http://blogs.paretologic.com/malwarediaries Malware Diaries, a blog about the job of a security researcher Fri, 20 Nov 2009 18:49:48 +0000 http://backend.userland.com/rss092 en I quite like the Norton Safe Web service. I find it a lot more in depth than Site Advisor. For example it shows you drive-by downloads with the type of exploit: However, there is something that bothered me... Anybody (without age verification) can query their database. They show a screenshot of the site you're ... http://blogs.paretologic.com/malwarediaries/index.php/2009/11/20/norton-safe-web-nsfw/ Paretologic released XoftSpySE Anti-Spyware 7.0, its famous Anti-Spyware product now compatible with Windows 7. Continuing on a tradition of small and fast programs, this version is less than 4 MB to download. I decided to take it for a 'test drive'. ;-) I loaded my Windows 7 PC and ran a bunch of malware samples. Then I put XoftSpySE ... http://blogs.paretologic.com/malwarediaries/index.php/2009/11/19/xoftspyse-anti-spyware-7-0/ This high-traffic site for artist Beyonce (beyonceworld.net) has been carefully hacked. I just got this alert from our HoneyPots. Google does not list this site as dangerous at the time of writing: The site contains an Adobe Exploit: A file called annonce.pdf which is NOT detected by VirusTotal (at the time of writing) is opened: How ... http://blogs.paretologic.com/malwarediaries/index.php/2009/11/19/beyonce-world-hacked/ This rogue anti spyware (LinkSafeness) is particularly messy. The scary warning: Bad English ;-) It creates these garbage files in my System folder: $49.95 for that? No thank you. Jerome Segura http://blogs.paretologic.com/malwarediaries/index.php/2009/11/18/a-dirty-rogue/ The site contains several exploits, in particular: - Adobe Collab overflow - Adobe util.printf overflow - Adobe getIcon They are located on  ul{sanitized}os.com/counter/pdf.php These days, most compromised sites use Adobe exploits. Make sure your Adobe software is up-to-date to stay safe!  Jerome Segura http://blogs.paretologic.com/malwarediaries/index.php/2009/11/18/gulf/ I'm currently reading "The Johns: Sex for Sale and the Men Who Buy It" from Victor Malarek after having read "The Natashas: The New Global Sex Trade" from the same author. The book draws a pretty sad but true picture of modern day sex slavery. Johns travel to poor countries in ... http://blogs.paretologic.com/malwarediaries/index.php/2009/11/12/johns-get-owned/ This is officially the first ITW (in the wild) Worm for the iPhone. It is affecting users that have 'jailbroken' their device and still have the default password 'alpine'. The Worm dubbed sshgate by security company Intego has several variants, sshgate.d being the most annoying since it overwrites cydia , an app used ... http://blogs.paretologic.com/malwarediaries/index.php/2009/11/09/iphone-users-at-risk/ I'm trying to run a script with crontab so that it runs at a certain time. Nothing new here... However, my script involves PGP and for some strange reason, PGP will not decrypt anything while in crontab (user-agent blablabla... and other bogus errors). The frustrating thing was that the script runs ... http://blogs.paretologic.com/malwarediaries/index.php/2009/11/06/crontab-way-around-in-linux/ Fake porn sites (real Trojan Horses), fake watches (real scams), password cracking (wallet cracking) : Welcome to the world of online crime! All these sites were taken from the same IP address, namely 210.51.187.{sanitized}. I'm going to show you a wide portfolio of online threats and scams. To start off, a fake porn ... http://blogs.paretologic.com/malwarediaries/index.php/2009/11/03/fakefakefake/ We are doing some more testing and putting the final pieces together on our URL Clearing House project. When will it be ready? I can't say for sure yet. We need to add user accounts (don't worry, the service will be free) for our own stats, put a Terms Of Service, do ... http://blogs.paretologic.com/malwarediaries/index.php/2009/11/02/mdl-url-clearing-house/