Consumer Security on the web, information to assist you in practicing safe computing

Another rogue spreading fast. If your computer has been infected please seek assistance with removal at one of the security forums, short list in right side column.

Domains on the same IP.

1. Antispyware2008b.com
2. Antivir–2008.com
3. Antivirus2008proxp.com
4. Directnameservice2008.com
5. Mediatubeforme1.com
6. Onsafepro2008.com
7. Smart-antivirus-2009-buy.com
8. Smart-antivirus-2009.com
9. Smart-antivirus-2009buy.com
10. Smart-antivirus2009-buy.com
11. Smart-antivirus2009.com
12. Smart-antivirus2009buy.com
13. Smartantivirus-2009-buy.com
14. Smartantivirus-2009.com
15. Smartantivirus-2009buy.com
16. Smartantivirus2009-buy.com
17. Smartantivirus2009.com
18. Smartantivirus2009buy.com
19. Traff-drive.com
20. Viruswebprotect2008.com

SmartAntivirus2009
Registration Service Provided By: ESTDOMAINS INC
Domain Name: SMARTANTIVIRUS2009.COM
Dates: Created 22-aug-2008 Updated 29-aug-2008 Expires 22-aug-2009

The link to report abusive domains to Estdomains is here.

Certifiedbug:
Spamhaus Report, Cybercrime’s U.S. Hosts

Edit
Harry Waldon has a nice article Malware Close Encounters - Close Pop-ups using Task Manager to safely exit which could help users to exit a pop-up install before too much damage is inflicted.

I was taking a look at nine4teen.com with Fiddler running.

Brief lowdown of the trail:

nine4teen.com
Host: ferlin.ifrance.com
Host: js-perso.ifrance.com
Host: web.ifrance.com
Host: ad.ieurop.net
Host: sfttraff.com
Edit:
Domain Name: SFTTRAFF.COM
Registrar: ESTDOMAINS, INC.
Dates: Created 01-sep-2008 Updated 01-sep-2008 Expires 01-sep-2009

srv1.e-statistic.com
www.Nineteen.com
Host: c39.statcounter.com
Host: scanner.msscanneronline.com

Then BAM…

Sandi blogged about her frustration with ifrance.com July 03, 2008.
Alert: recurring malvertizements at ifrance.com (and isuisse.com)

Do you ever get the feeling that people are not listening?

Yep, I do.

Shortly after the release of Google’s Chrome, researcher Aviv Raff discovered he could combine two vulnerabilities to trick users into launching executables directly from the new browser.

I really wonder why Google have taken several features from other browsers and mixed them all together. Security wise, it’s very problematic.
They’ll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time.

Raff’s proof-of-concept shows how a malicious hacker using a social engineering lure can drop malware on Windows desktops.
Aviv Raff On .NET

Contributing to the innovation of browsers through openness
“While we see this as a fundamental shift in the way people think about browsers, we realize that we couldn’t have created Google Chrome on our own,” said Linus Upson, Director of Engineering, Google Inc. “Google Chrome was built upon other open source projects that are making significant contributions to browser technology and have helped to spur competition and innovation.”

Google Press release

Previous Certifiedbug: Safari update fixes “carpet bomb”

A few first impressions, Chrome on a Vista machine.

The Incognito window is interesting, although businesses may not take to employees surfing without leaving a browsing history.

The UI is clean and compact. This beta does not give the option to set a master password to hide passwords from other users.

Opening a tab shows the nine most recently opened tabs and on the right-hand side, “Recent bookmarks” and “Recently closed tabs”.

As this is Google I’d expect contextual sponsored search items may be placed on the page at some point.

Chrome uses a “powerful engine” built for handling Javascript, named ‘V8′, which sandboxes the code running in each tab and prevents one tab from crashing another. Each tab opens a page that is self contained.

Installed on Vista, Chrome is a whopping 46.5 MB.
In contrast, my Firefox is 23.7 MB and Opera-5.61 MB.

Google’s Comic book. Chrome Download

Blog comment:

Please, do not delete the given message. Money obtained from spam will go to the help hungry to children

Uh huh.

Link tested in a VM (virtual machine).

Interesting comments made on Brian Krebs article.
Report Slams U.S. Host as Major Source of Badware

other domains are suspended by us.
Posted by: Konstantin Poltev | August 31, 2008

That is recent, let’s hope they keep on top of it.

http://whois.domaintools.com/avxp08.net

http://whois.domaintools.com/avxp-2008.net

http://whois.domaintools.com/powerantivirus-2009.com

So there I was at Photobucket looking at images when this popped up.

I clicked No and was redirected to the site anyway. In other words my browser was Hijacked.

WOT edged in to say no no no.

http://www.mywot.com/en/scorecard/consumergain.com

Site Advisor also flags consumergain.com
http://www.siteadvisor.com/sites/consumergain.com

Press release January 30, 2008 by the Federal Trade Commission (FTC).
Online Advertiser Settles FTC Charges. “Free” Products Weren’t Free; Settlement Calls for $200,000 Civil Penalty

According to the FTC, Member Source Media LLC, doing business as ConsumerGain.com, PremiumPerks.com, FreeRetailRewards.com, and GeatAmericanGiveaways.com, and the company’s principal, Chris Sommer, used deceptive spam and online advertising to lure consumers to its Web sites. For example, Member Source Media used e-mail subject lines such as, “Congratulations. You’ve won an iPod Video Player”; “Here are 2 free iPod Nanos for You: confirm now”; “Nascar Tickets Package Winner”; “Confirmation required for your $500 Visa Gift Card”; or “Second Attempt: Target Gift Card Inside.” The company’s Web-based ads contain similar representations: “CONGRATULATIONS! You Have Been Chosen To Receive a FREE GATEWAY LAPTOP.”

http://www.ftc.gov/opa/2008/01/media.shtm

The FTC should take another look at Consumergain.com.

Of secondary interest, Photobucket uses the ASK searchbar.

The searchbar can be used to perform an internal search of the website, and as with the ASK pre-checked toolbar that is offered for one’s browser during the installation of certain programs, a search still comes with plenty of sponsored results.

http://certifiedbug.com/blog/tag/ask/

7Search.com’s website owner has filed a complaint at the US District Court in Illinois, claiming it is being unfairly maligned by warnings from McAfee that the site poses a risk to its customers.

Site Advisor: http://www.siteadvisor.com/sites/7search.com

Are you the owner of this site? Leave a comment.

7search.com Web site owner comments (0)

http://www.mywot.com/en/scorecard/7search.com

The person listed as domain owner for 7Search also owns other domains. browseraccelerator.com hosts a browser toolbar blocked by some security products.

http://www.mywot.com/en/scorecard/browseraccelerator.com

Source: The Register

Maybe not the one people have fought for over the centuries…

A council yesterday admitted using laws designed to track serious criminals to spy on a family for nearly three weeks to find out if they were lying about living in a school catchment area.

The council used the Regulation of Investigatory Powers Act (RIPA) to draw up a list of the mother’s movements from February 13 to March 3, showing the times and exact routes of school runs with her children. She told the Bournemouth Echo that the record, shown to her by a school admissions manager, included detailed notes such as “female and three children enter target vehicle and drive off” and “curtains open and all lights on in premises”.

Council uses criminal law to spy on school place applicants