tag:blogger.com,1999:blog-364469352011-11-30T00:55:14.742-08:00spywareboxnoreply@blogger.comBlogger1211100tag:blogger.com,1999:blog-36446935.post-88845400428717823192008-05-30T13:31:00.000-07:002008-05-30T13:33:29.307-07:00<a href="http://bp1.blogger.com/_CRb3gYmxpzA/SEBkUPXzW-I/AAAAAAAAAyI/YT4pwz7AmJk/s1600-h/desk1.png"><img id="BLOGGER_PHOTO_ID_5206271468126821346" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/SEBkUPXzW-I/AAAAAAAAAyI/YT4pwz7AmJk/s400/desk1.png" border="0" /></a><br /><div> </div><div>Nice wallpaper pushing a rogue.</div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8884540042871782319?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-54447988225656629422008-05-13T15:15:00.001-07:002008-05-13T15:17:16.084-07:00<a href="http://bp1.blogger.com/_CRb3gYmxpzA/SCoTNjsnhRI/AAAAAAAAAyA/n3q8T_cRjvE/s1600-h/adultfriendriender.png"><img id="BLOGGER_PHOTO_ID_5199989843394266386" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/SCoTNjsnhRI/AAAAAAAAAyA/n3q8T_cRjvE/s400/adultfriendriender.png" border="0" /></a><br /><br />Some spyware pushed AdultFriendFinder... but apparently they got blocked ;-)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5444798822565662942?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-21656135285635797292008-05-13T15:14:00.000-07:002008-05-13T15:15:50.056-07:00<a href="http://bp1.blogger.com/_CRb3gYmxpzA/SCoTCjsnhQI/AAAAAAAAAx4/mzREHJh6p8Y/s1600-h/buffer.png"><img id="BLOGGER_PHOTO_ID_5199989654415705346" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/SCoTCjsnhQI/AAAAAAAAAx4/mzREHJh6p8Y/s400/buffer.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2165613528563579729?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-71739972743900517302008-05-01T14:53:00.000-07:002008-05-01T14:54:54.116-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp1.blogger.com/_CRb3gYmxpzA/SBo7_lQHHjI/AAAAAAAAAxw/YI3LwsiXTQQ/s1600-h/Screcshot-1.png"><img style="cursor: pointer;" src="http://bp1.blogger.com/_CRb3gYmxpzA/SBo7_lQHHjI/AAAAAAAAAxw/YI3LwsiXTQQ/s400/Screcshot-1.png" alt="" id="BLOGGER_PHOTO_ID_5195531083642773042" border="0" /></a><br /><br />What? You must be kidding!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-7173997274390051730?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-72243670863734242892008-04-07T19:35:00.001-07:002008-04-07T19:37:54.402-07:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp1.blogger.com/_CRb3gYmxpzA/R_rZ_E5FkFI/AAAAAAAAAxo/sKraooP23cY/s1600-h/allert.png"><img style="cursor: pointer;" src="http://bp1.blogger.com/_CRb3gYmxpzA/R_rZ_E5FkFI/AAAAAAAAAxo/sKraooP23cY/s400/allert.png" alt="" id="BLOGGER_PHOTO_ID_5186697598538715218" border="0" /></a><br /><br /><br /><br />Hint: achtung!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-7224367086373424289?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-23013164140850132052008-04-01T10:47:00.000-07:002008-04-01T10:50:46.744-07:00Having fun with different versions of WinAntivirusPro... French, German, Italian.... you name it.<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R_J1XE5FkDI/AAAAAAAAAxY/NTj99snNd38/s1600-h/winsoftwareall.png"><img id="BLOGGER_PHOTO_ID_5184335160367484978" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R_J1XE5FkDI/AAAAAAAAAxY/NTj99snNd38/s400/winsoftwareall.png" border="0" /></a><br /><br /><div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R_J1y05FkEI/AAAAAAAAAxg/h0PiKjMVnj0/s1600-h/winantivirus_french.png"><img id="BLOGGER_PHOTO_ID_5184335637108854850" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R_J1y05FkEI/AAAAAAAAAxg/h0PiKjMVnj0/s400/winantivirus_french.png" border="0" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2301316414085013205?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com1tag:blogger.com,1999:blog-36446935.post-51613009485062601022008-03-31T15:06:00.000-07:002008-03-31T15:07:33.162-07:00<a href="http://bp0.blogger.com/_CRb3gYmxpzA/R_FgcE5FkBI/AAAAAAAAAxI/-0ftTjJeM9M/s1600-h/securePCcleaner00.png"><img id="BLOGGER_PHOTO_ID_5184030681545936914" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R_FgcE5FkBI/AAAAAAAAAxI/-0ftTjJeM9M/s400/securePCcleaner00.png" border="0" /></a><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R_FgdE5FkCI/AAAAAAAAAxQ/Wcb-Im5lypk/s1600-h/securePCcleaner.png"><img id="BLOGGER_PHOTO_ID_5184030698725806114" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R_FgdE5FkCI/AAAAAAAAAxQ/Wcb-Im5lypk/s400/securePCcleaner.png" border="0" /></a><br /><br />Ah... it will never change...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5161300948506260102?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-17144417784721811292008-03-31T13:26:00.000-07:002008-03-31T13:27:54.281-07:00<a href="http://bp2.blogger.com/_CRb3gYmxpzA/R_FJGk5Fj_I/AAAAAAAAAw4/LlbTChJp1eg/s1600-h/spyshredd01.png"><img id="BLOGGER_PHOTO_ID_5184005023411310578" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/R_FJGk5Fj_I/AAAAAAAAAw4/LlbTChJp1eg/s400/spyshredd01.png" border="0" /></a><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/R_FJG05FkAI/AAAAAAAAAxA/-zTGNmn1JEA/s1600-h/spyshredd02.png"><img id="BLOGGER_PHOTO_ID_5184005027706277890" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/R_FJG05FkAI/AAAAAAAAAxA/-zTGNmn1JEA/s400/spyshredd02.png" border="0" /></a><br /><br />Don't buy this rogue stuff. It's a S.C.A.M.!!!!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-1714441778472181129?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-36297889432467859812008-03-19T09:09:00.000-07:002008-03-19T09:12:39.372-07:00<div>Verclsid.exe is used to verify a COM object before it is instantiated by Windows Explorer.</div><div></div><div> </div><div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R-E6-XnwcJI/AAAAAAAAAvc/xK3IHcJYHu4/s1600-h/verclsid.png"><img id="BLOGGER_PHOTO_ID_5179485889619849362" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R-E6-XnwcJI/AAAAAAAAAvc/xK3IHcJYHu4/s400/verclsid.png" border="0" /></a></div><div> </div><div>This threat attempts to delete verclsid.exe. I guess the idea is to execute a non verified nasty COM object regardless ;-)</div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-3629788943246785981?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-67724809145319344892008-03-03T15:48:00.001-08:002008-03-03T15:59:48.536-08:00My PC gets infected with a Trojan which pushes the famous AVSystemCare rogue:<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R8yObgKwijI/AAAAAAAAAnY/w1TdUXfHLGE/s1600-h/spywarewarning.png"><img id="BLOGGER_PHOTO_ID_5173666675084528178" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R8yObgKwijI/AAAAAAAAAnY/w1TdUXfHLGE/s400/spywarewarning.png" border="0" /></a><br /><br />Very nice install screen!<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R8yPKwKwilI/AAAAAAAAAno/qzlvsDm7d9Q/s1600-h/avsystemcareworld.png"><img id="BLOGGER_PHOTO_ID_5173667486833347154" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R8yPKwKwilI/AAAAAAAAAno/qzlvsDm7d9Q/s400/avsystemcareworld.png" border="0" /></a><br /><br />Lots of happy customers:<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R8yPKgKwikI/AAAAAAAAAng/IZdNeE7dy7Q/s1600-h/avpeople.png"><img id="BLOGGER_PHOTO_ID_5173667482538379842" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R8yPKgKwikI/AAAAAAAAAng/IZdNeE7dy7Q/s400/avpeople.png" border="0" /></a><br /><br /><br />It's MY DECISION!!!<br /><br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R8yP1gKwimI/AAAAAAAAAnw/AA2OQiY9J9s/s1600-h/avyourdecision.png"><img id="BLOGGER_PHOTO_ID_5173668221272754786" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R8yP1gKwimI/AAAAAAAAAnw/AA2OQiY9J9s/s400/avyourdecision.png" border="0" /></a><br /><br /><br />Verdict:<br />A very good looking product with very bad intentions (your money). <div> </div><div><a href="http://bp2.blogger.com/_CRb3gYmxpzA/R8yQzAKwinI/AAAAAAAAAn4/sMNdxbRMk1k/s1600-h/avscam.png"><img id="BLOGGER_PHOTO_ID_5173669277834709618" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/R8yQzAKwinI/AAAAAAAAAn4/sMNdxbRMk1k/s400/avscam.png" border="0" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-6772480914531934489?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-55712420334765481682008-02-28T15:58:00.000-08:002008-02-28T16:03:04.006-08:00A GIF file is harmless, right?<br /><br />Wait, maybe not!<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/R8dK0kGXslI/AAAAAAAAAnI/Fd6QYPQrNBk/s1600-h/picexe.png"><img id="BLOGGER_PHOTO_ID_5172184963962352210" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/R8dK0kGXslI/AAAAAAAAAnI/Fd6QYPQrNBk/s400/picexe.png" border="0" /></a><br /><br />It turns out it's an EXE renamed just for the fun of it.<br /><br /><br /><br /><p>VirusTotal sneak preview:</p><p><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R8dLSUGXsmI/AAAAAAAAAnQ/u9dPocv6l2k/s1600-h/gifvt.png"><img id="BLOGGER_PHOTO_ID_5172185475063460450" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R8dLSUGXsmI/AAAAAAAAAnQ/u9dPocv6l2k/s400/gifvt.png" border="0" /></a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5571242033476548168?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-21612285429334126462008-02-28T09:15:00.001-08:002008-02-28T09:18:22.938-08:00<a href="http://bp0.blogger.com/_CRb3gYmxpzA/R8bsVUGXsiI/AAAAAAAAAmw/qm-gftcgG04/s1600-h/estdomains.png"><img id="BLOGGER_PHOTO_ID_5172081072998429218" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R8bsVUGXsiI/AAAAAAAAAmw/qm-gftcgG04/s400/estdomains.png" border="0" /></a><br /><br />Apparently a goner....<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R8bsVkGXsjI/AAAAAAAAAm4/V0u461o1JJQ/s1600-h/rockingmovs.png"><img id="BLOGGER_PHOTO_ID_5172081077293396530" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R8bsVkGXsjI/AAAAAAAAAm4/V0u461o1JJQ/s400/rockingmovs.png" border="0" /></a><br /><br />Hmm.... maybe not:<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/R8bsV0GXskI/AAAAAAAAAnA/8WedDkFrWZY/s1600-h/stillactive.png"><img id="BLOGGER_PHOTO_ID_5172081081588363842" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/R8bsV0GXskI/AAAAAAAAAnA/8WedDkFrWZY/s400/stillactive.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2161228542933412646?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-40561961355714777752008-02-27T15:53:00.000-08:002008-03-05T15:21:24.378-08:00A nice collection of Trojans being pushed massively stored at:<br />down[hidden].china-s0ft.cn/downlist.txt<br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R8X400GXsgI/AAAAAAAAAmg/FU45wBK8_nw/s1600-h/chinesetrojans.png"><img id="BLOGGER_PHOTO_ID_5171813333327131138" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R8X400GXsgI/AAAAAAAAAmg/FU45wBK8_nw/s400/chinesetrojans.png" border="0" /></a><br /><br /><br /><br />and more from another domain:<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/R8X5dUGXshI/AAAAAAAAAmo/crv65XMv2zs/s1600-h/malwaredomain.png"><img id="BLOGGER_PHOTO_ID_5171814029111833106" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/R8X5dUGXshI/AAAAAAAAAmo/crv65XMv2zs/s400/malwaredomain.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4056196135571477775?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-86884139970692041382008-02-25T12:44:00.000-08:002008-02-25T12:58:00.262-08:00I found a fake video codec while doing some Google searches. It is very well crafted, with a bit of social engineering. At first I thought this one was VMware aware because of the error message. However, some deeper analysis revealed it was not. Some interesting things came up. Below is a summary.<br /><br />Upon executing the sample, the following message shows up:<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/R8MpY0GXsaI/AAAAAAAAAlw/RPw22a-XP1Q/s1600-h/webcodec.png"><img id="BLOGGER_PHOTO_ID_5171022303430422946" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/R8MpY0GXsaI/AAAAAAAAAlw/RPw22a-XP1Q/s400/webcodec.png" border="0" /></a><br /><br />However, in the background things are taking place:<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/R8Mqf0GXscI/AAAAAAAAAmA/oaqPe4R__1U/s1600-h/webcodectfiddler.png"><img id="BLOGGER_PHOTO_ID_5171023523201135042" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/R8Mqf0GXscI/AAAAAAAAAmA/oaqPe4R__1U/s400/webcodectfiddler.png" border="0" /></a><br /><br /><br />An Internet Explorer toolbar is created:<br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R8MpZEGXsbI/AAAAAAAAAl4/pSUERR9fdT0/s1600-h/webcodectoolbar.png"><img id="BLOGGER_PHOTO_ID_5171022307725390258" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R8MpZEGXsbI/AAAAAAAAAl4/pSUERR9fdT0/s400/webcodectoolbar.png" border="0" /></a><br /><br />Only the following security vendors are detecting this threat at the time of posting:<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R8MqgEGXsdI/AAAAAAAAAmI/BLv8HV0S8oA/s1600-h/webcodecvt.png"><img id="BLOGGER_PHOTO_ID_5171023527496102354" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R8MqgEGXsdI/AAAAAAAAAmI/BLv8HV0S8oA/s400/webcodecvt.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8688413997069204138?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-23053243270011332242008-02-21T13:21:00.000-08:002008-02-21T13:33:03.054-08:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/R73s2UGXsXI/AAAAAAAAAlY/ACG1zbhTD4s/s1600-h/logoporntube.png"><img id="BLOGGER_PHOTO_ID_5169548365143716210" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/R73s2UGXsXI/AAAAAAAAAlY/ACG1zbhTD4s/s400/logoporntube.png" border="0" /></a><br /><br />"Show Yourself"?<br /><br />Once you pick a video, you are prompted to download a codec.<br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R73s2kGXsYI/AAAAAAAAAlg/jiwDKWD8Tt4/s1600-h/porntubecontent.png"><img id="BLOGGER_PHOTO_ID_5169548369438683522" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R73s2kGXsYI/AAAAAAAAAlg/jiwDKWD8Tt4/s400/porntubecontent.png" border="0" /></a><br /><br />The site is totally bogus and the comments posted are fake (of course). Though kudos to whoever wrote them.<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/R73s2EGXsWI/AAAAAAAAAlQ/WsSVi4vfuts/s1600-h/comments.png"><img id="BLOGGER_PHOTO_ID_5169548360848748898" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/R73s2EGXsWI/AAAAAAAAAlQ/WsSVi4vfuts/s400/comments.png" border="0" /></a><br /><br />Installs a rogue app (VirusHeat) as well as a bunch of other bad stuff.<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R73s20GXsZI/AAAAAAAAAlo/IMe2mWtAFfI/s1600-h/virusheat.png"><img id="BLOGGER_PHOTO_ID_5169548373733650834" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R73s20GXsZI/AAAAAAAAAlo/IMe2mWtAFfI/s400/virusheat.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2305324327001133224?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-85462657389654598522008-02-20T14:38:00.000-08:002008-02-20T14:42:26.357-08:00Stay away from those scams!<br /><br />Malware Crush:<br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R7ysY0GXsTI/AAAAAAAAAk4/R21MTUC10f8/s1600-h/malwarecrush1.png"><img id="BLOGGER_PHOTO_ID_5169196014616686898" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R7ysY0GXsTI/AAAAAAAAAk4/R21MTUC10f8/s400/malwarecrush1.png" border="0" /></a><br /><br />Filter Program:<br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R7ysZEGXsUI/AAAAAAAAAlA/CyGjMvMYJSQ/s1600-h/filterprogram.png"><img id="BLOGGER_PHOTO_ID_5169196018911654210" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R7ysZEGXsUI/AAAAAAAAAlA/CyGjMvMYJSQ/s400/filterprogram.png" border="0" /></a><br /><br />Advanced Cleaner<br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/R7ysZUGXsVI/AAAAAAAAAlI/SGqr-AqpqhM/s1600-h/advancedcleaner.png"><img id="BLOGGER_PHOTO_ID_5169196023206621522" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/R7ysZUGXsVI/AAAAAAAAAlI/SGqr-AqpqhM/s400/advancedcleaner.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8546265738965459852?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-44801171262933574802008-02-18T12:41:00.000-08:002008-02-18T12:44:07.318-08:00<a href="http://bp0.blogger.com/_CRb3gYmxpzA/R7ntxkGXsQI/AAAAAAAAAkg/eIKZ1FHdbTM/s1600-h/search2find1.png"><img id="BLOGGER_PHOTO_ID_5168423483144122626" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R7ntxkGXsQI/AAAAAAAAAkg/eIKZ1FHdbTM/s400/search2find1.png" border="0" /></a><br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R7ntx0GXsRI/AAAAAAAAAko/3bx6uOU6lqo/s1600-h/search2find2.png"><img id="BLOGGER_PHOTO_ID_5168423487439089938" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R7ntx0GXsRI/AAAAAAAAAko/3bx6uOU6lqo/s400/search2find2.png" border="0" /></a><br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/R7ntyEGXsSI/AAAAAAAAAkw/2PkFIK5Hbg4/s1600-h/search2find3.png"><img id="BLOGGER_PHOTO_ID_5168423491734057250" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/R7ntyEGXsSI/AAAAAAAAAkw/2PkFIK5Hbg4/s400/search2find3.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4480117126293357480?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-68762199306909940812008-02-18T11:19:00.000-08:002008-02-18T11:24:43.722-08:00A VM image infected with several rogue anti spyware apps. Note the antivirus.exe process (in Process Explorer). Although you see the process, the file is invisible to the system. Rootkit technique....<br />Also, one of the rogue is VM aware....<br /><br /><br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/R7na0UGXsLI/AAAAAAAAAj4/EVgBXzbYLN4/s1600-h/rogueprocessexplorer.png"><img id="BLOGGER_PHOTO_ID_5168402639667835058" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/R7na0UGXsLI/AAAAAAAAAj4/EVgBXzbYLN4/s400/rogueprocessexplorer.png" border="0" /></a><br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R7nbPkGXsPI/AAAAAAAAAkY/Y5H6iY4JVzE/s1600-h/roguevm.png"><img id="BLOGGER_PHOTO_ID_5168403107819270386" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R7nbPkGXsPI/AAAAAAAAAkY/Y5H6iY4JVzE/s400/roguevm.png" border="0" /></a><br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R7na0kGXsMI/AAAAAAAAAkA/ZoCDjV0H_D8/s1600-h/roguesyscleaner.png"><img id="BLOGGER_PHOTO_ID_5168402643962802370" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R7na0kGXsMI/AAAAAAAAAkA/ZoCDjV0H_D8/s400/roguesyscleaner.png" border="0" /></a><br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R7na00GXsNI/AAAAAAAAAkI/H6t-j09kpC0/s1600-h/roguewallpaper.png"><img id="BLOGGER_PHOTO_ID_5168402648257769682" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R7na00GXsNI/AAAAAAAAAkI/H6t-j09kpC0/s400/roguewallpaper.png" border="0" /></a><br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R7na00GXsOI/AAAAAAAAAkQ/giy7Kc3rhL0/s1600-h/roguewarning.png"><img id="BLOGGER_PHOTO_ID_5168402648257769698" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R7na00GXsOI/AAAAAAAAAkQ/giy7Kc3rhL0/s400/roguewarning.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-6876219930690994081?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-60080964104981937812008-02-15T12:27:00.000-08:002008-02-15T13:20:14.136-08:00I found something interesting while analyzing a malware sample.<br />A process called "taskmaneger.exe" was running (I can see it in Process Explorer). However it was not visible on the hard disk under its location System32.<br />I therefore rebooted under Linux (dual boot drive) and mounted the XP disk. I browsed it from Linux and this time I found the cuplrit classified as the Rbot Worm.<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R7X2v0GXsKI/AAAAAAAAAjw/CVCv1zN_pQM/s1600-h/root.PNG"><img id="BLOGGER_PHOTO_ID_5167307448777158818" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R7X2v0GXsKI/AAAAAAAAAjw/CVCv1zN_pQM/s400/root.PNG" border="0" /></a><br /><br /><br />It is using Rootkit techniques to hide itself from Explorer, however, the process is still visible....<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-6008096410498193781?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-54993866685196520912008-02-05T14:25:00.000-08:002008-02-05T14:26:02.436-08:00<a href="http://bp1.blogger.com/_CRb3gYmxpzA/R6jiaJZ3_LI/AAAAAAAAAjg/wFk8T97CH2U/s1600-h/appinit1.png"><img id="BLOGGER_PHOTO_ID_5163625911609195698" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R6jiaJZ3_LI/AAAAAAAAAjg/wFk8T97CH2U/s400/appinit1.png" border="0" /></a><br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R6jiaJZ3_MI/AAAAAAAAAjo/1JcGJAtBJ2c/s1600-h/appinit2.png"><img id="BLOGGER_PHOTO_ID_5163625911609195714" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R6jiaJZ3_MI/AAAAAAAAAjo/1JcGJAtBJ2c/s400/appinit2.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5499386668519652091?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-68830645307402656762008-01-21T12:23:00.000-08:002008-01-21T12:27:43.141-08:00<a href="http://bp0.blogger.com/_CRb3gYmxpzA/R5T_XWBl8hI/AAAAAAAAAi4/1Cdppt_CCS0/s1600-h/stormlove.png"><img id="BLOGGER_PHOTO_ID_5158028249760395794" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R5T_XWBl8hI/AAAAAAAAAi4/1Cdppt_CCS0/s400/stormlove.png" border="0" /></a><a href="http://bp3.blogger.com/_CRb3gYmxpzA/R5T_XGBl8gI/AAAAAAAAAiw/b-UodtQ--FY/s1600-h/stormlove2.png"><img id="BLOGGER_PHOTO_ID_5158028245465428482" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/R5T_XGBl8gI/AAAAAAAAAiw/b-UodtQ--FY/s400/stormlove2.png" border="0" /></a><br /><br /><div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/R5UAE2Bl8iI/AAAAAAAAAjA/Yx1irImKfH0/s1600-h/stormlove3.png"></a><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R5UALWBl8jI/AAAAAAAAAjI/DQZPpNYnD5s/s1600-h/stormlove3.png"><img id="BLOGGER_PHOTO_ID_5158029143113593394" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R5UALWBl8jI/AAAAAAAAAjI/DQZPpNYnD5s/s400/stormlove3.png" border="0" /></a><br /></div><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-6883064530740265676?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-7310960617098253152008-01-17T13:34:00.000-08:002008-01-17T13:42:26.331-08:00AutoIt is a program to write Windows scripts. This malware author didn't smoke test it well enough... it crashed on my machine as it was trying to do its payload.<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R4_LVmBl8fI/AAAAAAAAAio/dOTvaorhw2A/s1600-h/autoiterror.png"><img id="BLOGGER_PHOTO_ID_5156563670207427058" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R4_LVmBl8fI/AAAAAAAAAio/dOTvaorhw2A/s400/autoiterror.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-731096061709825315?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-30806864420590820752008-01-10T15:54:00.000-08:002008-01-10T16:11:04.346-08:00The worm propagates from System to System by downloading an infected Zip file and sending it to all your contacts in MSN.<br /><div><a href="http://bp2.blogger.com/_CRb3gYmxpzA/R4awVWBl8dI/AAAAAAAAAiY/e05ytsXp6ms/s1600-h/msnworm.png"></a></div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R4awo2Bl8eI/AAAAAAAAAig/aQr6Dw2F2IY/s1600-h/msnworm.png"><img id="BLOGGER_PHOTO_ID_5154001039315562978" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R4awo2Bl8eI/AAAAAAAAAig/aQr6Dw2F2IY/s400/msnworm.png" border="0" /></a><br /><div>Stay away from pictures sent to you in a zip file!</div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-3080686442059082075?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-44594973691089712762008-01-04T13:52:00.000-08:002008-01-04T13:53:49.239-08:00Email from Storm Botnet:<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/R36qpmBl8aI/AAAAAAAAAiA/_dO8gsdjUMI/s1600-h/stormemail1.png"><img id="BLOGGER_PHOTO_ID_5151742655317012898" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/R36qpmBl8aI/AAAAAAAAAiA/_dO8gsdjUMI/s400/stormemail1.png" border="0" /></a><br /><br />Infected page with obfuscated JavaScript:<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R36qp2Bl8bI/AAAAAAAAAiI/n0Sa3E38u30/s1600-h/stormemail2.png"><img id="BLOGGER_PHOTO_ID_5151742659611980210" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R36qp2Bl8bI/AAAAAAAAAiI/n0Sa3E38u30/s400/stormemail2.png" border="0" /></a><br /><br />Installs a rootkit on the PC<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R36qp2Bl8cI/AAAAAAAAAiQ/feDX2Lcsx-g/s1600-h/stormemail3.png"><img id="BLOGGER_PHOTO_ID_5151742659611980226" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R36qp2Bl8cI/AAAAAAAAAiQ/feDX2Lcsx-g/s400/stormemail3.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4459497369108971276?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-83575067071666494372008-01-04T09:39:00.000-08:002008-01-04T09:45:51.331-08:00This domain is hosted in China and pretends to be the Facebook login page.<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/R35wRGBl8ZI/AAAAAAAAAh4/AYXkBe814TU/s1600-h/phish.png"><img id="BLOGGER_PHOTO_ID_5151678462735806866" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R35wRGBl8ZI/AAAAAAAAAh4/AYXkBe814TU/s400/phish.png" border="0" /></a><br /><br />Fiddler transcript below. It captures your email address and password and sends it over. After that, it redirects you to the legit Facebook page where you are prompted again to enter your credentials.<br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R35wQ2Bl8YI/AAAAAAAAAhw/488rhXadnt4/s1600-h/2phish.png"><img id="BLOGGER_PHOTO_ID_5151678458440839554" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R35wQ2Bl8YI/AAAAAAAAAhw/488rhXadnt4/s400/2phish.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8357506707166649437?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-40661162636504621072007-12-11T13:05:00.001-08:002007-12-11T13:06:18.276-08:00<a href="http://bp1.blogger.com/_CRb3gYmxpzA/R177urjHLGI/AAAAAAAAAho/yLHvh3275v4/s1600-h/ip.png"><img id="BLOGGER_PHOTO_ID_5142824603886234722" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/R177urjHLGI/AAAAAAAAAho/yLHvh3275v4/s400/ip.png" border="0" /></a><br /><div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/R177rbjHLFI/AAAAAAAAAhg/REnz1ioX1C8/s1600-h/dio1.png"><img id="BLOGGER_PHOTO_ID_5142824548051659858" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/R177rbjHLFI/AAAAAAAAAhg/REnz1ioX1C8/s400/dio1.png" border="0" /></a><br /><br /><div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/R177oLjHLEI/AAAAAAAAAhY/hL0CHcSPEJc/s1600-h/dio2.png"><img id="BLOGGER_PHOTO_ID_5142824492217084994" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/R177oLjHLEI/AAAAAAAAAhY/hL0CHcSPEJc/s400/dio2.png" border="0" /></a><br /></div><div>Typical Rogue infection.<br /></div><div></div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4066116263650462107?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-65090736535083779222007-11-28T16:36:00.000-08:002007-11-28T16:37:36.554-08:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/R04JxLWP3BI/AAAAAAAAAhQ/w_zf5A2LYd0/s1600-h/hijackedresults.png"><img id="BLOGGER_PHOTO_ID_5138054965340658706" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/R04JxLWP3BI/AAAAAAAAAhQ/w_zf5A2LYd0/s400/hijackedresults.png" border="0" /></a><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-6509073653508377922?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-9525735172999116862007-11-09T09:25:00.000-08:002007-11-09T09:27:07.175-08:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/RzSYPZYAqyI/AAAAAAAAAgw/M1KnI34fZSg/s1600-h/brokenexploit.png"><img id="BLOGGER_PHOTO_ID_5130893265758890786" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RzSYPZYAqyI/AAAAAAAAAgw/M1KnI34fZSg/s400/brokenexploit.png" border="0" /></a><br /><div> </div><div>Nice little function... but it is broken now. Too bad.</div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-952573517299911686?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-47854739563680088332007-11-05T12:59:00.000-08:002007-11-05T13:01:01.058-08:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/Ry-ETKcWwrI/AAAAAAAAAgo/4EEHn9HTJEA/s1600-h/shutdown.png"><img id="BLOGGER_PHOTO_ID_5129463965353951922" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/Ry-ETKcWwrI/AAAAAAAAAgo/4EEHn9HTJEA/s400/shutdown.png" border="0" /></a><br /><br />If you let the timer go all the way, nothing happens.. of course...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4785473956368008833?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-7012946444608066702007-11-02T10:12:00.001-07:002007-11-02T10:13:43.308-07:00<a href="http://bp0.blogger.com/_CRb3gYmxpzA/RytahacWwpI/AAAAAAAAAgY/aVRcjyL_oVg/s1600-h/iframe.png"><img id="BLOGGER_PHOTO_ID_5128292130771878546" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RytahacWwpI/AAAAAAAAAgY/aVRcjyL_oVg/s400/iframe.png" border="0" /></a><br /><p>YES!!!!!!!<br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RytaqacWwqI/AAAAAAAAAgg/FU_-bPlfw80/s1600-h/iframe2.png"><img id="BLOGGER_PHOTO_ID_5128292285390701218" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RytaqacWwqI/AAAAAAAAAgg/FU_-bPlfw80/s400/iframe2.png" border="0" /></a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-701294644460806670?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-45003035295493426852007-10-29T15:34:00.001-07:002007-10-29T15:35:21.758-07:00<div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RyZgDacWwnI/AAAAAAAAAgI/9NiHwlBjkR4/s1600-h/googlehack1.png"><img id="BLOGGER_PHOTO_ID_5126890837562016370" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RyZgDacWwnI/AAAAAAAAAgI/9NiHwlBjkR4/s400/googlehack1.png" border="0" /></a> </div><div><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RyZgF6cWwoI/AAAAAAAAAgQ/eKdlpz0_sDk/s1600-h/googlehack2.png"><img id="BLOGGER_PHOTO_ID_5126890880511689346" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RyZgF6cWwoI/AAAAAAAAAgQ/eKdlpz0_sDk/s400/googlehack2.png" border="0" /></a></div><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4500303529549342685?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-8090967714656769342007-10-29T15:33:00.001-07:002007-10-29T15:34:13.472-07:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/RyZf3acWwmI/AAAAAAAAAgA/XYstUNZlxY0/s1600-h/weirderror.png"><img id="BLOGGER_PHOTO_ID_5126890631403586146" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RyZf3acWwmI/AAAAAAAAAgA/XYstUNZlxY0/s400/weirderror.png" border="0" /></a> <div> </div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-809096771465676934?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-4518619583114791222007-10-26T11:35:00.001-07:002007-10-26T11:36:15.344-07:00<a href="http://bp0.blogger.com/_CRb3gYmxpzA/RyIzlqcWwlI/AAAAAAAAAf4/Zdjf7lRMG7k/s1600-h/errorsafeknowledgebase.png"><img id="BLOGGER_PHOTO_ID_5125716048042443346" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RyIzlqcWwlI/AAAAAAAAAf4/Zdjf7lRMG7k/s400/errorsafeknowledgebase.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-451861958311479122?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-37517905814244845882007-10-18T15:29:00.000-07:002007-10-18T15:30:40.860-07:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/RxfecT3hMZI/AAAAAAAAAfw/7nyefeE6op0/s1600-h/avsystemcaretoolbar.png"><img id="BLOGGER_PHOTO_ID_5122807679108067730" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RxfecT3hMZI/AAAAAAAAAfw/7nyefeE6op0/s400/avsystemcaretoolbar.png" border="0" /></a><br /><div> </div><div>Welcome back to AVSystemCare's deceptive security toolbar.</div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-3751790581424484588?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-86495911137898481392007-10-18T15:26:00.000-07:002007-10-18T15:29:08.570-07:00How far are rogue programs going to go to convince you?<br /><br />This is shocking, showing you real porn pictures that you may have on your computer.<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/Rxfd4D3hMYI/AAAAAAAAAfo/7HlPUn69JXE/s1600-h/privacyprotectorad.png"><img id="BLOGGER_PHOTO_ID_5122807056337809794" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/Rxfd4D3hMYI/AAAAAAAAAfo/7HlPUn69JXE/s400/privacyprotectorad.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8649591113789848139?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-46205650340700751692007-10-15T13:09:00.000-07:002007-10-15T13:10:53.863-07:00Their new domain: xpesttrap.com<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RxPJKD3hMWI/AAAAAAAAAfY/UCfPUzaXb7Q/s1600-h/pesttrap.png"><img id="BLOGGER_PHOTO_ID_5121658375924429154" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RxPJKD3hMWI/AAAAAAAAAfY/UCfPUzaXb7Q/s400/pesttrap.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4620565034070075169?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-10213594718603830282007-10-15T12:26:00.000-07:002007-10-15T13:36:31.361-07:00Fake alert #1:<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RxO-_j3hMSI/AAAAAAAAAe4/H5nX5IxQDG0/s1600-h/avsystemcare1.png"><img id="BLOGGER_PHOTO_ID_5121647200419524898" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RxO-_j3hMSI/AAAAAAAAAe4/H5nX5IxQDG0/s400/avsystemcare1.png" border="0" /></a><br /><br />Fake alert#2:<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RxO_Gj3hMTI/AAAAAAAAAfA/c47KG9Vmdko/s1600-h/avsystemcare2.png"><img id="BLOGGER_PHOTO_ID_5121647320678609202" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RxO_Gj3hMTI/AAAAAAAAAfA/c47KG9Vmdko/s400/avsystemcare2.png" border="0" /></a><br /><br />Webpage:<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RxO_Gj3hMUI/AAAAAAAAAfI/0M5gtfa6MZs/s1600-h/avsystemcare3.png"><img id="BLOGGER_PHOTO_ID_5121647320678609218" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RxO_Gj3hMUI/AAAAAAAAAfI/0M5gtfa6MZs/s400/avsystemcare3.png" border="0" /></a><br /><br />Rogue:<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RxPPNz3hMXI/AAAAAAAAAfg/uQOAnqJKJtU/s1600-h/avsystemcare4.png"><img id="BLOGGER_PHOTO_ID_5121665037418705266" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RxPPNz3hMXI/AAAAAAAAAfg/uQOAnqJKJtU/s400/avsystemcare4.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-1021359471860383028?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-22206010240346353672007-10-12T11:48:00.001-07:002007-10-12T11:51:07.443-07:00<div>I know this is kind of old news but here is a little sample of what it does.</div><div> </div><div>Upon execution the file ecard.exe will run its payload, which is installing a rootkit and then will forcefully reboot the machine.</div><div> </div><div>A screenshot of a scan done with RootkitRevealer below shows the file hidden from Windows, but yet still very active.</div><div> </div><a href="http://bp2.blogger.com/_CRb3gYmxpzA/Rw_BwD3hMRI/AAAAAAAAAew/Zz3qO50cnCY/s1600-h/ecard+rootkit.png"><img id="BLOGGER_PHOTO_ID_5120524332759593234" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/Rw_BwD3hMRI/AAAAAAAAAew/Zz3qO50cnCY/s400/ecard+rootkit.png" border="0" /></a><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2220601024034635367?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-19204224492128026692007-09-25T15:49:00.001-07:002007-09-25T15:51:06.754-07:00After running a Trojan, I checked the network traffic for communications with the outside.<br /><br />The Trojan was reporting the name of my computer and other info to a web server... The kind of stats a bot herder might use...<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RvmQdD3hMQI/AAAAAAAAAeo/sJwThya5H7o/s1600-h/joiningabotnet.png"><img id="BLOGGER_PHOTO_ID_5114277680784683266" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RvmQdD3hMQI/AAAAAAAAAeo/sJwThya5H7o/s400/joiningabotnet.png" border="0" /></a><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-1920422449212802669?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-64774196900667124732007-09-25T15:40:00.001-07:002007-09-25T15:46:10.967-07:00Running Live Messenger with a lot of (unknown) contacts can be a dangerous thing:<br /><br />First a window pops up. It's not a good sign when I haven't touched my browser:<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RvmOjD3hMPI/AAAAAAAAAeg/2KCdciKOqeQ/s1600-h/msninfection2.png"><img id="BLOGGER_PHOTO_ID_5114275584840642802" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RvmOjD3hMPI/AAAAAAAAAeg/2KCdciKOqeQ/s400/msninfection2.png" border="0" /></a><br /><br />A quick glance at Process Explorer confirms the infection:<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RvmOfz3hMOI/AAAAAAAAAeY/VEPv9IuOZBA/s1600-h/msninfection1.png"><img id="BLOGGER_PHOTO_ID_5114275529006067938" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RvmOfz3hMOI/AAAAAAAAAeY/VEPv9IuOZBA/s400/msninfection1.png" border="0" /></a><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-6477419690066712473?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-87692302138328900242007-09-20T16:35:00.000-07:002007-09-20T16:38:46.330-07:00behappysyst.com hosts a large number of rogues. It is hosted in the UK<br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RvMEWj3hMNI/AAAAAAAAAeQ/M2ilV3EEPSA/s1600-h/behappysyst2.png"><img id="BLOGGER_PHOTO_ID_5112434787627380946" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RvMEWj3hMNI/AAAAAAAAAeQ/M2ilV3EEPSA/s400/behappysyst2.png" border="0" /></a><br /><br /><br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RvMESD3hMMI/AAAAAAAAAeI/4ug783Yi6_Q/s1600-h/behappysyst1.png"><img id="BLOGGER_PHOTO_ID_5112434710317969602" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RvMESD3hMMI/AAAAAAAAAeI/4ug783Yi6_Q/s400/behappysyst1.png" border="0" /></a> <div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8769230213832890024?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com2tag:blogger.com,1999:blog-36446935.post-51645877728201237452007-09-18T13:03:00.001-07:002007-09-18T13:04:19.399-07:00This site installs a variant of the Newar Trojan.<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RvAvK9rWyqI/AAAAAAAAAeA/jz5o3BIjT3E/s1600-h/arcadestorm.png"><img id="BLOGGER_PHOTO_ID_5111637442467121826" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RvAvK9rWyqI/AAAAAAAAAeA/jz5o3BIjT3E/s400/arcadestorm.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5164587772820123745?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-76672043185153580532007-09-18T12:58:00.000-07:002007-09-18T13:01:16.381-07:00Dangerous URL posted on a MySpace web page.<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RvAuHdrWyoI/AAAAAAAAAdw/McGOutCHX8g/s1600-h/myspace1.png"><img id="BLOGGER_PHOTO_ID_5111636282825951874" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RvAuHdrWyoI/AAAAAAAAAdw/McGOutCHX8g/s400/myspace1.png" border="0" /></a><br /><br /><div><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RvAuKdrWypI/AAAAAAAAAd4/PacYK_9X6tA/s1600-h/myspace2.png"><img id="BLOGGER_PHOTO_ID_5111636334365559442" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RvAuKdrWypI/AAAAAAAAAd4/PacYK_9X6tA/s400/myspace2.png" border="0" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-7667204318515358053?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-69399359129446789542007-09-05T11:26:00.000-07:002007-09-05T11:37:50.931-07:00Watch out for this YouTube imitation... Nasty Trojan when you download a video.<br /><br />New Zlob fake codec site: hxxp://zero-codec.com<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/Rt707k1xFMI/AAAAAAAAAdo/6UfCZ37SVao/s1600-h/porntube.png"><img id="BLOGGER_PHOTO_ID_5106788331823371458" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/Rt707k1xFMI/AAAAAAAAAdo/6UfCZ37SVao/s400/porntube.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-6939935912944678954?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-9173685974148530092007-09-05T08:46:00.000-07:002007-09-05T08:48:43.058-07:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/Rt7Pek1xFLI/AAAAAAAAAdg/vCc8tHjLVUE/s1600-h/spray.png"><img id="BLOGGER_PHOTO_ID_5106747151676937394" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/Rt7Pek1xFLI/AAAAAAAAAdg/vCc8tHjLVUE/s400/spray.png" border="0" /></a><br /><br />It may work... but come on, 100% legal???? What's the point in having a license plate then?<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-917368597414853009?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-39967380510893260792007-09-04T12:12:00.000-07:002007-09-04T12:14:46.396-07:00Ran a Trojan that created a pop-up designed to ressemble Youtube videos. On click, you are redirected to Zango's website.<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/Rt2uSk1xFKI/AAAAAAAAAdY/B0i_4RgpoZM/s1600-h/zango.png"><img id="BLOGGER_PHOTO_ID_5106429186658079906" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/Rt2uSk1xFKI/AAAAAAAAAdY/B0i_4RgpoZM/s400/zango.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-3996738051089326079?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-61971629730644637342007-08-30T15:24:00.000-07:002007-08-30T15:50:32.457-07:00I came across an interesting IM Worm today:<br /><br />First, I get this IM with a link to follow:<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RtdFDE1xFHI/AAAAAAAAAdA/HJvBO5xxWfA/s1600-h/msn1.png"><img id="BLOGGER_PHOTO_ID_5104624621788927090" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RtdFDE1xFHI/AAAAAAAAAdA/HJvBO5xxWfA/s400/msn1.png" border="0" /></a><br /><br />It brings me to this website, that, for some reason ;-), needs me to install the Flash player:<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RtdFA01xFGI/AAAAAAAAAc4/V15nDGQ1deo/s1600-h/msn2.png"><img id="BLOGGER_PHOTO_ID_5104624583134221410" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RtdFA01xFGI/AAAAAAAAAc4/V15nDGQ1deo/s400/msn2.png" border="0" /></a><br /><br />Surprisingly, this "Flash Player" is infected!!!<br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RtdE-U1xFFI/AAAAAAAAAcw/ussVmvj7ML4/s1600-h/msn3.png"><img id="BLOGGER_PHOTO_ID_5104624540184548434" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RtdE-U1xFFI/AAAAAAAAAcw/ussVmvj7ML4/s400/msn3.png" border="0" /></a><br /><br />In case, I didn't download the file, the webpage itself has a malicious and obfuscated code that pushes the installer down my throat:<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RtdE7U1xFEI/AAAAAAAAAco/ohDi0qUEhlw/s1600-h/msn4.png"><img id="BLOGGER_PHOTO_ID_5104624488644940866" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RtdE7U1xFEI/AAAAAAAAAco/ohDi0qUEhlw/s400/msn4.png" border="0" /></a><br /><br />And to finish the loop, it sends out Instant Messages in my name to all the people on my contact list (to spread the word I suppose).<br /><br /><br /><div><br /><div><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RtdE301xFDI/AAAAAAAAAcg/YcmtaiVggUI/s1600-h/answer.png"><img id="BLOGGER_PHOTO_ID_5104624428515398706" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RtdE301xFDI/AAAAAAAAAcg/YcmtaiVggUI/s400/answer.png" border="0" /></a> </div><br /><div>The culprits:<br /></div></div><div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RtdJlU1xFJI/AAAAAAAAAdQ/WlvUjUAdrt4/s1600-h/culprits.png"><img id="BLOGGER_PHOTO_ID_5104629608245957778" style="WIDTH: 249px; CURSOR: hand; HEIGHT: 65px" height="65" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RtdJlU1xFJI/AAAAAAAAAdQ/WlvUjUAdrt4/s400/culprits.png" width="287" border="0" /></a><br /><div> </div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-6197162973064463734?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-47731739690002313032007-08-29T10:43:00.000-07:002007-08-29T11:07:14.736-07:00Drive-by exploit launches when you visit this site. If you use Firefox they trick you into downloading an add-on.<br /><br />Another point of interest, clicking on the Sign in link will open the AdultFriendFinder website. Oops..<br /><br />To avoid this, check out the URL in the address bar. It is not Google's. Also, Google will never ask you to download additional software to do a search. At least, not right now.<br />Also, drag your mouse onto the links on the page, and you may see in IE's status bar, that they point to a totally different site.<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RtWxkE1xFCI/AAAAAAAAAcY/FOJqXf1OK8Y/s1600-h/fake+google.png"><img id="BLOGGER_PHOTO_ID_5104180986026988578" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RtWxkE1xFCI/AAAAAAAAAcY/FOJqXf1OK8Y/s400/fake+google.png" border="0" /></a><br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RtWw401xFBI/AAAAAAAAAcQ/TZVkRjPlCVE/s1600-h/fake+google.png"></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4773173969000231303?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-85304885575741641632007-08-22T13:53:00.000-07:002007-08-22T13:57:03.491-07:00Malware - not "Malaware". TrustedAntivirus is a rogue anti-spyware program.<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/Rsyibk1xE_I/AAAAAAAAAcA/9jlEWviBZU4/s1600-h/trustedantivirus.png"><img id="BLOGGER_PHOTO_ID_5101631072533287922" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/Rsyibk1xE_I/AAAAAAAAAcA/9jlEWviBZU4/s400/trustedantivirus.png" border="0" /></a><br /><br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RsyijE1xFAI/AAAAAAAAAcI/um4qxHbSO90/s1600-h/trustedantivrus2.png"><img id="BLOGGER_PHOTO_ID_5101631201382306818" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RsyijE1xFAI/AAAAAAAAAcI/um4qxHbSO90/s400/trustedantivrus2.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8530488557574164163?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-84638176829281939602007-08-20T13:13:00.000-07:002007-08-20T13:30:49.519-07:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/Rsn5701xE-I/AAAAAAAAAb4/C58M9MAzcBU/s1600-h/sexecard.png"><img id="BLOGGER_PHOTO_ID_5100882859165553634" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/Rsn5701xE-I/AAAAAAAAAb4/C58M9MAzcBU/s400/sexecard.png" border="0" /></a><br /><br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/Rsn2EE1xE9I/AAAAAAAAAbw/7Yan2oNsw3M/s1600-h/applet.exe.png"><img id="BLOGGER_PHOTO_ID_5100878602852963282" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/Rsn2EE1xE9I/AAAAAAAAAbw/7Yan2oNsw3M/s400/applet.exe.png" border="0" /></a><br /><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8463817682928193960?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-49093190893409122142007-08-20T10:11:00.000-07:002007-08-20T10:15:19.074-07:00This user's display name is "DO NOT ACCEPT FILES FROM ME".... Well, it makes sense since it is trying to send me some infected files... But still, rather odd.<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RsnLYE1xE7I/AAAAAAAAAbg/efquJLSRQkY/s1600-h/msn1.png"><img id="BLOGGER_PHOTO_ID_5100831667450352562" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RsnLYE1xE7I/AAAAAAAAAbg/efquJLSRQkY/s400/msn1.png" border="0" /></a><br /><br /><br /><p>This one likes to send pictures and other stuff... even after the first No, they continued... Of course, these files are dangerous to open.</p><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RsnLdU1xE8I/AAAAAAAAAbo/odvtfm_OFUk/s1600-h/msn2.png"><img id="BLOGGER_PHOTO_ID_5100831757644665794" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RsnLdU1xE8I/AAAAAAAAAbo/odvtfm_OFUk/s400/msn2.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4909319089340912214?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-25673397083130615482007-08-16T14:34:00.001-07:002007-08-16T14:37:11.247-07:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/RsTDYE1xE6I/AAAAAAAAAbY/8_Q_Q6qQntc/s1600-h/firefox+ecard.png"><img id="BLOGGER_PHOTO_ID_5099415496473777058" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RsTDYE1xE6I/AAAAAAAAAbY/8_Q_Q6qQntc/s400/firefox+ecard.png" border="0" /></a><br /><div>The malware author is taking on Kaspersky... As you can see in the JavaScript exploit. (Html source code)</div><div></div><div>Warning! foul language</div><div></div><div></div><div></div><div><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RsTC_k1xE5I/AAAAAAAAAbQ/2wwkt2xRBaw/s1600-h/sourcecode.png"><img id="BLOGGER_PHOTO_ID_5099415075566982034" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RsTC_k1xE5I/AAAAAAAAAbQ/2wwkt2xRBaw/s400/sourcecode.png" border="0" /></a></div><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2567339708313061548?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-72120525668142814712007-08-15T10:40:00.001-07:002007-08-15T10:42:16.834-07:00If you get one of these emails, stay away from the link as it contains a variant of the Nuwar Trojan.<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RsM6j9AaS8I/AAAAAAAAAbA/S9UStJMqj78/s1600-h/postcardnewname.png"><img id="BLOGGER_PHOTO_ID_5098983592459652034" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RsM6j9AaS8I/AAAAAAAAAbA/S9UStJMqj78/s400/postcardnewname.png" border="0" /></a><br />The ecard.exe file has now been replaced by msdataaccess.exe<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RsM6oNAaS9I/AAAAAAAAAbI/3L1_3goZk1w/s1600-h/ecardaccess.png"><img id="BLOGGER_PHOTO_ID_5098983665474096082" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RsM6oNAaS9I/AAAAAAAAAbI/3L1_3goZk1w/s400/ecardaccess.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-7212052566814281471?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-89238350173493822042007-08-14T14:20:00.000-07:002007-08-14T14:23:09.500-07:00Whoever hacked this site could have been more discreet... They left a big footprint with their JavaScript exploit appearing top page.<br /><div></div><div><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RsIcu9AaS7I/AAAAAAAAAa4/8lwa-b39XtA/s1600-h/unobfuscated.png"><img id="BLOGGER_PHOTO_ID_5098669321112669106" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RsIcu9AaS7I/AAAAAAAAAa4/8lwa-b39XtA/s400/unobfuscated.png" border="0" /></a></div><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8923835017349382204?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-41452137864785109622007-08-14T14:08:00.000-07:002007-08-14T14:09:51.922-07:00True or not, thanks for letting users know ;-)<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RsIZ_tAaS6I/AAAAAAAAAaw/5CyDnZ-CJtI/s1600-h/adulthacked.png"><img id="BLOGGER_PHOTO_ID_5098666310340594594" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RsIZ_tAaS6I/AAAAAAAAAaw/5CyDnZ-CJtI/s400/adulthacked.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4145213786478510962?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-43203976477138188682007-08-13T15:51:00.000-07:002007-08-13T15:55:52.625-07:00Not sure exactly what all the parameters stand for, but those were found on malware host domains. It seems they dynamically update the malware files and also keep stats.<br />(Click on the pic to enlarge)<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RsDg-tAaS3I/AAAAAAAAAaY/xZyQL3qR1QA/s1600-h/backend1.png"><img id="BLOGGER_PHOTO_ID_5098322146021231474" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RsDg-tAaS3I/AAAAAAAAAaY/xZyQL3qR1QA/s400/backend1.png" border="0" /></a><br /><br /><div></div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RsDhCNAaS4I/AAAAAAAAAag/eVpzurRwDks/s1600-h/backend2.png"><img id="BLOGGER_PHOTO_ID_5098322206150773634" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RsDhCNAaS4I/AAAAAAAAAag/eVpzurRwDks/s400/backend2.png" border="0" /></a><br /><br /><div></div><br /><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4320397647713818868?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-58188590524313825252007-08-10T11:29:00.000-07:002007-08-10T11:31:24.469-07:00<a href="http://bp0.blogger.com/_CRb3gYmxpzA/Rryu0NAaS2I/AAAAAAAAAaQ/BuDDiVb3Fcc/s1600-h/funnycard.png"><img id="BLOGGER_PHOTO_ID_5097141090144373602" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/Rryu0NAaS2I/AAAAAAAAAaQ/BuDDiVb3Fcc/s400/funnycard.png" border="0" /></a><br /><div></div><br /><p>The custom link is malicious, whereas the second one is a legitimate ecard website.</p><p> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5818859052431382525?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-40473545876501336772007-08-09T14:39:00.000-07:002007-08-09T14:56:31.950-07:00<a href="http://bp2.blogger.com/_CRb3gYmxpzA/RruJn9AaS0I/AAAAAAAAAaA/p-HaTmPvzto/s1600-h/china.png"><img id="BLOGGER_PHOTO_ID_5096818722784037698" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RruJn9AaS0I/AAAAAAAAAaA/p-HaTmPvzto/s400/china.png" border="0" /></a><br /><br />VirusTotal scan of one of the items... not widely detected yet.<br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RruJzdAaS1I/AAAAAAAAAaI/rD08BaXjb2o/s1600-h/chinab.png"><img id="BLOGGER_PHOTO_ID_5096818920352533330" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RruJzdAaS1I/AAAAAAAAAaI/rD08BaXjb2o/s400/chinab.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4047354587650133677?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-55319964466418432007-08-07T17:04:00.000-07:002007-08-07T17:18:35.475-07:00This Trojan is quite harsh on system resources... It spawns an insane amount of cmd.exe processes.... I like the cascade effect...<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RrkIuNAaSyI/AAAAAAAAAZw/luxqMB0PIT8/s1600-h/cmd.png"><img id="BLOGGER_PHOTO_ID_5096114043204815650" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RrkIuNAaSyI/AAAAAAAAAZw/luxqMB0PIT8/s400/cmd.png" border="0" /></a><br /><p>Scan from VirusTotal:<br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RrkLgdAaSzI/AAAAAAAAAZ4/DzUoF9qJdzc/s1600-h/results.png"><img id="BLOGGER_PHOTO_ID_5096117105516497714" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RrkLgdAaSzI/AAAAAAAAAZ4/DzUoF9qJdzc/s400/results.png" border="0" /></a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5531996446641843?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-89314329662969228212007-08-07T11:30:00.001-07:002007-08-07T12:30:39.583-07:00<a href="http://bp0.blogger.com/_CRb3gYmxpzA/Rri6YNAaSwI/AAAAAAAAAZg/Wr4Hq0zUA1c/s1600-h/fakepostcards.jpg"><img id="BLOGGER_PHOTO_ID_5096027903340727042" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/Rri6YNAaSwI/AAAAAAAAAZg/Wr4Hq0zUA1c/s400/fakepostcards.jpg" border="0" /></a><br /><p>Below are the domains the fake ecards point to:</p><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RrjIHtAaSxI/AAAAAAAAAZo/UluCUkoqTZc/s1600-h/domains.png"><img id="BLOGGER_PHOTO_ID_5096043013035674386" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RrjIHtAaSxI/AAAAAAAAAZo/UluCUkoqTZc/s400/domains.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8931432966296922821?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-56828128760033922922007-08-07T10:41:00.001-07:002007-08-07T10:42:18.864-07:00<a href="http://bp1.blogger.com/_CRb3gYmxpzA/Rriu6dAaSvI/AAAAAAAAAZY/wQiclE9-0eA/s1600-h/youtube.jpg"><img id="BLOGGER_PHOTO_ID_5096015297611713266" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/Rriu6dAaSvI/AAAAAAAAAZY/wQiclE9-0eA/s400/youtube.jpg" border="0" /></a> <div><div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RriuwNAaSuI/AAAAAAAAAZQ/W8GiATYvpUo/s1600-h/youtubespam.jpg"><img id="BLOGGER_PHOTO_ID_5096015121518054114" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RriuwNAaSuI/AAAAAAAAAZQ/W8GiATYvpUo/s400/youtubespam.jpg" border="0" /></a></div></div><br /><p></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5682812876003392292?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-58848596431143156892007-07-31T09:30:00.000-07:002007-07-31T09:31:45.411-07:00<a href="http://bp2.blogger.com/_CRb3gYmxpzA/Rq9jy9AaStI/AAAAAAAAAZI/H8Z39-2iZwU/s1600-h/taskbar.png"><img id="BLOGGER_PHOTO_ID_5093399430600215250" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/Rq9jy9AaStI/AAAAAAAAAZI/H8Z39-2iZwU/s400/taskbar.png" border="0" /></a><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5884859643114315689?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-82106386770414198272007-07-27T14:09:00.001-07:002007-07-27T14:11:13.517-07:00URL:<br />hxxp://209.9.170.171/MTgyOjUxMjo=/ucleaner_setup.exe<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RqpfDmBwQdI/AAAAAAAAAZA/jlgM4zeDLRo/s1600-h/udefender.png"><img id="BLOGGER_PHOTO_ID_5091986844047917522" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RqpfDmBwQdI/AAAAAAAAAZA/jlgM4zeDLRo/s400/udefender.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8210638677041419827?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-31117134359315704752007-07-26T16:29:00.001-07:002007-07-26T16:30:24.542-07:00<a href="http://bp2.blogger.com/_CRb3gYmxpzA/Rqkue2BwQcI/AAAAAAAAAY4/va78fN5n7mM/s1600-h/cmd.png"><img id="BLOGGER_PHOTO_ID_5091651961152881090" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/Rqkue2BwQcI/AAAAAAAAAY4/va78fN5n7mM/s400/cmd.png" border="0" /></a><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-3111713435931570475?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-83380395009958782032007-07-26T09:57:00.000-07:002007-07-26T09:59:02.126-07:00This file comes as an attachment to a social engineering type of email.<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RqjSoGBwQbI/AAAAAAAAAYw/lyvDksM5x94/s1600-h/funnyzip.png"><img id="BLOGGER_PHOTO_ID_5091550964996915634" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RqjSoGBwQbI/AAAAAAAAAYw/lyvDksM5x94/s400/funnyzip.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8338039500995878203?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-44135805514368120912007-07-23T16:12:00.000-07:002007-07-23T16:14:11.457-07:00This malicious host has a nice little list of malware items that it lists in an "update.txt" file.<br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RqU2D2BwQaI/AAAAAAAAAYo/pq7zum81RD8/s1600-h/server+update.png"><img id="BLOGGER_PHOTO_ID_5090534393482592674" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RqU2D2BwQaI/AAAAAAAAAYo/pq7zum81RD8/s400/server+update.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4413580551436812091?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-36609039015409222512007-07-23T15:22:00.001-07:002007-07-23T15:25:00.144-07:00Internet Explorer didn't like visiting that website ;-)<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RqUqQGBwQZI/AAAAAAAAAYg/1pbn36NiUAQ/s1600-h/IEcrash.png"><img id="BLOGGER_PHOTO_ID_5090521409796456850" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RqUqQGBwQZI/AAAAAAAAAYg/1pbn36NiUAQ/s400/IEcrash.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-3660903901540922251?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-80774154599598048192007-07-19T14:58:00.000-07:002007-07-19T15:03:00.424-07:00Stumbled upon a fake codec... and it displayed all these lovely screens on my PC.<br />This is hilarious.... trying to push a rogue product with, I must say, really nice graphics (do these people hire an art director???)<br /><br />Click on the picture to enlarge and have a good laugh (remember though that this is a big scam and a lot of people fall for it).<br /><br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/Rp_eyi9NWkI/AAAAAAAAAYI/Nk0BP6RRrdA/s1600-h/04.png"><img id="BLOGGER_PHOTO_ID_5089031063910308418" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/Rp_eyi9NWkI/AAAAAAAAAYI/Nk0BP6RRrdA/s400/04.png" border="0" /></a><br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/Rp_e1S9NWlI/AAAAAAAAAYQ/79gQyoKgzkI/s1600-h/05.png"><img id="BLOGGER_PHOTO_ID_5089031111154948690" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/Rp_e1S9NWlI/AAAAAAAAAYQ/79gQyoKgzkI/s400/05.png" border="0" /></a><br /><br /><div> <a href="http://bp2.blogger.com/_CRb3gYmxpzA/Rp_e4C9NWmI/AAAAAAAAAYY/zQt0TGuRUM8/s1600-h/06.png"><img id="BLOGGER_PHOTO_ID_5089031158399588962" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/Rp_e4C9NWmI/AAAAAAAAAYY/zQt0TGuRUM8/s400/06.png" border="0" /></a><br /><br /><div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/Rp_evi9NWjI/AAAAAAAAAYA/PlzOs5AhElw/s1600-h/03.png"><img id="BLOGGER_PHOTO_ID_5089031012370700850" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/Rp_evi9NWjI/AAAAAAAAAYA/PlzOs5AhElw/s400/03.png" border="0" /></a><br /><br /><div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/Rp_esi9NWiI/AAAAAAAAAX4/DWkPW_DKpLM/s1600-h/02.png"><img id="BLOGGER_PHOTO_ID_5089030960831093282" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/Rp_esi9NWiI/AAAAAAAAAX4/DWkPW_DKpLM/s400/02.png" border="0" /></a><br /><br /><div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/Rp_epS9NWhI/AAAAAAAAAXw/wRAOpHPfBpw/s1600-h/01.png"><img id="BLOGGER_PHOTO_ID_5089030904996518418" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/Rp_epS9NWhI/AAAAAAAAAXw/wRAOpHPfBpw/s400/01.png" border="0" /></a><br /><br /><div></div><div></div><div> </div></div></div></div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8077415459959804819?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-50765182100303083162007-07-18T11:25:00.000-07:002007-07-18T11:35:14.461-07:00I keep receiving emails daily about a supposed Greeting Card waiting for me. Of course no one would send me a card on the email address I made up. So, it is by nature very suspicious.<br /><div><div></div><br /><div>I have started collecting the IPs where the malware is hosted and I realize it is on several networks across the US.</div><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/Rp5dWC9NWgI/AAAAAAAAAXo/9XaKkxGxQk0/s1600-h/ecardd.png"><img id="BLOGGER_PHOTO_ID_5088607262307342850" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/Rp5dWC9NWgI/AAAAAAAAAXo/9XaKkxGxQk0/s400/ecardd.png" border="0" /></a><br /><div></div><a href="http://bp1.blogger.com/_CRb3gYmxpzA/Rp5dLC9NWfI/AAAAAAAAAXg/LJtwATsGeWY/s1600-h/ecardd.png"></a><br /><div></div><p><a href="http://bp0.blogger.com/_CRb3gYmxpzA/Rp5cjy9NWeI/AAAAAAAAAXY/fkD6J4_sIrM/s1600-h/ecardd.png"></a></p><p></p><div> </div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5076518210030308316?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-20557528326757915312007-07-12T13:27:00.001-07:002007-07-12T13:28:56.700-07:00Another instance of the fake ecard....<br />But interesting thing, Yahoo! Mail warns me beforing visiting the bad site.<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RpaOzy9NWYI/AAAAAAAAAWg/jbew4xsQsNM/s1600-h/yahoowarning.png"><img id="BLOGGER_PHOTO_ID_5086409849664526722" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RpaOzy9NWYI/AAAAAAAAAWg/jbew4xsQsNM/s400/yahoowarning.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2055752832675791531?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-87793206667509592302007-07-12T12:10:00.000-07:002007-07-12T12:20:28.734-07:00<div>That's a funny one... I had a fake email address subscribed to a porn newsletter...<br />I decided to go back to being a good boy and unsubscribed...<br />Well, first thing I see is a big promotion for a privacy software to delete all my porn pictures. Ah, everything is good to make money these days... (sigh)<br /><br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RpZ9di9NWWI/AAAAAAAAAWQ/N5aIaSFxSrE/s1600-h/porn1.png"><img id="BLOGGER_PHOTO_ID_5086390775714765154" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RpZ9di9NWWI/AAAAAAAAAWQ/N5aIaSFxSrE/s400/porn1.png" border="0" /></a><br /><br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RpZ9ay9NWVI/AAAAAAAAAWI/pGj0SkCB6U0/s1600-h/porn2.png"><img id="BLOGGER_PHOTO_ID_5086390728470124882" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RpZ9ay9NWVI/AAAAAAAAAWI/pGj0SkCB6U0/s400/porn2.png" border="0" /></a><br /><br /><br /><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RpZ9XS9NWUI/AAAAAAAAAWA/QGzqcNgKrtc/s1600-h/porn3.png"><img id="BLOGGER_PHOTO_ID_5086390668340582722" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RpZ9XS9NWUI/AAAAAAAAAWA/QGzqcNgKrtc/s400/porn3.png" border="0" /></a></div><div> </div><div> </div><div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RpZ-yi9NWXI/AAAAAAAAAWY/HMwHj8bWBBk/s1600-h/privacy.png"><img id="BLOGGER_PHOTO_ID_5086392236003645810" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RpZ-yi9NWXI/AAAAAAAAAWY/HMwHj8bWBBk/s400/privacy.png" border="0" /></a></div><div> </div><div>$79.95!!!!??? Wow</div><div> </div><div>I think I'll pass on that offer.</div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8779320666750959230?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-74313943847827098912007-07-12T10:43:00.000-07:002007-07-12T10:46:27.572-07:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/RpZoii9NWTI/AAAAAAAAAV4/aabFBNfxvy8/s1600-h/vmwareservice.png"><img id="BLOGGER_PHOTO_ID_5086367771869927730" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RpZoii9NWTI/AAAAAAAAAV4/aabFBNfxvy8/s400/vmwareservice.png" border="0" /></a><br />Filename: 1.exe<br /><br />It copies itself to the Windows folder under the name vmware (no extension). It also creates a service.<br />Upon execution the file melts.<br /><br />Detected as BackDoor Hupigon...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-7431394384782709891?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-75395444684864991982007-07-11T16:43:00.000-07:002007-07-11T16:44:30.746-07:00Another spam email that lures you... The link is bad, of course.<br /><br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RpVrFoBnVII/AAAAAAAAAVw/-XVKjtHRdq8/s1600-h/fake+postcard.png"><img id="BLOGGER_PHOTO_ID_5086089098572551298" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RpVrFoBnVII/AAAAAAAAAVw/-XVKjtHRdq8/s400/fake+postcard.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-7539544468486499198?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-47097272218707123312007-07-10T09:26:00.000-07:002007-07-10T09:28:41.084-07:00I get lots of spam lately coming in the form of a PDF attached to the email. Let's not get fooled... it's just as bad and annoying.<br /><br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RpOzYIBnVHI/AAAAAAAAAVo/sTfRRLLWLvk/s1600-h/spam1.png"><img id="BLOGGER_PHOTO_ID_5085605631283909746" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RpOzYIBnVHI/AAAAAAAAAVo/sTfRRLLWLvk/s400/spam1.png" border="0" /></a><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RpOzVIBnVGI/AAAAAAAAAVg/lY__rO0YACc/s1600-h/spam2.png"><img id="BLOGGER_PHOTO_ID_5085605579744302178" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RpOzVIBnVGI/AAAAAAAAAVg/lY__rO0YACc/s400/spam2.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4709727221870712331?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-71982528253312009772007-07-09T11:08:00.001-07:002007-07-09T11:09:57.529-07:00<a href="http://bp2.blogger.com/_CRb3gYmxpzA/RpJ5o4BnVFI/AAAAAAAAAVY/EQUGVonlGqE/s1600-h/wormalert.png"><img id="BLOGGER_PHOTO_ID_5085260672395596882" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RpJ5o4BnVFI/AAAAAAAAAVY/EQUGVonlGqE/s400/wormalert.png" border="0" /></a><br /><br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RpJ5lIBnVEI/AAAAAAAAAVQ/qAEzz9doK20/s1600-h/attack.png"><img id="BLOGGER_PHOTO_ID_5085260607971087426" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RpJ5lIBnVEI/AAAAAAAAAVQ/qAEzz9doK20/s400/attack.png" border="0" /></a><br /><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-7198252825331200977?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-6740235787202307662007-07-04T09:54:00.001-07:002007-07-04T09:58:07.951-07:00How a malicious ifrane is inserted into a legit webpage source code and infects your computer:<br /><br />Click on the images to enlarge<br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RovQ6IBnVDI/AAAAAAAAAVI/UM5qCAk3nJk/s1600-h/library.png"><img id="BLOGGER_PHOTO_ID_5083386301422982194" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RovQ6IBnVDI/AAAAAAAAAVI/UM5qCAk3nJk/s400/library.png" border="0" /></a><br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RovQ24BnVCI/AAAAAAAAAVA/mKX_trV9avM/s1600-h/chinesewebsite.png"><img id="BLOGGER_PHOTO_ID_5083386245588407330" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RovQ24BnVCI/AAAAAAAAAVA/mKX_trV9avM/s400/chinesewebsite.png" border="0" /></a><br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RovQx4BnVBI/AAAAAAAAAU4/zRrtOku9KH4/s1600-h/fiddler.png"><img id="BLOGGER_PHOTO_ID_5083386159689061394" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RovQx4BnVBI/AAAAAAAAAU4/zRrtOku9KH4/s400/fiddler.png" border="0" /></a><br /><br /><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-674023578720230766?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-4155557519267981742007-07-03T14:49:00.001-07:002007-07-03T14:51:43.677-07:00<div>Don't get fooled by those fake MSN Messenger windows that are part of a website... They tease you in order for you to click on them.... But they are just a redirection to another page... that can contain malicious content...</div><div>Social engineering again, and always...</div><div> </div><div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RorEfIBnVAI/AAAAAAAAAUw/2-V-vpSeXf0/s1600-h/msninside.png"><img id="BLOGGER_PHOTO_ID_5083091168450270210" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RorEfIBnVAI/AAAAAAAAAUw/2-V-vpSeXf0/s400/msninside.png" border="0" /></a></div><br /><p> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-415555751926798174?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-76252324796562302742007-06-14T14:10:00.000-07:002007-06-14T14:20:52.998-07:00When installing DriveCleaner, a rogue anti-spyware application, you get prompted for the PopsMedia toolbar install.<br /><div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RnGwq6kG8uI/AAAAAAAAAUY/YO_5c539EFY/s1600-h/popsmedia3.png"></a>This toolbar sits above your taskbar and harbours the DriveCleaner logo.<br /><br /><div><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RnGwRKkG8tI/AAAAAAAAAUQ/-DjkJOglSCs/s1600-h/popsmedia.png"><img id="BLOGGER_PHOTO_ID_5076032063963329234" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RnGwRKkG8tI/AAAAAAAAAUQ/-DjkJOglSCs/s400/popsmedia.png" border="0" /></a><br /></div><div><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RnGw1akG8vI/AAAAAAAAAUg/OsxAc1C7BBQ/s1600-h/popsmedia3.png"><img id="BLOGGER_PHOTO_ID_5076032686733587186" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RnGw1akG8vI/AAAAAAAAAUg/OsxAc1C7BBQ/s400/popsmedia3.png" border="0" /></a><br /></div><div></div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-7625232479656230274?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-27576544898139896382007-06-08T14:21:00.000-07:002007-06-08T14:36:13.401-07:00This piece of malware uses the famous Kaspersky Antivirus's icon to disguise itself. VirusTotal scan follows. It doesn't seem to be very known at all. If you PM me, I can send you a sample.<br /><div></div><br /><div><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RmnIoKkG8rI/AAAAAAAAAUA/fELfa8vGbAc/s1600-h/k.png"><img id="BLOGGER_PHOTO_ID_5073807047565701810" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RmnIoKkG8rI/AAAAAAAAAUA/fELfa8vGbAc/s400/k.png" border="0" /></a></div><br /><div></div><br /><div></div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RmnK0qkG8sI/AAAAAAAAAUI/sVevpaf3uZM/s1600-h/vt.png"><img id="BLOGGER_PHOTO_ID_5073809461337322178" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RmnK0qkG8sI/AAAAAAAAAUI/sVevpaf3uZM/s400/vt.png" border="0" /></a><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2757654489813989638?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-21500749890420258942007-06-07T17:51:00.000-07:002007-06-08T11:12:22.692-07:00A video explains things a lot better ;-)<br /><br /><object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/7cptpThOWHw"></param><embed src="http://www.youtube.com/v/7cptpThOWHw" type="application/x-shockwave-flash" width="425" height="350"></embed></object><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2150074989042025894?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-12292813171918856102007-06-07T17:12:00.000-07:002007-06-25T09:36:40.475-07:00<div>It started with a nasty Trojan that I monitor using Process Explorer. No IE window is open but the network traffic seems to be on the high... even the CPU is chugging. The Trojan checks for the following domain at regular intervals, which is hosted by ESTDOMAINS.<br /><br /><div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/Rn_u5KkG8wI/AAAAAAAAAUo/CFaNlnEeaf0/s1600-h/ESTdomains.png"><img id="BLOGGER_PHOTO_ID_5080041570552967938" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/Rn_u5KkG8wI/AAAAAAAAAUo/CFaNlnEeaf0/s400/ESTdomains.png" border="0" /></a><br /><br /><div><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RmifoqkG8lI/AAAAAAAAATQ/GAp1oaQqr9o/s1600-h/pe.png"><img id="BLOGGER_PHOTO_ID_5073480501202186834" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RmifoqkG8lI/AAAAAAAAATQ/GAp1oaQqr9o/s400/pe.png" border="0" /></a><br /></div><br /><br /><div></div><br /><br /><div><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RmigfqkG8mI/AAAAAAAAATY/rRRnbJzHHIg/s1600-h/cpu.png"><img id="BLOGGER_PHOTO_ID_5073481446094991970" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RmigfqkG8mI/AAAAAAAAATY/rRRnbJzHHIg/s400/cpu.png" border="0" /></a><br /></div><br /><br /><div><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RmihOqkG8nI/AAAAAAAAATg/ClKsyRJvF-k/s1600-h/traffic.png"><img id="BLOGGER_PHOTO_ID_5073482253548843634" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RmihOqkG8nI/AAAAAAAAATg/ClKsyRJvF-k/s400/traffic.png" border="0" /></a></div><br /><br /><br /><div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RmifJKkG8iI/AAAAAAAAAS4/FGw2ESRNwuQ/s1600-h/sites01.png"><img id="BLOGGER_PHOTO_ID_5073479960036307490" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RmifJKkG8iI/AAAAAAAAAS4/FGw2ESRNwuQ/s400/sites01.png" border="0" /></a></div><br /><br /><br /><div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RmifOKkG8kI/AAAAAAAAATI/yLGIG-xGBoU/s1600-h/sites03.png"><img id="BLOGGER_PHOTO_ID_5073480045935653442" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RmifOKkG8kI/AAAAAAAAATI/yLGIG-xGBoU/s400/sites03.png" border="0" /></a> </div><br /><br /><br /><div><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RmifLqkG8jI/AAAAAAAAATA/ReLERYbotXk/s1600-h/sites02.png"><img id="BLOGGER_PHOTO_ID_5073480002985980466" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RmifLqkG8jI/AAAAAAAAATA/ReLERYbotXk/s400/sites02.png" border="0" /></a> </div><br /><br /><br /><div><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RmiheqkG8oI/AAAAAAAAATo/eajgk0l3OA4/s1600-h/sites04.png"><img id="BLOGGER_PHOTO_ID_5073482528426750594" style="CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RmiheqkG8oI/AAAAAAAAATo/eajgk0l3OA4/s400/sites04.png" border="0" /></a><br /></div></div><br /><br /><div><br /></div><br /><div></div><br /><div><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RmihzKkG8pI/AAAAAAAAATw/KvEefi7OkAM/s1600-h/tempfiles.png"><img id="BLOGGER_PHOTO_ID_5073482880614068882" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RmihzKkG8pI/AAAAAAAAATw/KvEefi7OkAM/s400/tempfiles.png" border="0" /></a><br /><br /></div><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RmiifakG8qI/AAAAAAAAAT4/7PMIy810qrc/s1600-h/bot.png"><img id="BLOGGER_PHOTO_ID_5073483640823280290" style="CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RmiifakG8qI/AAAAAAAAAT4/7PMIy810qrc/s400/bot.png" border="0" /></a><br /><br /><div></div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-1229281317191885610?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-40624915345995970732007-06-01T11:46:00.000-07:002007-06-01T18:41:44.593-07:00This piece of malware spreads through MSN. One of your contacts will send you an IM, with a zip file, supposedly of photos...<br />The file turns out to be a nasty piece of malware, not yet very detected by AV companies. Moreover, it won't run under Vmware... making it harder to analyze.<br /><br /><em>Screenshot of the Instant Message:</em><br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RmBq5wUQV4I/AAAAAAAAASw/A6JFu1jQk-s/s1600-h/msn.png"><img id="BLOGGER_PHOTO_ID_5071170720874125186" style="" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RmBq5wUQV4I/AAAAAAAAASw/A6JFu1jQk-s/s400/msn.png" border="0" /></a><br /><br /><em>The file has been packed with Themida and will not run in VM:</em><br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RmBq1QUQV3I/AAAAAAAAASo/BZtzOJuthNY/s1600-h/photopic.png"><img id="BLOGGER_PHOTO_ID_5071170643564713842" style="" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RmBq1QUQV3I/AAAAAAAAASo/BZtzOJuthNY/s400/photopic.png" border="0" /></a><br /><br /><em>A view with Filealyzer confirms the presence of Themida in the binary:</em><br /><br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RmBqcQUQV1I/AAAAAAAAASY/MSDxf4-E29o/s1600-h/filealyzer.png"><img id="BLOGGER_PHOTO_ID_5071170214067984210" style="" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RmBqcQUQV1I/AAAAAAAAASY/MSDxf4-E29o/s400/filealyzer.png" border="0" /></a><br /><br /><em>A VirusTotal scan:</em><br /><br /><a href="http://bp0.blogger.com/_CRb3gYmxpzA/RmBqqgUQV2I/AAAAAAAAASg/dm1TqEVjmAs/s1600-h/virustotal.png"><img id="BLOGGER_PHOTO_ID_5071170458881120098" style="" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RmBqqgUQV2I/AAAAAAAAASg/dm1TqEVjmAs/s400/virustotal.png" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4062491534599597073?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com1tag:blogger.com,1999:blog-36446935.post-4662051546418781282007-05-29T11:16:00.000-07:002007-05-29T11:17:03.639-07:00<a href="http://bp0.blogger.com/_CRb3gYmxpzA/RlxuAbGJe5I/AAAAAAAAASI/ztDReDDflo4/s1600-h/useralreadyattacked.png"><img id="BLOGGER_PHOTO_ID_5070048234064935826" style="CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/RlxuAbGJe5I/AAAAAAAAASI/ztDReDDflo4/s400/useralreadyattacked.png" border="0" /></a><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-466205154641878128?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-48270826916157322692007-05-28T16:34:00.001-07:002007-05-28T16:47:52.587-07:00It starts with a fake movie codec... that you may download from a porn site in order to watch a video... But what you don't know is that your machine is in danger from now on.<br /><br /><br /><div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RltnEbGJe1I/AAAAAAAAARo/N52yekjwYbc/s1600-h/codec.png"><img id="BLOGGER_PHOTO_ID_5069759131226307410" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RltnEbGJe1I/AAAAAAAAARo/N52yekjwYbc/s400/codec.png" border="0" /></a></div><br /><div><br /><br /><br /></div><br /><div></div><br /><div><br /><br /><br /></div><br /><div></div><br /><div><br /><br /><br /></div><br /><div><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RltnEbGJe1I/AAAAAAAAARo/N52yekjwYbc/s1600-h/codec.png"></a></div><br /><div><br /></div><div></div><div></div><div></div><br /><br />Pop-ups "magically" appear... Funny enough, it's as if they know you have been naughty...<br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RltnV7GJe3I/AAAAAAAAAR4/bUI9w1z_k2k/s1600-h/pp02.png"><img id="BLOGGER_PHOTO_ID_5069759431874018162" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RltnV7GJe3I/AAAAAAAAAR4/bUI9w1z_k2k/s400/pp02.png" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />And all of that for a rogue app. to cleanse the machine...<br /><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RltnQbGJe2I/AAAAAAAAARw/pAkY7VctdvI/s1600-h/pp01.png"><img id="BLOGGER_PHOTO_ID_5069759337384737634" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RltnQbGJe2I/AAAAAAAAARw/pAkY7VctdvI/s400/pp01.png" border="0" /></a><br /><br /><br /><br />Of course, you must buy this software to remove those violations...<br /><br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RltpM7GJe4I/AAAAAAAAASA/Y4I2Fa7LXrY/s1600-h/pp03.png"><img id="BLOGGER_PHOTO_ID_5069761476278451074" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RltpM7GJe4I/AAAAAAAAASA/Y4I2Fa7LXrY/s400/pp03.png" border="0" /></a><br /><br /><br /><br /><br /><br />It's a well oiled machine that seems to work :-S<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4827082691615732269?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-40662704401376065872007-05-24T11:06:00.000-07:002007-05-24T12:35:31.477-07:00At second glance, this ought to be bad...<br /><p><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RlXUJbGJe0I/AAAAAAAAARc/kdAOyVb8dAg/s1600-h/fakeservice.png"><img id="BLOGGER_PHOTO_ID_5068190214032816962" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RlXUJbGJe0I/AAAAAAAAARc/kdAOyVb8dAg/s400/fakeservice.png" border="0" /></a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4066270440137606587?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-84424186068317230322007-05-08T09:13:00.000-07:002007-05-08T09:17:21.089-07:00That Trojan really tries to scare you... and they're good at it too. I can't help but laugh at it though ;-)<br />Nice graphics as always... and a touch of humour.<br /><br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RkCiKU2G0nI/AAAAAAAAAN4/6TQTpKnTxHU/s1600-h/worriedjohn.png"><img id="BLOGGER_PHOTO_ID_5062224279442477682" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RkCiKU2G0nI/AAAAAAAAAN4/6TQTpKnTxHU/s400/worriedjohn.png" border="0" /></a><br /><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RkCiG02G0mI/AAAAAAAAANw/IZGG1ZynBdI/s1600-h/winupdate.png"><img id="BLOGGER_PHOTO_ID_5062224219312935522" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RkCiG02G0mI/AAAAAAAAANw/IZGG1ZynBdI/s400/winupdate.png" border="0" /></a><br /><br /><div><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RkCiCU2G0lI/AAAAAAAAANo/w4MRdgcRLQI/s1600-h/severe.png"><img id="BLOGGER_PHOTO_ID_5062224142003524178" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RkCiCU2G0lI/AAAAAAAAANo/w4MRdgcRLQI/s400/severe.png" border="0" /></a><br /><br /><br /><div><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RkCh6k2G0kI/AAAAAAAAANg/Ov_9r0lT8Aw/s1600-h/securitycenter.png"><img id="BLOGGER_PHOTO_ID_5062224008859537986" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RkCh6k2G0kI/AAAAAAAAANg/Ov_9r0lT8Aw/s400/securitycenter.png" border="0" /></a><br /><br /><br /><br /><div></div><br /><br /><br /><br /><div></div><br /><br /><br /><br /><div> </div><br /><br /><div></div></div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8442418606831723032?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-15725018878912768732007-05-01T10:45:00.001-07:002007-05-01T10:45:45.686-07:00<a href="http://bp0.blogger.com/_CRb3gYmxpzA/Rjd8xU2G0jI/AAAAAAAAANI/8RcvoPelcwU/s1600-h/drivecleanertoolbar.png"><img id="BLOGGER_PHOTO_ID_5059649893225124402" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp0.blogger.com/_CRb3gYmxpzA/Rjd8xU2G0jI/AAAAAAAAANI/8RcvoPelcwU/s400/drivecleanertoolbar.png" border="0" /></a><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-1572501887891276873?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-21039454557386374962007-04-23T15:03:00.000-07:002007-04-23T15:05:51.265-07:00<a href="http://bp2.blogger.com/_CRb3gYmxpzA/Ri0tuuXZbxI/AAAAAAAAANA/87bjo5esQFo/s1600-h/eula.png"><img id="BLOGGER_PHOTO_ID_5056748237350334226" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/Ri0tuuXZbxI/AAAAAAAAANA/87bjo5esQFo/s400/eula.png" border="0" /></a><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2103945455738637496?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-56243925919284275202007-04-17T15:18:00.001-07:002007-04-17T16:18:22.783-07:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/RiVRI0MheFI/AAAAAAAAAM4/rgLfln_zG5Y/s1600-h/permission.png"><img id="BLOGGER_PHOTO_ID_5054535368685221970" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RiVRI0MheFI/AAAAAAAAAM4/rgLfln_zG5Y/s400/permission.png" border="0" /></a><br /><div></div><br /><div></div><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5624392591928427520?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-26187892135971929852007-04-17T15:18:00.000-07:002007-04-17T15:21:30.364-07:00<strong>The regular Firefox download page:<br /></strong><br /><a href="http://bp2.blogger.com/_CRb3gYmxpzA/RiVH2kMheDI/AAAAAAAAAMo/pP8AidJc5DM/s1600-h/firefoxnotbugged.png"><img id="BLOGGER_PHOTO_ID_5054525159547959346" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp2.blogger.com/_CRb3gYmxpzA/RiVH2kMheDI/AAAAAAAAAMo/pP8AidJc5DM/s400/firefoxnotbugged.png" border="0" /></a><br /><br /><div></div><br /><br /><div></div><br /><br /><div></div><br /><br /><div></div><br /><br /><br /><p></p><br /><br /><p></p><p></p><p></p><p></p><strong>The corrupted Firefox download page (see how the link has been removed):</strong><br /><p></p><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RiVH7UMheEI/AAAAAAAAAMw/3RTcfvauOlA/s1600-h/firefoxbugged.png"><img id="BLOGGER_PHOTO_ID_5054525241152337986" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RiVH7UMheEI/AAAAAAAAAMw/3RTcfvauOlA/s400/firefoxbugged.png" border="0" /></a><br /><br /><p></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-2618789213597192985?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-4659790983499963322007-04-12T14:35:00.000-07:002007-04-12T14:36:06.888-07:00<a href="http://bp1.blogger.com/_CRb3gYmxpzA/Rh6mOEMheCI/AAAAAAAAAMc/_QC6TAMGioM/s1600-h/cheeky+vm+aware+malware.png"><img id="BLOGGER_PHOTO_ID_5052658592530921506" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/Rh6mOEMheCI/AAAAAAAAAMc/_QC6TAMGioM/s400/cheeky+vm+aware+malware.png" border="0" /></a><br /><div></div><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-465979098349996332?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-31194939787946163262007-04-03T15:25:00.000-07:002007-04-03T15:28:23.639-07:00A zero day exploit using the animated cursor... Here is a Javascript code that's at the source.<br /><div></div><br /><div></div><br /><div><a href="http://bp1.blogger.com/_CRb3gYmxpzA/RhLU0P9RzmI/AAAAAAAAAMU/Hte4Q_1QK4U/s1600-h/ani.png"><img id="BLOGGER_PHOTO_ID_5049332126337584738" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/RhLU0P9RzmI/AAAAAAAAAMU/Hte4Q_1QK4U/s400/ani.png" border="0" /></a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-3119493978794616326?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-84160496349232840562007-03-30T10:12:00.000-07:002007-03-30T10:19:15.366-07:00There is a new worm being sent in spam emails... upon execution it will (amongst other things) send out a message to all your MSN contacts with a web link that leads to a Trojan.<br /><br />Do not open the attachment of course, and always double check before opening a link sent to you by one of your contacts.<br /><br /><br /><a href="http://bp1.blogger.com/_CRb3gYmxpzA/Rg1GNf9RzlI/AAAAAAAAAMM/0uTH8hF1mY4/s1600-h/spam.png"><img id="BLOGGER_PHOTO_ID_5047767955082956370" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp1.blogger.com/_CRb3gYmxpzA/Rg1GNf9RzlI/AAAAAAAAAMM/0uTH8hF1mY4/s400/spam.png" border="0" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><p></p><br /><br /><p> </p><p> </p><p> </p><p> </p><p><a href="http://bp3.blogger.com/_CRb3gYmxpzA/Rg1FJ_9RzkI/AAAAAAAAAME/94LTr2OnoBc/s1600-h/msntrojan.png"><img id="BLOGGER_PHOTO_ID_5047766795441786434" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/Rg1FJ_9RzkI/AAAAAAAAAME/94LTr2OnoBc/s400/msntrojan.png" border="0" /></a></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-8416049634923284056?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-90191074255825055892007-03-22T13:46:00.000-07:002007-03-22T13:50:50.582-07:00After running a file called fijnjkie.exe, I had the surprise to see that my Windows copy was not genuine. How nasty is that?!?<br /><p><a href="http://bp3.blogger.com/_CRb3gYmxpzA/RgLrXzoIPSI/AAAAAAAAAL4/tq4phz8C_UQ/s1600-h/genuine.png"><img id="BLOGGER_PHOTO_ID_5044853326836415778" style="FLOAT: left; MARGIN: 0px 10px 10px 0px; CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RgLrXzoIPSI/AAAAAAAAAL4/tq4phz8C_UQ/s400/genuine.png" border="0" /></a></p><p> </p><p> </p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-9019107425582505589?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-55860830444016215342007-03-20T13:21:00.000-07:002007-03-20T14:00:15.900-07:00<a href="http://bp3.blogger.com/_CRb3gYmxpzA/RgBCmToIPJI/AAAAAAAAAKw/VL5lUaRRP1I/s1600-h/windowservise.png"><img id="BLOGGER_PHOTO_ID_5044104808526003346" style="CURSOR: hand" alt="" src="http://bp3.blogger.com/_CRb3gYmxpzA/RgBCmToIPJI/AAAAAAAAAKw/VL5lUaRRP1I/s400/windowservise.png" border="0" /></a><br /><div></div><br /><div></div><div>Check out the spelling... makes you wonder if its a legit one? ;-)</div><br /><div></div><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5586083044401621534?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-91126807781012929442007-03-09T15:31:00.000-08:002007-03-09T15:33:15.688-08:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp1.blogger.com/_CRb3gYmxpzA/RfHuleWFpMI/AAAAAAAAAKE/4cUDhJ088uY/s1600-h/mirar.png"><img style="cursor: pointer;" src="http://bp1.blogger.com/_CRb3gYmxpzA/RfHuleWFpMI/AAAAAAAAAKE/4cUDhJ088uY/s400/mirar.png" alt="" id="BLOGGER_PHOTO_ID_5040071785572574402" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-9112680778101292944?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-75721877249738588542007-02-26T13:52:00.000-08:002007-02-26T13:57:07.671-08:00Whoever hacked my machine, made a spelling mistake... or maybe couldn't duplicate the original Admin account... Cheap...<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp3.blogger.com/_CRb3gYmxpzA/ReNXQ3c7weI/AAAAAAAAAJ0/OnPbqnfCV6o/s1600-h/winlogonhack.png"><img style="cursor: pointer;" src="http://bp3.blogger.com/_CRb3gYmxpzA/ReNXQ3c7weI/AAAAAAAAAJ0/OnPbqnfCV6o/s400/winlogonhack.png" alt="" id="BLOGGER_PHOTO_ID_5035964755605176802" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-7572187724973858854?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-50073687082017651172007-02-22T14:43:00.000-08:002007-02-22T14:45:37.165-08:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp2.blogger.com/_CRb3gYmxpzA/Rd4cscZZsUI/AAAAAAAAAJc/nXx_4lUewYo/s1600-h/privacyprotector.png"><img style="cursor: pointer;" src="http://bp2.blogger.com/_CRb3gYmxpzA/Rd4cscZZsUI/AAAAAAAAAJc/nXx_4lUewYo/s400/privacyprotector.png" alt="" id="BLOGGER_PHOTO_ID_5034492983309349186" border="0" /></a><br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp2.blogger.com/_CRb3gYmxpzA/Rd4cwcZZsVI/AAAAAAAAAJk/yHI8k28Y1Cs/s1600-h/DriveCleaner2006.png"><img style="cursor: pointer;" src="http://bp2.blogger.com/_CRb3gYmxpzA/Rd4cwcZZsVI/AAAAAAAAAJk/yHI8k28Y1Cs/s400/DriveCleaner2006.png" alt="" id="BLOGGER_PHOTO_ID_5034493052028825938" border="0" /></a><br /><br />Obviously, you can stay away from those.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-5007368708201765117?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-4284328588188215942007-02-16T14:43:00.000-08:002007-02-16T14:44:55.879-08:00Looks a little suspicious after reading the text...<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp0.blogger.com/_CRb3gYmxpzA/RdYzv8ZZsTI/AAAAAAAAAJQ/D3FkHqDDX6I/s1600-h/dialerssigned.PNG"><img style="cursor: pointer;" src="http://bp0.blogger.com/_CRb3gYmxpzA/RdYzv8ZZsTI/AAAAAAAAAJQ/D3FkHqDDX6I/s400/dialerssigned.PNG" alt="" id="BLOGGER_PHOTO_ID_5032266532392644914" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-428432858818821594?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0tag:blogger.com,1999:blog-36446935.post-45607012256484590862007-02-09T09:37:00.000-08:002007-02-08T16:11:48.984-08:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://bp3.blogger.com/_CRb3gYmxpzA/RcyxiMZZsSI/AAAAAAAAAJE/XrnpIVssfWc/s1600-h/spycrush.png"><img style="cursor: pointer;" src="http://bp3.blogger.com/_CRb3gYmxpzA/RcyxiMZZsSI/AAAAAAAAAJE/XrnpIVssfWc/s400/spycrush.png" alt="" id="BLOGGER_PHOTO_ID_5029590084867436834" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/36446935-4560701225648459086?l=spywarebox.blogspot.com' alt='' /></div>spywareboxnoreply@blogger.com0