I've had a few people mention "odd things" happening when trying to install an application on Facebook called "Gridview". Well, I decided to try it out. On the install screen, you see this:

I saw an interesting post over at Anti-Virus-Rants today, where Kurt Wismer linked to an article regarding content scraping. In essence, the site doing the scraping (Security Ratty) ended up with "Security Ratty is a slimy, content stealing thief" on the front page. I find this interesting, because not so long ago I'd considered doing something similar with one of those fake security spam blog things that lift the content and splatter a ton of adverts on their site, while removing correct attribution.

Instead, I decided to do a little digging and quickly traced it back to a guy running a whole network of various sites, blogs and other networks. However - something didn't seem quite right. For all intents and purposes, he seemed like a normal, legit guy. He had pictures of himself on various portals. He openly advertised his main line of business, which (I think) was something to do with accountancy. There was a personal blog about pet dogs.

Holding fire on the "Here's a post specifically for your scraper site poking fun at you, aren't I clever" post, we found out that the guy had purchased a bunch of ready-to-roll blogs in good faith and had no idea the sites were removing correct attribution (and replacing it with fake names), amongst various other things. Realistically, I didn't expect him to know the ins and outs of all the little details that turned reproduction in good faith into something that just about started to cross the line. A few helpful emails back and forth, and everything was fixed at their end and it didn't snowball into some big stupid argument over nothing.

Coming from an arts background, I'm realistic enough to know that if you put something out there, it's going to get copied and / or republished without your permission (or worse) down the line. That's the risk of publishing material online, and to a large degree, there is absolutely nothing you can do about it. The way I see it, you spend the rest of your days on a futile hunt to shut down all the content scrapers, or accept that (at the very least) the information you hope may be of use to somebody will reach and help them in some way.

If it doesn't have my name attached to it, I can live with that - but I'd rather invest my energies in research and writing than a few hours brief "victory" via a slow procession down an RSS feed. I'm not familiar with the ins and outs of the particular case linked to, but for all I know, the scraper site in question is entirely automated and devoid of any real life person manning the controls. If that's the case, the "victory" is rendered almost entirely pointless save for a cool-for-a-while screenshot.

Is that really a good use of time and effort? Personally, I'm more pleased with our behind-the-scenes EMail resolution but different strokes, different folks and all that...

A handful of scam mails currently in circulation, including one mention of "groundnut oil" that seems so bizarre I had to highlight it in bold text. All this and more, after the jump...

Interesting article over at PCWorld:

One of the first social networking upstarts, MySpace, is facing continuing security problems that threaten to spoil many of the innovative features that make the site useful.

Hackers, spammers and Internet malcontents have turned many of the "group" sites, which are dedicated to interests such as home beer brewing, animal welfare and gay rights issues, into cyber-graffiti walls, filled with offensive comments and photographs.

Link here.

Here's a spamming program that targets Xfire users, with a particularly distasteful name. If you're under 16, you'll probably find the name incredibly lulzy (or whatever it is that kids under 16 are saying at the moment). Open up the zip the program comes in, and you'll see that it's called...er...




...yeah, charming. Note that it also comes bundled with a solitary MP3, presumably to rock out to over and over again while you get your fill of spamming chatboxes for a small portion of eternity.

Here's the application in action - there seems to be an abundance of angry, red shouty faces with this one, doesn't there?

Its true, you too can finally get into the botnet you always wanted.  Finally the ability to be a zombie computer under some losers control is yours!

Seriously though, becoming a victim to a hacker's botnet is incredibly easy.  These attacks are not typical to other forms of destruction found on the internet.  There true intent is usually to remain hidden from view until called upon.  In the case of FastTrackBot however there is a new objective.  FastTrackBot downloads several executable files that keep your computer clicking on the attacker's affiliate links.  These executable files keep the webpages in hidden iexplore.exe windows in order to hide the application from suspicious eyes.  If you're using X-cleaner, I suggest you take a look at the Expert Tab.  The Show All Hidden Windows function is great for showing you exactly what is open at the time.


FastTrackBot phones home to several of these sites in order to keep the user clicks through affiliate links.

Aside from creating invisible windows to hog your bandwidth up, it also attempts to install a rogue anti-spyware application.  This is a popular technique when attempting to fraud the victim into leaking credit card information when actually attempting to purchase the fake product.  FastTrackBot inserts a fake security center that appears identical to the one found in Windows XP.

As you can see in the address bar, this is not the actual security center.  Clicking anywhere on this window means almost certain doom in the worst way possible...a never ending stream of fake "YOU ARE INFECTED!!!!" alerts.


In order to kill the actual application, you have to remove it from memory first, then remove its autostart which is found in 5 different locations - or simply remove with our free Microscanner.

As Keanu would say, "There's a bomb on the bus".

I mean, "Whoa". He might also have said "Excellent", but that was definitely the wrong film.

At any rate, here's an infection from China called "Agent.NEO", which probably has some deep seated relevance to the Matrix trilogy. Or maybe not. There aren't tons of screenshots of desktop fireworks, because by and large, this infection doesn't hit you with the pretty whiz-bang effects on your monitor. What it does do, however, is drop a ton of files onto your PC (many of which do strange things - here's a couple from various directories):






...slows everything down to a crawl, attempts to detect and disable security programs, contact a remote mail server with network sensitive data, hijack your IE:





....and tries to show you a couple of Chinese popup ads (none of those pages were online at time of testing, otherwise there'd be multicoloured screenshots galore below).

I'm trying really hard to end this writeup with a really cheesy Matrix reference, but I can't think of any so in conclusion: avoid Agent.NEO at all costs (but watch the films again, they're awesome).

New Social Networking sites appear all the time nowadays, but I must admit to being at least faintly concerned about a new site currently in Beta called "Plazes" (spot the play on words).

There isn't a great deal of information on the site at present, but from looking at it, the whole concept seems to take the idea of Twitter - constant stream of information about your day to day business - then tie it up with software that seems to pinpoint your every move.

If I'm wrong, please tell me - but wow, this sort of creeps me out. Check out the main homepage:

There's a collection of credit card hack / generation tools currently in circulation, and apparently quite popular with the script kiddies. With programs seemingly dating back from 1995(!) up until the present day, there's something for everyone in this little bundle of "joy".

Here's what you'll see when the files have been unzipped:

Seen filling up mailboxes en masse....