Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
 
Recent Posts
Categories
Monthly Blog Archives
Links
Subscribe
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

The SpywareGuide Greynets Blog

Main

December 05, 2007

  • Stolen Card Details Posted To Internet Forums

Today we came across a considerable collection of stolen credit card details - somewhere in the region of 150 seperate pieces of data - posted to a fairly typical Warez forum. The odd thing about it was that the poster didn't really come across as a professional carder - more like someone who happened to stumble across a stockpile of sensitive information and was now trying to distribute it as quickly as he could.

A clue that this might be the case was that the formatting of the data was fairly irregular - normally carders post all their information in a very uniform fashion - here, you could see at least three distinct types of data, some containing nothing more than card details while others contained (amongst other things) name, address, PIN number, phone number and (more worryingly) a "receiver address", as if information had been lifted directly from a back-end payment system.

card_theft_2.jpg

A final clue that the poster might not be a professional carder? Well, the big giveaway is that he happily posted all this information with a huge photgraph of himself for a signature picture and his location listed under his forum avatar.

Can't say I've seen that before.

The majority of victims appear to be based in the United States - there is discernable pattern to the victims, nor is it currently possible to tell what sites were compromised to obtain the data (if any). Of course, we tried to contact some of the victims to let them know to cancel their cards (as far as we could see, all cards are valid until at least next year) but so far, we've had no success.

Extensive searching on the information contained in the forum posts - and it seems to be well hidden underground, even though the poster says to "use them quickly because they're being used by other people too" - turned up no obvious reveals, save for one solitary Email address listed in the data. The Email address took us to a pro carding forum - apparently offline now - where someone was offering up a small sample of private data, with a purchase price of $30,000 to 50,000 dollars for "UK and US bank logins".

Could someone have bought this data then accidentally dumped it into a public directory somewhere? Unlikely, as everyone would now have a copy - but it seems that somewhere, somehow, a professional carder has made a big mistake....

June 19, 2007

  • Problem With Windows Live ID Fixed

Over the weekend there was apparently an issue with the registration of Live ID accounts, which could allow nefarious characters to indulge in a spot of phishing. More here at CIO.com.

May 08, 2007

  • TV Hacking...

From Taipei Times

The signal of a government-run television station in southern China was hijacked by alleged hackers who used the frequencies to broadcast anti-government content, press reports said yesterday...during the blackout, anti-government images lasting up to 40 seconds appeared on television screens in Guangzhou, the provincial capital of China's economically booming region of Guangdong, the report said.

If memory serves me right, there have been numerous incidents of people hacking roadside information displays in the past but they usually carried humorous messages and insults. Hacking a TV channel in China to push Anti-Government messages is pretty hardcore.

March 18, 2007

  • Google, Guns, Searches and Alleged Murder

This coverage from colleague, Anne. P. Mitchess, Esq., President of the Institute for Spam and Internet Public Policy (ISIPP) on the Melanie McGuire and Google search case caught my eye. It was a matter of time before search histories come back to haunt...and this leaves me further worried about the insecure state of PCs and malware's ability to upload "at-will" into infected PCs. Think "extortionware"- we covered the concept at RSA Conference 2007.

Anne writes...


Melanie McGuire is currently on trial for the murder of her husband, William McGuire. And while many people now know that your Google and other search engine searches can be discovered, apparently back in 2004, Melanie McGuire did not. For among the searches that the prosecution has found on her computers - searches which she conducted on the days leading up to the murder - were searches for "instant poisons", "undetectable poisons", and "fatal digoxin doses." And while those alone don't necessarily prove intent, another search, "how to commit murder" is pretty unambiguous.

But the crown search in the state’s case against Melanie McGuire may be that Melanie also performed searches about gun laws in New Jersey and Pennsylvania. William McGuire was indeed murdered with a gun which, the state claims, Melanie purchased in Pennsylvania.

O.K. so far it doesn't look good for Melanie McGuire. We talk about "greynets" and how different tools, even a simple web browser, carry different degrees of risk based on their use, the user's purpose and intent, and the environment in which the software is deployed and even the security of the hardware and facility too. This case involves Google search queries to help build a case.

It gets more interesting...


Also relevant is the fact that the day before the murder, the state says, Melanie’s computer shows that she searched for a Walgreens pharmacy near to her. A pharmacist at that Walgreens has testified that on the day before the murder she filled a prescription for an as yet unidentified woman with a prescription written for “Tiffany Bain”, for a rarely ordered but known narcotic. The prescription, for chloral hydrate, was written by Doctor Bradley Miller - a doctor at the office where Melanie McGuire worked at the time. Dr. Bradley Miller, the doctor with whom Melanie was having an affair at the time that William McGuire was murdered

That is true, chloral hydrate (a Class IV hypnotic) is rarely used these days, but still not unheard of during my days in medicine a few years ago. At any rate the circumstantial evidence is starting to pile up. You can read more at The Internet Patrol... but of particular interest was a comment by a reader- Jack Stock who pens:

As a writer, I can see myself asking these same questions of Google–how to commit a murder, the most efficient poisons, etc. And that doesn’t mean that I was planning a murder–except in a fictional story. Murder, he wrote.

There a number of factors to consider here- let's us start with just four questions for starters:

- Who physically had access to the computer?

- What other data was found on the PC?

- Was the PC compromised in any way?

- Is there any other evidence beyond stored search queries?

No matter how obvious or open-shut a case it seems, faulty computer forensic assumptions are dangerous. We certainly don't want to see something like the Julie Amero case happen. You can read a summary and full transcripts here and decide for yourself.

We are in a new era, where your digital footprints, whether you made them out of innocent research, or even if someone else made them for you- can and probably will be used against you.

March 12, 2007

  • Kailash Ambwani Talks on Greynets and Perils of Web 2.0

Our CEO, Kailash Ambwani talks on the greynets concept and how the majority of internet traffic has evolved from http to communicative application traffic. Ambwani discussed how enterprises are adopting greynets, how this increases security liabilities, and how FaceTime security products enable and secure greynets. Remember, Facetime is about enablement and controlling these innovations inside of the Enteprise. Why? Because customers are demanding to communicate this way, and often an organization's most sophisticated users- the forward thinkers and innovators willl bring them into the network because they realize their value, but sometimes forget about the security and regulatory risks involved.

Here is part one and I would note to pay particular attention to how anonymizers, like Rodi and / or Tor, can be used to bypass typical forms of defense. Naturally, and Kailash acknowledges this, products like Tor (designed by the EFF), can be used as anti-censorship tools, especially in countries where this is a problem.

However they can be a disaster, a potential legal nightmare for large enterprises and I.T. administrators to manage. Kailash goes on to note how malware is now profit driven...in his limited time he didn't get to explore the use of widgets, (often thin-Ajax clients) or the stripping of content using browser-powered tools allowing the the propagation of content like video across the Enteprise. This can also be problematic given attacks like Windows Meta Frame exploits or exposure to inappropriate content.

In part two Kailash goes on to discuss how Facetime addresses the issues. Once again the focus is on enablement and control. The Internet is changing and we all must change with it.

Del.icio.us Tags: , , , , , , , , , , , , , , , , , , , , ,

Technorati Tags: , , , , , , , , , , , , , , , , , , , , ,

January 25, 2007

  • Meet FaceTime at RSA Conference 2007- Free Expo Pass

I have just returned from Affiliate Summit West 2007 where I went scouting the current state of advertising, ethics, and what the future holds for people. I will have more on that later I will say that giant waves seem to be rippling under the surface, and *maybe* in the direction of cleaning up some of the problems...no miracles are in sight, but I saw some positive signs for a change.

With that jaunt over I have to dig in to grab a day or two of rest and then prepare for the RSA show with colleague Chris Boyd...Want to meet him? Now you can! He might do an autograph, conduct a symphony, or show you cool bow staff fighting skills as a bonus. He really CAN do that kind of stuff.

I wanted to take a moment here at the labs to cordially invite you to meet up with us at the RSA conference in San Francisco Feb 5-9. Yes- spend some facetime with FaceTime Communications, the leading provider of solutions for securing and managing instant messaging, peer-to-peer file sharing and Web-based greynets.

Where will you all be?

We will have folks at Booth #2537. Paperghost and I will be there and perhaps other places too...skulking about, being a general menace, and the usual things we do at events- look around, talk to people, and try to snag food.

What is RSA?
Recognized as the largest IT security conference and expo, RSA Conference 2007 is a must-attend event. With a variety of conference tracks to select from, you'll learn strategies to address today's information security problems, and gain insight into the issues of tomorrow. FaceTime is presenting not one, but two presentations for your enjoyment.

Presentation One

February 7th, 9:10 AM - 10:20 AM
Session Code: 2069
Botnet Live: Tracing, Chasing and Building the Case to Bust the Bad Guys
Speakers Chris Boyd and Wayne Porter, FaceTime Security Labs

jan07_rsa_poster.gif

This presentation is by Wayne Porter, yours truly, and led by the kung-fu style malware fighter Chris Boyd a.k.a. PaperGhost- we work in the labs doing all kinds of things you normally would not think about. For a little background on some of this I strongly suggest you check out the podcasts we did a few months ago- because they set the stage for just how incredible the cascade of events can become when you follow the story deep, deep into the abyss. We will also talk a bit about social media, the importance of being out in the field, economics and actually talking to people. Chris, who is a masterful story teller will give you a pretty amazing tour of the underbelly.

The Podcasts

Teaser Cast

Spyware Warriors and the Digital UnderGround Podcast: Part 1 and Part 2.
You can even download them into mp3 format and listen on the go.

Next Up....Our CEO in this Peer2Peer session....

February 7th, 12:30 PM - 1:20 PM
Session Code: P2P-204B
Skype and IM at the Office: User's Birthright or Security's Death Sentence?
Moderated by FaceTime President and CEO, Kailash Ambwani

jan07_rsa_poster_kailash.gif

Kailash, our CEO, while perhaps not as dashing as we research types in the drawn form you see before you, he knows his stuff when it comes to business communications and when you get a title with "Birthright and Death Sentence" in one line...well how can you not be intrigued? Given VoIP and IMs rapid adoption this is a must attend panel- especially if you want to understand some of the legal ramifications and understand the nature of greynets- when good can be bad, and bad can sometimes be good. It is all a matter of perspective and policy.

Want to meet other FaceTimers? Check in at booth #2537 to see demos of our products and solutions, including the recently announced FaceTime Internet Security Edition which includes our award-winning RTGuardian appliance- you can find more about it on the FaceTime Security Products Site.

This is a bit of a pitch, so you are warned, but this is what we do- We combine core gateway security capabilities such as Web filtering and anti-spyware with security for today's greynet applications on a single platform with common policy and management. The FaceTime Internet Security Edition reduces complexity and increases efficiency of the enterprise security infrastructure to reduce overall total cost of ownership. We will also have demonstrations of our flagship instant messaging security and compliance solution, FaceTime Enterprise Edition, will also be available. Why the big deal? FaceTime Enterprise Edition helps organizations meet the new eDiscovery regulations (here for whitepaper) for electronic communications that went into effect December 1, 2006.

So please be our guest we would love to meet you. You can even attend the RSA Conference 2007 Expo compliments of FaceTime. Just register at http://www.rsaconference.com/2007/us/ and use code EXH7FAC for your FREE Expo Pass - a $100 value!*

We hope to see you there!

* You must pre-register before February 2, 2007 for your FREE Expo Pass. Make a note of it!

September 05, 2006

  • Browzar: The Story So Far

A lot of people read this post by my good self yesterday and asked for more information on the whole Browzar situation. Browzar, I hear you say? Well, for those of you who don't know, Browzar is an Internet Explorer shell that supposedly provides an added layer of security to your web-browsing. Unfortunately, it looks like an overly enthusiastic press release built Browzar up, and at that point nothing could save it when it appeared the technology employed wasn't as cutting edge as we'd have hoped. A fantastic summary of the whole shambles from start to finish can be seen here.

May 06, 2006

  • Desperate Spammers- Blue Security Blog Warfare

No, not Teri Hatcher firing out hundreds of emails about the latest crazy goings-on in her street, but rather an individual by the name of "Gena Elmore" trying to scare people and failing miserably. As you can see here, the bad guys are becoming increasingly rattled by the steps taken to shut them down, drown them out and make them play fair. I'm not sure if anyone fell for their bullish tactics...have a look and see what you think.

By the way, I'd point you to the Blue Security blog, but it's currently down because of DoS attacks...!

May 05, 2006

  • YapBrowser- The Interview

PREFACE

I have now received the response's from Yap Browser. Special thanks to Anna of Sunbelt and Joeseph of Facetime for taking out time to provide translation services. The controversy all started when some researchers downloaded the Yap Browser which was bundled with 180 Solutions- Zango product, and the browser was serving up what appeared to be UA Porn (Under Age Porn).

For our Russian speaking readers I have uploaded the interview questions and answers in Russian.

Porter's Interview Questions in Russian

"John Sandy": YapBrowser's Response to Interview in Russian


Per the rules of engagement I will refrain from comments here. However trackbacks are on, if your trackback does not show up please e-mail me and I will put up a summary. On to the interview...

Wayne Porter's E-mail Interview: Questions to Yap Browser:

Porter:. So that it is clear what is the name of the entity or company that develops and operates YapBrowser?

Yap's Response: Enigma Global Inc.

Porter:. Are YapBrowser and YapSearch.com controlled and / or operated by the same entity or otherwise related?

Yap's Response: Yapbrowser.com- is a website of our program called yapbrowser, where users can download our program and read its description. Yapsearch.com – is a website that is supposed to be reflected within the yapbrowser.com. Also, yapsearch.com is a search engine ( but at this moment not functioning, since we have not selected a non-free search system, which feed could have been used to do searches. At that moment there was only a design form/template on the website.)

Porter: For the purpose of general information background and mutual understanding, can you describe the business that you conduct on the Internet?

Yap's Response: We were planning to open a partner program [[translation: partnering meaning bundling here]] and pay our partners for installations of our yapbrower. The installation of the program was supposed to be sponsored by zango. That is, every partner could register into our bundle and create a link to our program at their website. Before that, we would have to check the website content ( if it breaks any rules i.e. is not illegal) and then allow them to proceed.

Porter: How long has YapBrowser been available for end-users to download from the Internet?

Yap's Response:We came up with the idea of Yapbrowser about half a year ago. Before that, we were trying to come up with what would be the best to be downloaded by users, and chose yapbrowser. Yapbrowser was never made available for end-user. Only some people knew about our program ( programmers, designers, zango etc.) At the time when the problem was discovered, our program was still in development, and wasn’t launched yet. There was no traffic on the websites.

Porter: Aside from working with 180solutions can you cite, as trade references, any other businesses or advertisers that you work with, have worked with in the past or those who have expressed interest in working with you in the future?

Yap's Response: We haven’t even had a chance to buy advertisement spots for our project, let alone launching it for testing. Therefore, we didn’t have any partners. At that time we collaborated only with zango. After the testing we would have started with advertisement on internet forums. Later the new partner would be appearing.

Porter:. How long has YapBrowser bundled the 180solutions product- Zango?

Yap's Response: We bundled our programs recently. Since zango was going through certification (or something of that kind) we had to wait for quite some time. I think the bundling happened about a month or two ago.

Porter: How were you not aware over that period of time that your application / sites were redirecting to the offensive material?

Yap's Response: First of all, I wasn’t paying much attention to yapsearch.com website. To test it, I simply installed the design template with non-working hyperlinks and a search line field. I have no idea that on a non-existing page there might be such content with offensive material. When I was shown an article about our website I was shocked. And, naturally, I realized what happened.

Porter How rigorous was 180Solutions / Zango in terms of checking your application
before they agreed to have their software bundled with the YapBrowser application?

Yap's Response:The testing process was very harsh. First, our program is included into zango installer. We supply some design elements for the program installation, EULA text. The program installation is done with the confirmation of two agreements. Zango’s approach to this issue is very serious; therefore, I do see that they are dependable, and choose them as partners. In this situation there is no zango’s fault. Most likely it is my program’s fault that such mistake was made. And, of course, the real offender is the host company.


Porter: Did 180solutions test the software prior to your agreement to bundle Zango?

If so, can you describe the process that was involved?


Yap's Response: Yes, testing was done a couple of times. I sent the program to zango to be tested. They replied me with the changes that I had to make in the program. That happened a couple of times before we finally had desired results. (But I would like to repeat, that the programs were not launched, the partner-program was still in development)

Porter:Did they test your application after it launched with the Zango product bundled?

Yap's Response: Yes, the testing was done. Maybe, at that time 404 page wasn’t showing any illegal content. I cannot say for sure since I did not check.


Porter: Have you received payment from 180Solutions for the Zango downloads you delivered?

Yap's Response: By that time, no more than 5 downloads of my proglram were made What payments can we talk about?

Porter: Your sites were hosted on a server that also hosted known hijack sites and sites related to other allegedly illegal practices. Specific examples would include instme. biz and nstallme. info.

At the time of my testing there were only six other sites residing on this server besides yours,and approximately 60 + sites on a related IP address. Again, many of which were highly dubious and well known to the security community.

Given the current state of Russian webmaster forums, where whole sections are devoted to "rogue" sites and installers, as well as the widespread coverage of these groups by Western security companies, how is that you were not aware of the practices of your neighbours on this server?

Yap's Response: I had’t even thought that these people could have done this to me. First of all, they were not my permanent web host company. The sites were kept there temporarily, before the launching of the program for the testing purposes by my employees. If I would have launched the program, I would have bought my own server.

At that time it was not worth to maintain an expensive server because this project was taking too much money, which I am very limited with. The websites were kept at that server for free. The person who supplied me with that was contacting with me via icq. Do you need his number?

Of course, after he realized what happened, he dissapeared. He was also registering domain yapcash in his name. And at this time I do not have access to that domain. My thoughts on that, is that these people wanted to use the traffic from my yapbrowser somehow. They probably were somehow related to such hacker sites like instme. biz and nstallme. info. I do not posesss that information.


Porter: How is it that you were not aware your chosen server host were well known and documented for hosting such sites and material?

Yap's Response: This was not my permanent webhost. It was used only for tests ( I repeat). I did not plan to send there traffic from my parner websites, (but I think that’s what the webhost expected, since he let me keep my sites there for free.

Porter: To quote from your exchange with Paperghost at VitalSecurity.org:

VitalSecurity.org

Paperghost: The same details are used for a group of sites at Eltel, a Russian ISP, including one site that redirects the user to browser exploits at paradise-dialer.com,
which load trojans, spyware and dialers. Paradise-dialer's whois places it as part of
the CWS group known as Dimpy, aka BigBuks. Since the BigBuks whois is also given
by mix-click, referred to by the yapbrowser/yapsearch whois, and the aforementioned
servers at Pilosoft and Eltel (as well as the paradise-dialer server also at Pilosoft just a
few IP addresses away) run many other sites that link back to browser exploits and
child porn promotions run by BigBuks, it seems reasonable to assume that they are
the same group of people.

So, is this you or not? And if not, how come the contact details are the same?

YapBrowser: We now try to find people which are involved in an illegal site. They had some attitude to domain names, but not to our activity. Similar these people are engaged in distribution illegal content and in parallel contain a server for this purpose. We have chosen a unsuccessful place of accommodation of the projects in a network.

Given your statements and acknowledgement of illegal content distribution, presumably you have accurate details of who you did business with for hosting. This would include business names, individual names, addresses, phone-numbers, etc.You appear to claim to have been victimized by a supposedly legitimate business entity, are you willing to serve the public interest by making this information available in this interview?

If so, please provide details. If not, why not?

Yap's Response: I do not have any names, phone numbers, addresses etc J I did not work togetherwith them at that level. I have icq number 278-690-157 and nick Androgen, which has been offline for a long time now. You know the IP addresses of the server. My sites were kept on his webhost. You say that the IP addresses match, and that is understandable because my sites were on the same server as the illegal sites, and I did not know about it. FTP access is not working either for a long time now. In the first couple of days I was trying to do something, but then the websites just stopped working. I moved to another webhost. I was defamated on various forums and webhost just deleted my sites.

Porter It was been brought to my attention that:

A representative of YapBrowser is John Helbert, as seen here:

http://sunbeltblog.blogspot.com/2006/04/yapbrowser-getting-yelled-at.html

A connection has been made between this person and an individual called “Klass” a member of a “Lolita / CP” board called “Dark Master”. (Matching ICQ numbers, etc). More on this connection can be seen here:

Sumbelt Haloscan comments

What is your response to this connection between YapBrowser and the “Dark Master” forums?

Yap's Response: I am not part of the group “Lolita / CP” under “Dark Master” name J Dark Master is an old forum, which was closed. Anybody who wanted could register there, and I do not belong to those people, who do illegal projects. Yapbrowser has nothing to do with that forum. There is no factual prove of the relation.

Porter: Ben Edelman provides video evidence of the dubious activities of an outfit
called HighConvert working with a number of adware companies. See video: http://www.benedelman.org/scripts/video/?v=highconvert-081505 this operation appears to be related to a document uncovered and transcribed from Russian into English by Sunbelt Software in early April. The YapSearch domain is cited in this document. Reference English translation of document here: Sunbelt Translation Document.

The document outlines plans for “invisible clickers”, lowering of browser’s security settings, utilizing “Blue Screen of Death” for trick ads, and the changing of 404 error pages among other dubious practices. How do you explain this reference to YapSearch?

Yap's Response: Probably, this document was written by a person, who communicated with me at some point, but I do not know who that person is, maybe a programmer. There is an example of the feed design of yapsearch.com in this document. I think that it was written by someone who was in touch with me earlier, because there is a program mentioned there, that is similar to mine, but that one is included in an illegal project. Yapbrowser does not belong to that project (described in the document). And it couldn’t belong because all changes we make in the program, we have to show to zango to be checked.

Porter:. Did YapSearch or YapBrowser ever deploy any of the tactics outlined in this document?

Yap's Response: Of course not. Why are you asking that? Have the program checked by knowlegeble programmers to assure that there are no such functions in my program.

Porter: Given the current state of affairs what is the future for YapBrowser-do you still intend to distribute this application?

Yap's ResponseAt this moment, the development of the program is completely suspended. Bad things are written about us on many websites. I had no idea that I could encounter this problem in the project and understand my mistakes. To show my goodwill, I am ready to donate money for children. All details about the donation you will be able to see on my website yapsearch.com

Closing Comments from Yap Browser's, "John Sandy"

I hope, now things will turn around, and you will finally understand that my project is not involved into any illegal activity. Please, try to distribute this article among all forums and blogs.

Thank you for the interview, hope that you will help me to solve this problem.

End of Interview

April 10, 2006

  • Getting Rid of Meta Data...The Hidden Trail You May Not Know About
Office 2003/XP Add-in: Remove Hidden Data

We talked about this a couple of years ago but as tips and tricks go it is a must have in your privacy toolset and best of all it's free.

Did you know that when you edit a Microsoft Word document there are all kinds of hidden meta-data in the document that you cannot see? With this little add-in you can permanently remove hidden and collaboration data, such as change tracking and comments, from Word 2003/XP, Excel 2003/XP, and PowerPoint 2003/XP files. If only certain government officials had known about the tool because meta-data has led to a few scandals in the past!

The Remove Hidden Data add-in is a tool that you can use to remove personal or hidden data that might not be immediately apparent when you view the document in Microsoft Office. The tool is free but only works in 2003/XP.

Continue reading "Getting Rid of Meta Data...The Hidden Trail You May Not Know About" »

March 31, 2006

  • When the Closet Opens...There is More Than 180 Inside

Sometimes, things will crawl out of the closet whether you want them to or not. In this case, the closet-dweller happened to be an ex-employee of 180 Solutions. Make sure you check the interview between the ex-180 guy and Jimmy Daniels over at ReveNews. It's one of the best chinwags regarding the inner-workings of an Adware company I've ever seen. In fact, it was so cool I managed to get it on Slashdot.

March 23, 2006

  • A Small, Happy Moment In Australian IRC Land

Why?....because it's always good to see a bad guy taken down, right?


A VICTORIAN has been charged over a series of high-profile international internet hacking attacks.

The 22-year-old man was arrested in Melbourne early yesterday after a joint state and federal investigation into the sophisticated attacks on internet relay chat servers in Australia last year, the federal police said.
Belgium's federal computer crime unit tipped off Australian authorities about the attacks, which used remotely controlled computer networks known as botnets.

The US, Singapore and Austria were also affected by the hacking attacks on Australian IRC servers.


More here.

March 05, 2006

  • Look Out Below!

Yep, time for some Paperghost-styled mayhem on the Spywareguide.com blog. Crank that amp up to 11 and get me some replacement drummers, because by the time we're done here, the Adware guys will be saluting a half-inflated dark lord and we shall reign supreme as the world's greatest rock and roll group. Or something.

....hey, is this mike on or what?

February 21, 2006

  • This Story Made Me Spill My Noodles

As any regular day, this evening after work I settled with a snack (today: Cup-o-noodles) behind the computer for some "light reading" of industry blogs and their related links. This was a safe activity until tonight, when I came across this 180solutions press release, which made my noodles fly all over the place.

Let's for a moment sidestep the disregard for the great research work my collegues at FaceTime did, and focus on this quote:

However, according to McGraw, the company took the extra measure of requiring each user to re-opt in to the installation a second time, even though proper consent was obtained at the time of first install. "In this case, the re opt in opportunity wasn't required, because the few users who did install our software as delivered in this exploit did so with knowledge and consent," McGraw said. "But it was the right thing to do given the unorthodox and unapproved nature of the installation interface those users encountered."

Now let's read that again.

Continue reading "This Story Made Me Spill My Noodles" »

  • Sometimes I Hate Being Right- Send Keys

It seems only yesterday that I wrote about the dangers of the "sendkeys" attack, and how it would easily defeat any kind of confirmation screen the adware creator puts up, and what to do about the problem.

Now both crusaders Wayne Porter and Ben Edelman discuss this techinique actively being used in the wild. Grab (a small amount of) popcorn and watch the movie.

Let's make things very clear here:

If adware creators do not create a strong validation system like we have proposed (or something similiar), then any form of obtaining user consent via a confirmation dialog is virtually worthless!

On that note a personal message to 180 Solutions.
Your "S3" has been proven to be "less than satisfactory".
Get the message and learn the lesson, or S4 and S5 will go the same way.

Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.