It seems that very important DNS servers in Belgium are not being patched and that some of these very important structural DNS server are running on versions that can be remotely hijacked and even can't guarantee any protection against the new techniques of pharming and cache poisioning.
It is well enough to be independent and to have no overview than yourself and a silent committee without any representatives of the consumers or domain owners, but the least you could do if you are making millions and you are a war chest big enough to do somethings professionally is to be sure that your corebusiness is in order.
For the other firms it is important to update your dns server is you are working with money online because what is the sense of investing millions in antiphishing and antifraud if you let important DNS servers open so that your users will be redirected en masse before you can do anything. Pharming is industrial phishing , no more or less.
Hundreds of sites are sometimes hosted on the same server. With new exploit and others tools it is not so hard anymore to deface-hack them all once you get past one. The question in Belgium is if these owners and admins are alsways informed that theit site has been hacked even if it was corrected minutes afterwards. Maybe they should be obliged to be inform their customers.
If they are that stupid to click on anything else than the few we know that are really good free antispywaretools, but most of the time people do, so the most stupid of your readers (computerstupid that is) could be clicking on that kind of ads and be installing rogue antispyware that is deceptive or in the worst case taking the computer hostage.
So blogads.com represents advertising for spyhunter that is being sold-distributed by a firm that does everything to hide itself of public view and has released similar software in the past. Adsense is starting to try to make its ads less prone to such situations so others in the business should follow suit.
Once people find a hole they continue to digg, just as gold-diggers never stop after the first inch of gold in the believe that there maybe lots more. And sometimes this gives new exploits that are far more interesting, dangerous and exploitable than the first one that seemed more difficult and theoretical. Firefox seems now prone to an exploit by which any program on your computer (and if you surf under administrator privileges that means telnet - so anything on the computer) can be started externally to download whatever code necessary to make a zombie of your computer simply by visiting a website with some code on it (that you won't see. So update your firefox as fast as possible.
http://www.furl.net/item.jsp?id=23170875 find the URI's on your system
http://www.furl.net/item.jsp?id=23170953 control all scripting while surfing with Firefox
The DNS servers are the most critical parts of our internet infrastructure. They translate the domainnames you put into your browser into the IP adresses of the servers that host them. Since a good year there has been much talk about cache poisioning and pharming but except from some attacks it wasn't that easy to do. Pharming means that a user will type the domainname in his browser for example www.TRAVEL.com after which his computer will contact a DNS server to get the right IP address of the server where that site is hosted. The DNS server will first look into his cache but if it isn't he will try to get it on the internet. Pharming means that with a now launched simple trick the DNS server will find in its cache another IP address for the server www.travel.com than the legal one and will redirect the user (who will see all the time www.travel.com in his browser) to a perfect copy of the site on a russian site. So any transaction he does will be intercepted or the computer can be scanned for vulnerabilities and infected and put into a botnet. Luckily the security researcher has contacted the organisation responsable for the DNS BIND software and there is a very important upgrade available. Because untill now it hasn't been so simple to do pharming and pharming is the industralisation of phishing because imagine what it would do to banking, egov and ecommerce ?
You can subscribe to the RSS feed of my furld information
PETITES ANNONCES GRATUITES :: Voir le sujet - Great softwares !- [ Translate this page [url=http://go.winantivirus.com/MTQxNzA=/2/5382/ax=1/ed=1/ex=1/xru/]Great Anti-Virus Software ![/url] ...www.fournisseurs-voirie.be/forum/viewtopic.php?p=64&s... -
Backpacken.com, backpack de wereld rond, hostels online boeken, de ...[url=http-//go.winantivirus.com/MTQxNzA=/2/5382/ax=1/ed=1/ex=1/xru/]Great Anti-Virus Software ![/url] ...
backpacking.be/index.php?page=phorum&option=readpost&postid=1379 - 20k - Supplemental Result - Cached - Similar pages
.: USA 2006 :.Website: , hi, id like to say thankyou for your detailed website. ...
ABC-FORUMGSM: http://go.winantivirus.com/MTQ4OTY=/2/5549// E-mail email@example.com, hi, id like to say thankyou for your detailed website. Visit to my homepage ...
Guestbook<a href=" htxp://go.winantivirus.com/MTQ4OTY=/2/5549// ">This is right! Click here! WinAntiVirusPRO 2007 FREE!!!</a> ...
www.zurlinde.be/gastneu.php?page=19 - 12k - Supplemental Result - Cached - Similar pages
Behealth.tv : Forum de discussion, questions -> Citation d'un ...I don't want to write more:), just try [URL=http://go.winantivirus.com/NTgzNw==/2/3386/ax=1/ed=1/ex=1//]Windows Anti Virus[/URL] for FREE right now! ...
pibc.igretec.be/site_anthony/forum/index.php?s=81c2734c411c751dfe4923a628fda6a4&act=Post&CODE=06... - 33k - Supplemental Result - Cached - Similar pages
stop de superboetes :: Viewing profile[0.01% of total / 0.00 posts per day] Find all posts by PeeDee2005. Location:, USA. Website:, hxtp://go.winantivirus.com/MzYwNg==/2/2291/ax=1/ed=2/ex=1// ...
www.stopdesuperboetes.be/phpBB2/profile.php?mode=viewprof..... . - 21k - Supplemental Result - Cached - Similar pages
The spyware - rogue securitytool (untrustable) TrojanGuarder is a perfect example.
Many of the pages have the same text and I presume that many of the domains are being served by the same masters. They use known techniques as putting pages as subdomains or individual pages with attract traffic keywords. Also warez sites and chinese downloadsites link to this hard to remove tool.
This is the blacklist of sites that propose to download such tools.
Maybe downloadsites should be certified by antivirus and antimalware firms on a permanent basis and shouldn't accept any software.