hpHosts: Updated 29-09-2011

Sorry for the delay folks.The hpHOSTS Hosts file has been updated. There is now a total of 222,922 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 29/09/2011 18:00Last Verified: 29/09/2011 01:00Download hpHosts now!http://hosts-file.net/?s=Download

Read More

Dear internet.bs ....

Q. How do you tell when a registrar is generating alot of abuse reports?A. When you receive failure messages such as;This is the mail system at host us.internet.bs.I'm sorry to have to inform you that your message could notbe delivered to one or more recipients. It's attached below.For further assistance, please send mail to postmaster.If you do so, please include this problem report. You

Read More

Microsoft Security Advisory: Vulnerability in SSL/TLS Could Allow Information Disclosure

Executive SummaryMicrosoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS

Read More

Microsoft dumps partner over telephone scam claims

About bleedin time too.One of Microsoft's Gold Partners has had its relationship with the software giant unceremoniously terminated, after being revealed to be orchestrating a telephone support scam.Comantra, based in India, are said to have cold-called computer users in the UK, Australia, Canada and elsewhere, claiming to offer assistance in cleaning up virus infections.The bogus support calls

Read More

Alert: 70.85.43.147

I was sent a URL earlier, that redirected to fake meds (surprise surprise). Checking further however, I arrived at the sites homepage to discover two scripts being loaded, one from a site that has now been cleaned, and another loaded from 70.85.43.147, that is still there;70.85.43.147/minitools.jsTrying a quick check, Malzilla, JSUnpack etc failed to decode it, so I figured I'd wait until I had a

Read More

Alert: Formspring abuse continuing.

Not surprisingly, when the bad guys get a foot in, they take full advantage, and that's exactly what they're doing over at Formspring.me. Having started a campaign, and Formspring seemingly doing nothing to prevent it, the surge is continuing, with new ones being created every day so far.Thanks to someone that used to work for them, those that were reported to him, have been taken care of, but

Read More

Spambot Search Tool v0.53

Date: 13-09-2011* Modified LogSpammerToDB (with thanks to Jay Riley, jayriley.com)+ Added blocklist.deDownload:http://support.it-mate.co.uk/?mode=Products&p=spambotsearchtoolLive example:http://temerc.com/Check_Spammers/http://fspamlist.com/checkspammers/

Read More

Alert: formspring.me abuse surge

Seems there's somewhat of a surge of abuse over at formspring.com lately, same kind of abuse seen previously on similar providers.The following, all leading to varying locations, are currently active, and have been reported to the upstream, since Formspring don't want to publicize an abuse contact (CC'd the report to the address listed in the WhoIs for formspring' parent company).hxxp://

Read More

Alert: 69.64.72.123 (Sinowal/Mebroot)

New domains today, still only 71 unique MD5s, and all domains living at;IP: 69.64.72.123PTR: 69-64-72-123.dedicated.codero.netNS: *.dns-diy.netAS: 10316 69.64.64.0/19 CODERO-AS - CoderoSame registrar as all of the rest;Registrant: Frank Jorney / jormwyuh4@hotmail.comRegistrar: ONLINENIC, INC367u3hsl.com/files/18367u3hsl.com/files/19367u3hsl.com/files/23367u3hsl.com/files/24367u3hsl.com/files/

Read More

Alert: 67.210.105.156

Well, yesterday Sinowall was at 108.59.2.213, as of today, there's 2 new domains and a new IP - still the same amount of files, same 71 unique MD5s;

sghlymfsbvf.com/files/18 Trojan.Agent
sghlymfsbvf.com/files/19 Trojan.Agent
sghlymfsbvf.com/files/23 Trojan.Agent
sghlymfsbvf.com/files/24 Trojan.Agent
sghlymfsbvf.com/files/25 Trojan.Agent
sghlymfsbvf.com/files/26 Trojan.Agent
sghlymfsbvf.com/files

Read More

Alert: 108.59.2.213

Q. What do you get if you cross 108.59.2.213 with a bunch of newly created domains?

A. Over 600 newly malicious URLs of course!

There's actually only a very small amount of domains, but 91 URLs to each domain, serving a grand total across them all, of 498 files and 71 unique MD5s;

File    MD5    Size
f88deaeb24ee0ae8f783ed61c8508b37    aguyet47td.com\files\17    2.00 KB

Read More

co.tv update: Sorry chaps, you're not doing enough

co.tv have had quite the history, with a plethora of abuse of their service. They've previously been responsive as far as takedowns, but lately there's been no response, and those reported over the past week, have remained active.

A lot of the domains are pointing to an IP that resolves to parking.co.tv, but this isn't actually a parking server - it is a redirector;

Query: fuqayisi.co.tv

HTTP/

Read More