Australian & New Zealand MVPs

Avert Labs 5365 DAT Issue Emergency Notice

Spyware Sucks — Thu, 21 Aug 2008 05:40:32 GMT

Thanks to Jurren for the heads up... " Avert Labs is issuing an emergency notice for the 5365 DAT files. The reason for this Emergency DAT release is due to a false detection for New Malware.bm. Known files impacted by this emergency are: Large AutoIT packed files (samples seen have been over 16MB...(read more)

Thank you for your well thought out contribution...

Spyware Sucks — Thu, 21 Aug 2008 05:24:58 GMT

It is because of trolls like the following that I have no interest in using the oft-broken CAPTCHA, preferring to use spam filters and moderation of *every* comment. Below is just one of the dozens of unsavory comments that have been submitted to my blog over the past 24 hours. Yes it takes valuable...(read more)

ALERT: Please treat adtrafficserv.com with extreme caution

Spyware Sucks — Thu, 21 Aug 2008 04:30:24 GMT

I have found a bad URL that redirects viewers to the fraudware domain systemscanner2008.com page, being: adtrafficserv.com/?ref=md&aff=tr. This URL in turn redirects to: 3gigabytes.com/soft.php?aid=<<removed>>&d=3&product=XPA and from there the viewer is led to: systemscanner2008...(read more)

Moving over to the dark side.. :-)

SBSfaq.com Blog Site: Posts — Wed, 20 Aug 2008 04:53:54 GMT

Body: To the sounds of evil laughter, I've swallowed the blue pill :-) Well almost. Today I started working with Microsoft Australia. My role here will be Tech Specialist on SBS and EBS and I'll be helping very much with the launch of SBS 2008 and EBS 2008 here in Australia over the next 6 months...(read more)

Adobe acknowledges the hijacked clipboard problem

Spyware Sucks — Wed, 20 Aug 2008 04:30:34 GMT

They blogged about it not long ago - they don't say much, but they acknowledge the problem: http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html "We are aware of recent press reports about a potential “Clipboard attack” issue that involves Flash Player. Adobe is currently investigating...(read more)

ALERT: Firefox with NoScript does NOT protect from SWF clipboard hijacks

Spyware Sucks — Tue, 19 Aug 2008 23:21:41 GMT

The hijacking of clipboards by malicious SWF is proving to be a very popular topic: http://www.trustedsource.org/blog/145/Rogue-Flash-ads-hijack-your-clipboard http://news.bbc.co.uk/2/hi/technology/7567889.stm http://www.theregister.co.uk/2008/08/15/webbased_clipboard_hijacking/ http://blogs.pcmag.com...(read more)

Ok, Sophos wins....

Spyware Sucks — Tue, 19 Aug 2008 13:28:36 GMT

That got your attention didn't it.... Here I was, shocked when I discovered a web site with evidence malicious code pointing to 20, 30 or even 40 malware domains.... but then, Sophos discovers a site with code pointing to, believe it or not, over 200 domains!!! To add insult to injury, the site in...(read more)

ALERT: malvertizement on mashable.com - Google Adsense implicated

Spyware Sucks — Tue, 19 Aug 2008 12:47:25 GMT

Mike saw it first... http://www.mikeonads.com/2008/08/19/google-adsense-showing-malvertisements/ The appropriate parties have been informed. Screenshot: Adopstools test - positive - this is *not* an 'undetectable' malvertizement: http://www.adopstools.com/index.asp?page=quicklink&id=uzHYffSQ02YDQDSi...(read more)

Malicious malvertizement versus clean ... let's take a look at good versus bad, and the use of Fuse Kit

Spyware Sucks — Tue, 19 Aug 2008 10:13:30 GMT

As I have said before, the criminals who are creating malvertizements are inherently lazy. If they can take shortcuts (such as taking a pre-existing "good" advertisement then manipulating it to add their own malicious code) then they will. For example, let's look at the cardstore.com malvertizement...(read more)

Hold fire on Fuse Kit....

Spyware Sucks — Mon, 18 Aug 2008 23:57:42 GMT

Moses Gunesch, the author of Fuse Kit, has posted a comment to my blog here: http://msmvps.com/blogs/spywaresucks/archive/2008/08/17/1644872.aspx#1644983 I may have to eat an awful lot of humble-pie if I have misunderstood the capabilities and features of Fuse. I always hate, with a passion, getting...(read more)

Malicious SWF copying data to computer clipboards... the discussions continue

Spyware Sucks — Mon, 18 Aug 2008 23:51:10 GMT

For those of you interested, there has been a test page set up at this URL - the test page uses an SWF file to copy a URL to a computer's clipboard. You'll need to close the browser window to regain control of your clipboard's contents: http://raffon.net/research/flash/cb/test.html I should...(read more)

The Clipboard hijacks continue....

Spyware Sucks — Mon, 18 Aug 2008 04:08:32 GMT

I see that The Register has picked up on the story: Mystery web attack hijacks your clipoard . Reading through the comments is illuminating, as always. Oh, and by the way, if you hear of anybody touting Linux as a panacea, in addition to the few comments from those using Firefox on Linux that were hit...(read more)

ALERT: Firefox with NoScript does NOT ALWAYS protect from SWF clipboard hijacks

Spyware Sucks — Sun, 17 Aug 2008 15:21:00 GMT

Topic subjected edited to add the word "always". I stand by my statement that there are users out there who believe that "NoScript" will protect them from incidents like the clipboard hijack, even when they have disabled "Forbid Flash", and need to be told that this is not...(read more)

ALERT: malvertizement at newsweek.com (hosted by washingtonpost.com)

Spyware Sucks — Sat, 16 Aug 2008 22:46:00 GMT

Once again, it is a malvertizement created using Fuse Kit. Again, there are signs that the malvertizement came from the now defunct trackstarmedia. Kimberley has all the details at her forum . The advertisement is still live at time of writing. It is quite obvious that the bad guys are going to take...(read more)

Marketing your Small Business cheaper and smarter!

SBSfaq.com Blog Site: Posts — Sat, 16 Aug 2008 07:49:36 GMT

Body: One of the things that we all face in the SMB market is the way in which we attract new customers. Most of the business we get is via word of mouth, but what about customers that you do not know, or markets that you do not yet have a contact in to provide that word of mouth? Well that is where...(read more)