Australian & New Zealand MVPs

Avert Labs 5365 DAT Issue Emergency Notice

2008-08-21T05:40:32Z

Thanks to Jurren for the heads up... " Avert Labs is issuing an emergency notice for the 5365 DAT files. The reason for this Emergency DAT release is due to a false detection for New Malware.bm. Known files impacted by this emergency are: Large AutoIT packed files (samples seen have been over 16MB Read More......(read more)

Thank you for your well thought out contribution...

2008-08-21T05:24:58Z

It is because of trolls like the following that I have no interest in using the oft-broken CAPTCHA, preferring to use spam filters and moderation of *every* comment. Below is just one of the dozens of unsavory comments that have been submitted to my blog over the past 24 hours. Yes it takes valuable Read More......(read more)

ALERT: Please treat adtrafficserv.com with extreme caution

2008-08-21T04:30:24Z

I have found a bad URL that redirects viewers to the fraudware domain systemscanner2008.com page, being: adtrafficserv.com/?ref=md&aff=tr. This URL in turn redirects to: 3gigabytes.com/soft.php?aid=<<removed>>&d=3&product=XPA and from there the viewer is led to: systemscanner2008 Read More......(read more)

Moving over to the dark side.. :-)

2008-08-20T04:53:54Z

Body: To the sounds of evil laughter, I've swallowed the blue pill :-) Well almost. Today I started working with Microsoft Australia. My role here will be Tech Specialist on SBS and EBS and I'll be helping very much with the launch of SBS 2008 and EBS 2008 here in Australia over the next 6 months Read More......(read more)

Adobe acknowledges the hijacked clipboard problem

2008-08-20T04:30:34Z

They blogged about it not long ago - they don't say much, but they acknowledge the problem: http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html "We are aware of recent press reports about a potential “Clipboard attack” issue that involves Flash Player. Adobe is currently investigating Read More......(read more)

ALERT: Firefox with NoScript does NOT protect from SWF clipboard hijacks

2008-08-19T23:21:41Z

The hijacking of clipboards by malicious SWF is proving to be a very popular topic: http://www.trustedsource.org/blog/145/Rogue-Flash-ads-hijack-your-clipboard http://news.bbc.co.uk/2/hi/technology/7567889.stm http://www.theregister.co.uk/2008/08/15/webbased_clipboard_hijacking/ http://blogs.pcmag.com Read More......(read more)

Ok, Sophos wins....

2008-08-19T13:28:36Z

That got your attention didn't it.... Here I was, shocked when I discovered a web site with evidence malicious code pointing to 20, 30 or even 40 malware domains.... but then, Sophos discovers a site with code pointing to, believe it or not, over 200 domains!!! To add insult to injury, the site in Read More......(read more)

ALERT: malvertizement on mashable.com - Google Adsense implicated

2008-08-19T12:47:25Z

Mike saw it first... http://www.mikeonads.com/2008/08/19/google-adsense-showing-malvertisements/ The appropriate parties have been informed. Screenshot: Adopstools test - positive - this is *not* an 'undetectable' malvertizement: http://www.adopstools.com/index.asp?page=quicklink&id=uzHYffSQ02YDQDSi Read More......(read more)

Malicious malvertizement versus clean ... let's take a look at good versus bad, and the use of Fuse Kit

2008-08-19T10:13:30Z

As I have said before, the criminals who are creating malvertizements are inherently lazy. If they can take shortcuts (such as taking a pre-existing "good" advertisement then manipulating it to add their own malicious code) then they will. For example, let's look at the cardstore.com malvertizement Read More......(read more)

Hold fire on Fuse Kit....

2008-08-18T23:57:42Z

Moses Gunesch, the author of Fuse Kit, has posted a comment to my blog here: http://msmvps.com/blogs/spywaresucks/archive/2008/08/17/1644872.aspx#1644983 I may have to eat an awful lot of humble-pie if I have misunderstood the capabilities and features of Fuse. I always hate, with a passion, getting Read More......(read more)

Malicious SWF copying data to computer clipboards... the discussions continue

2008-08-18T23:51:10Z

For those of you interested, there has been a test page set up at this URL - the test page uses an SWF file to copy a URL to a computer's clipboard. You'll need to close the browser window to regain control of your clipboard's contents: http://raffon.net/research/flash/cb/test.html I should Read More......(read more)

The Clipboard hijacks continue....

2008-08-18T04:08:32Z

I see that The Register has picked up on the story: Mystery web attack hijacks your clipoard . Reading through the comments is illuminating, as always. Oh, and by the way, if you hear of anybody touting Linux as a panacea, in addition to the few comments from those using Firefox on Linux that were hit Read More......(read more)

ALERT: Firefox with NoScript does NOT ALWAYS protect from SWF clipboard hijacks

2008-08-17T15:21:00Z

Topic subjected edited to add the word "always". I stand by my statement that there are users out there who believe that "NoScript" will protect them from incidents like the clipboard hijack, even when they have disabled "Forbid Flash", and need to be told that this is not Read More......(read more)

ALERT: malvertizement at newsweek.com (hosted by washingtonpost.com)

2008-08-16T22:46:00Z

Once again, it is a malvertizement created using Fuse Kit. Again, there are signs that the malvertizement came from the now defunct trackstarmedia. Kimberley has all the details at her forum . The advertisement is still live at time of writing. It is quite obvious that the bad guys are going to take Read More......(read more)

Marketing your Small Business cheaper and smarter!

2008-08-16T07:49:36Z

Body: One of the things that we all face in the SMB market is the way in which we attract new customers. Most of the business we get is via word of mouth, but what about customers that you do not know, or markets that you do not yet have a contact in to provide that word of mouth? Well that is where Read More......(read more)