since I'd not heard back from them concerning the sites listed in the above, I decided to go through those previously mentioned back in August last year, to see which are still carrying malicious code.

Thứ Bảy, 16 tháng 1, 2010

Seems msmvps.com is down at present folks. No idea why, it's resolving just fine, but the server is refusing the connection (checked via several different sources)./editIt's back folks :o)
And in todays firing line, competing with the rest for the title of worlds most crimeware friendly ISP, we have AS8206, Latvian based ISP, Junik-Riga-LV.Junik is being listed for 2 very specific reasons, they're providing connectivity for;AS29106 VolgaHost-as PE Bondarenko Dmitriy VladimirovichAS49314 NEVAL PE Nevedomskiy Alexey AlexeevichOh dear, this isn't going to end well is it?Neval has been
Just a note folks, whilst investigating why the domains associated with botnets weren't resolving (been receiving a plethora of e-mails for everything from SendSpace to HM Revenue and Customs to HSBC etc etc), I did a check on OpenDNS's servers and discovered an issue with their Lodon based server (still failed to resolve even after a cache check).All of their other servers are unaffected by

Thứ Sáu, 15 tháng 1, 2010

With the blackhat SEO campaigns taking advantage of Haiti to infect people and rip them all of, you'd have thought PayPal would've had a little forethought before sending this out.I must ask PayPal, what the heck were you thinking when the thought "Ooooh, lets send an EMAIL to our members, in HTML of course, to ask them for MONEY!".Anyone ever tell you about phishing scams and the like?Your

Thứ Tư, 13 tháng 1, 2010

Just a note folks, the hpHosts server is making some very strange noises (typical, get 2 servers re-built and another decides it wants to be a problem), and doesn't sound too well, so I'm going to take it offline with immediate effect, to take a look and see what the problem is.I'm not expecting the downtime to be more than 30-45 mins or so.

Thứ Ba, 12 tháng 1, 2010

hpHOSTS - UPDATED January 12th, 2010The hpHOSTS Hosts file has been updated. There is now a total of 118,743 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 12/01/2010 18:00Last Verified: 11/01/2010 12:00Download hpHosts now!http://hosts-file.net/?s=Download

Thứ Hai, 11 tháng 1, 2010

I thought you guys would be interested in the latest validation results, which shows where quite a few prior Riccom customers have now gone over to. Note: the results do not include PTR details (only did a quick validation as I'm busy with work and hpHosts at present).http://hosts-file.net/misc/hpObserver_results_-_Riccom_91.212.107.0-255-update-12012010.htmlThe shortlist of ISP's they've moved
HostExploit has provided a facility that now allows you to see which of the ISP's currently online, are within their list of the worlds worst. Names you'll currently see include Velcom, Netelligent, ZHM, NetDirect, Neval etc etc etc.Take a peek, and pop over to their new SiteVet (well, new to me anyway) site, which provides extensive details (some details only provided if you pay a fee apparently

Chủ Nhật, 10 tháng 1, 2010

You may be asking yourself, why are RETN-AS being listed as crimeware friendly? Well, to keep this short and simple, I'll tell you - NET-UA-AS limited corp (AS40965 195.95.151.0/24) and SOFTNET (AS50073 193.104.110.0/24 SOFTNET Software Service Prague s.r.o.).The SOFTNET range was first seen in November 2009, and ever since then, has served nothing but exploits, rogues, and other malicious

Thứ Sáu, 8 tháng 1, 2010

raktor.net has been de-listed folks.I hate being human sometimes :o(

Thứ Tư, 6 tháng 1, 2010

Just a note folks, due to the machine that was processing the database (determines which are alive, and which are not), deciding it wanted to crash during the saving process, the latest hpHosts release will be delayed for a few days.On a brighter note, I've now got the mail server onto a new (well old PIII) dedicated machine, and config'd/tested, so I can now send e-mail again - yipee!.

Thứ Ba, 5 tháng 1, 2010

Alas poor yorik, tis not my week .... not content with the motherboard in the Intranet/vURL server dying, the HDD suffered a death in the gateway server, rendering access to the network impossible. I've got the gateway back online on a temporary machine, but still have to re-build the mail server (going to have to talk to Alt-N about that).

Chủ Nhật, 3 tháng 1, 2010

Due to an as yet unknown fault, the vURL and Intranet server, is currently offline. I'm suspecting a hardware fault at this point as it's not picked up on the KVM anymore, which suggests a fried graphics card/motherboard.Sadly, I'll not be home until Tuesday, but have someone working on sorting it out for me./editSadly, it's been confirmed that the servers motherboard has fried, so I'll have to
At the writing of this post, it’s new year’s for most of the world (and definitely will be by the time most of you read this). Not only is it a new year, it’s a new decade full of promises for the computing world and the world at large. I hope you’ve enjoyed our foray into Ubuntu and Linux for the past few years. Here’s to many more!That being said, what better way to start off a new year than