Originally Posted May 31
A Revolution is the Solution...
...and here it is. I had intended to go to London for a holiday, but it seems my best bit of online jibber-jabber actually took place a world away from modems, telephone sockets and keyboards that continually GET STUCK ON CAPS LOCK>
And so, one furtive meeting at a payphone later (seriously, why can't these guys meet up in Burger King like everyone else) and I had myself an audience. It came to me a while ago that we security researchers are almost cheating ourselves in the race to find new malware. By the time we've bust the doors down, cuffed everyone in sight, pepper-sprayed the occupants and wrote a load of stuff about horrible installs, in many cases, the damage has already been done. It's quite rare that we get there first.
There is, however, a group of people that tend to stumble across brand new infections weeks (or in some cases) months before anyone else claps eyes on them. These people are the great digital-disenfranchised, friend of no-one and enemy of all, if you believe the popular press. They may not go looking for this stuff - often, it's a by-product of whatever else they're looking for and so the initial discovery becomes discarded.
Not anymore, however.
Full Read @ VitalSecurity.org
===============================================
Friday, June 03, 2005
Direct Revenue: BUSTED!
Let it never be said that I don't carry out a threat. After that little escapade, I wonder if Direct Revenue really expected anything less. Allow me to recap: Aurora. Nobody likes it. Everybody has it. No-one can find an install site.
Sunbelt Software threatened. Claims of legitimacy from Direct Revenue.
Paperghost: R0xoring the b0xor.
I've had a particular site on the radar for some time now (initally playing with it a good while back), but the dayam thing went down before I could save any evidence. I know a number of other people have this one in their sites too. However, in an act of total stupidity, the people behind this site brought it back online, and it's a decision they'll likely regret for some time.
The time for babble is done - let's cut right to the chase. The following pictures will say it far, far better than I ever could.
Let me recap this. Pore over every single word of it:
"Aurora is the brand name of one Ad Client which, as stated above, is only installed upon affirmative acceptance of the EULA".
Now, they must do EULA stuff like that before EVERY install. Even something as nasty as, say, Ceres? (which is basically Aurora by another name). There could never be any confusion as to exactly which EULA they mean in any given installation, could there?
Wrong. Prepare to watch the plot thicken.
Full Read @ VitalSecurity.org