WARNING: Malware, scams and RedStation (AS35662, 81.94.192.0/20)

Remember the SMS fraud housed on the RapidSwitch range? Well, now we've got yet another network involved.This time, it's the turn of RedStation, AS35662. I've already dropped them an e-mail, but the notice on their contact page suggests this is going to have been a completely pointless exercise.Note to SolicitorsIf you are a solicitor and you wish to communicate with us about a website hosted on

Innovative Marketing/Byte Hosting: Scareware scam charges

Ah how this has made my day.Federal prosecutors have accused three men of running an operation that used fraudulent ads to dupe internet users around the world into buying more than $100m worth of bogus anti-virus software.The defendants operated companies including Innovative Marketing and Byte Hosting Internet Services, which perpetuated an elaborate scheme that tricked internet publishers into

Paragon Virtualization Manager 9.5: Not quite virtualization

http://paragon-software.com">Paragon Software recently gave away free licences for it's Virtualization Manager, and I decided to check it out. Sadly I was to be disappointed, as contrary to it's name - it's not virtualization software at all.I already knew I was going to be a little disappointed when I noticed it wouldn't actually allow me to run an ISO (tried ISOs of both Linux and Windows) as a

Full Circle Magazine: Issue 37

Full Circle issue #37 is out with a review of Lubuntu, more programming in Python, talk about streaming media, and more. Don’t forget to listen to the latest episode of our companion podcast for the full FCM experience!This month:- Command and Conquer. - How-To : Program in Python – Part 11, Adding Screenlets, and Streaming Media. - Review – Lubuntu. - MOTU Interview – Stefan Lesicnik. - Top 5 –

WARNING: Blackhat SEO turns (once again) to exploits

Not content with serving up fake AVs and the likes, it seems one of the blackhat SEO gangs have one again, turned to serving up exploits instead. Obviously this leads to a fake AV infection aswell, but I thought this worth mentioning.The story starts not surprisingly, at Google, where you're searching for your favourite TV show, news clip, or something completely random, such as why you always

INFO: Malwaredomainlist.com is back

Just a note folks. The maintenance took less time than expected, so MDL is now back online :o)

Eset, Star Wars, dot.tk and rogues ....

On the hunt as usual, I came across yet another rogue, again using xorg.pl etc via blackhat SEO, but using .tk domains (surprise surprise). What I did find rather humorous however, was a javascript file that was loaded.The javascript contained a lovely little snippet, and a note for the folks over at Eset (though evidently, the bad guys got their Star Wars and Star Trek mixed up, as it was the

hpHOSTS - UPDATED May 21st, 2010

hpHOSTS - UPDATED May 21st, 2010The hpHOSTS Hosts file has been updated. There is now a total of 125,099 listed hostsnames.If you are NOT using the installer, please read the included Readme.txt file for installation instructions. Enjoy! :)Latest Updated: 21/05/2010 18:20Last Verified: 20/05/2010 16:00Download hpHosts now!http://hosts-file.net/?s=Download

Planned outage: Malware Domain List

Just a note folks. Malware Domain list will be unavailable from May 21st (1700 EDT) until Monday 24th (1700 EDT).

3FN (APS Telecom) shut down

I have just one thing to say - it's about bleedin time!http://sunbeltblog.blogspot.com/2010/05/us-federal-judge-shuts-down-3fn-levies.htmlReferences:Reporting abuse to APS Telecom/3FN? Your wasting your timehttp://hphosts.blogspot.com/2008/10/reporting-abuse-to-aps-telecom3fn-your.htmlAPS Telecom/3FN have some explaining to dohttp://hphosts.blogspot.com/2008/10/

AS50896 PROXIEZ – Overview of a Crime Server

At 9:00am EST on Friday May14th AS50896 PROXIEZ lost its ability to infect the Internet. To avoid confusion there were ‘unsuccessful’ attempts to reconnect on Saturday & Sunday May 15/16th. This is where there may have been reports of connections to bots and Malware being still alive.The upstream peer AS50818 DIGERNET was also disconnected from the Internet @ 10:30am EST on Friday May14th.

AnchorFree: HotSpot Shield - Nice try

AnchorFree have responded to Sunbelts blog concerning the adware nature of their software/service, and hillariously, have failed miserably.Read more at;http://sunbeltblog.blogspot.com/2010/05/anchorfree-responds-on-hotspot-shield.html

Cybercrime: The Franchise

Do-it-yourself cyber-crime kits have emerged for the average PC user, with built-in anti-virus protection and complete online security avoidance features. Once upon a time, professional hackers needed the skills of willing script kiddies to exploit your PC or enterprise. Then along came the exploit kit, such as the “MPack,” courtesy of the RBN (Russian Business Network), and a new business

Hotspot Shield: What part of “no adware” don’t you understand?

We’ve gotten some inquiries about why VIPRE has been detecting Hotspot Shield (http://www.hotspotshield.com/) as adware since May 4. Some thought it might be a false positive. It isn’t.The Hotspot Shield web site carries the below graphic that says “NO spyware / adware.”Well just SAYING “NO spyware / adware” doesn’t make it happen. Here’s what the Hotspot Shield “terms of service” say (http://

CyberDefender Corporation: Lessons in intimidation

It would seem CyberDefender Corporation, still haven't learnt from the already huge amount of bad publicity they've received from a plethora of avenues, as they are yet again, going after someone with their law firm, for publishing their findings and opinions. This time, it's Allen Harkleroad from statesboro.biz.A week or two ago I (Allen Harkleroad) expressed my personal opinion of MyCleanPC and

Misleading marketing: Fake IM advert - Déjà Vu

Remember this? Well this time, we've got the same fake IM advert and again, from mediafire.com, except;1. This time, the ad network is ad.z5x.net (owned by "DSNR Media Group", a company with ties to known scam sites such as usafis.org, ausfis.org, official-green-card.org and green-card-visa-usa.org);http://ad.z5x.net/rw?title=New%20offer%21&qs=iframe3%

Mindspark/IAC: Misleading marketing (again)

Investigating malware, I was led to a URL at mediafire.com, a file sharing site similar to RapidShare, that is intent on shoving popups in your face.What (didn't) surprise me however, was an advert claiming to be an IM chat (yes of course it is), loaded via;http://ad.xtendmedia.com/rw?title=New%20offer%21&qs=iframe3%