Tuesday, August 30, 2011

ZeoBIT MacKeeper Crapware
Marketing Moron Attack

Yesterday I got hit with my first ZeoBIT MacKeeper bomber page while searching on Google. I call it a 'bomber' page because it uses JavaScript (the sworn enemy of web security) to force a popup page into your web browser, despite your popup settings. When the nasty page appeared and blared its rhetoric at me, I thought I must have found a new version of MAC Defender. But no, this is a legal Mac software suite being foisted at you via offensive marketing moron methods.

The nasty ZeoBIT MacKeeper popup page attempted to tell me that the Google result page I had open was considered potentially dangerous. Right. Therefore, I used Google again to find out what this crapware really was. I was pleased to discover that my net colleague Thomas Reed had created an excellent write-up about this crapware last week. Thomas and I work together in a Mac malware discussion group on the net. Enjoy:

I also found an article about MacKeeper provided by Daniel Feeney:

To quote one comment from Daniel's initial review of MacKeeper:

Mostly what they do is take existing features of your operating system and put it in one place, and make you pay for the privilege. Add in their aggressive marketing, the fact it uses Wine (classic half-assed windows developers trying to cash in on gullible Mac users), and the reports of horrible system performance after installing this crap, and well, do you really want to deal with it?
Needless to say: 
I suggest that NO ONE install MacKeeper or believe a word ZeoBIT spew at you via their marketing moron attack methods.

[Marketing Moron: Any human who uses abusive or disrespectful methods of selling or promoting a product or service. Antonym: Marketing Maven. Use in a sentence: 'The decay of the modern business practices is morbidly illustrated by the unprecedented increase of marketing morons, self-destructive brigands who treat customers with contempt. ]

Monday, August 22, 2011

China Shows Their Cyber Warfare Cards,

The hilarity.

Red China has been hacking into USA computers, as part of what has been a declared cyber war, since 1998, the year they were provided 'Most Favored Nation' status. In 2007 the US feds finally couldn't hide this fact any longer after they found their Windows computers exposed to the Internet had been invaded with bots that were feeding every available bit of data back to Red China.

So I am laughing away at this bizarro news report via Neowin.net:

Well DUH! (0_o)

The source article at ThePochTimes.com is here:

There is no big revelation here except for people with their heads buried in the sand. Also, I'm not so sure China made a booboo here. I think they just don't care. China knows perfectly well that thoughful people of the USA know that China has been hacking us since 1998. China knows that we uncovered their internal memo, circa 2007, formally declaring cyber war against the USA. We know the Chinese government financially backed the Red Hacker Alliance. Officially China says 'no', but who cares? They lie. We know they lie. They know we know they lie... (>_<)

'Here world, check out our cyber war hackware. Enjoy yourselves. HaHaHa.'

The ACTUAL issue here is what the H E L L are the US feds are going to do about it?!

What are YOU going to do about it?
Buy more cheap crap from China?
Feed the Chinese military machine?
Help herald in the next Chinese empire?

I'm not, if I can help it.

And good luck to me with that endeavor! The USA is firmly latched onto the teet of cheap labor from China. The US Vice President was just over there making all nice to the commy dictators in order to persuade them to keep propping up the US debt despite recent Tea Party boobery.

What is an informed public to do when our US Corporate Oligarchy prevent the rule of the sane?

Tuesday, August 9, 2011

Adobe CRITICAL Security Updates for August!

Adobe released another slew of 'Critical' security updates today. Here's the lineup:

- Adobe Shockwave Player - Update to v11.6.1.629. (Be careful which version you install, either 32-bit or 64-bit, to match the bit mode being used by your web browsers. If one version fails, uninstall it and try the other). Numerous memory corruption (buffer overflow) vulnerabilities.

- Adobe Flash Media Server - Update to v4.0.3 or v3.5.7. Memory corruption (buffer overflow) vulnerability.

- Adobe AIR - Update to version v2.7.1. (Apparently required as part of the Adobe Flash Player update).

- Adobe Flash Player - Update to v10.3.186.5. Numerous memory corruption (buffer overflow) vulnerabilities and a cross-site information disclosure vulnerability.

- Adobe Photoshop CS5 - Update via CS5/CS5.1 Standard Multiplugin Update. Malicious GIF file vulnerability.

- Adobe RoboHelp / RoboHelp Server - RoboHelp v9.0.1.262 users are NOT vulnerable. Earlier RoboHelp 9 users update via APSB11-23_1.zip. RoboHelp 8 users update via APSB11-23_2.zip. Cross-site scripting attack vulnerability.

You can access links to all the security announcements and update files here:

Adobe Product Security Incident Response Team (PSIRT) Blog


Friday, August 5, 2011

New: Trojan.OSX.BASH/QHost.WB.A,
Posing as FlashPlayer.pkg Installer (heehee!)

F-Secure has posted news about a new Trojan horse for Mac OS X. It is currently being called "BASH/QHost.WB". Using the standard malware naming system, the official name should be Trojan.OSX.BASH/QHost.WB.A. So far I am unaware of why it is being given a 3-part name. Most likely there will be the usual proliferation of other names across the anti-malware community before a final name is established.

F-Secure's report is well documented and worth reading here:

Trojan: BASH/QHost.WB

Why I'm laughing, heehee: Of all the software to fake for Mac OS X, it is HILARIOUS that these malware rats chose the Adobe FlashPlayer installer. Is there any more hated software for Mac OS X than Adobe Flash?! Oops. I don't see this Trojan becoming very proliferated. But there are always victims, so it is worth documenting what this thing does.

So far there is no documentation as to where the Trojan is found. As usual, double-check the source of ALL your software. NEVER install anything you've been sent or randomly picked up off the net without verifying it as legitimate. Obviously, the safest place to pick up the Adobe FlashPlayer software is directly from Adobe. Also keep in mind that Adobe FlashPlayer has historically been found to be profoundly insecure. Be absolutely certain you are installing the most recent version of FlashPlayer and check Adobe at least once a month for security updates.

When installing the fake FlashPlayer.pkg file, it looks like Apple's standard installer, fooling you that it is legitimate.

After installation, Trojan.OSX.BASH/QHost.WB.A takes over your 'hosts' file and damages it to dump your web browsers to a phishing site located in the Netherlands. The malware can easily damage the hosts file for further fake forwarding in the future. (Say that 10 times!). The Mac OS X hosts file is located here:


You can read about the purpose of the hosts file here:

Hosts (file) @ Wikipedia

The current version hijacks a series of Google web addresses. If you read F-Secure's notes you'll see that there are detectable differences between the real Google pages and the fake phishing pages.

Using the phishing site results in bogus search results. Clicking on the result URLs only returns you back to the phishing site. Meanwhile, however, the bogus site nails your browser with a series of pop-up pages which it grabs from a nefarious remote server.

At this time, the pop-up remote server is not providing any information to the phishing site. Possibly, this is a prototype malware being used either for demonstration purposes or to prove a hacking method to the hacking community. No doubt we will know more about the situation in the near future.

Most likely, Apple will be integrating a signature for Trojan.OSX.BASH/QHost.WB.A into their XProtect anti-malware system in Mac OS X 10.6 and 10.7. At the moment of my posting this article, Apple has not yet updated their XProtect.plist file.

Share and Enjoy!


Infamous SPAMRAT 'Spamford' Indicted,
Facing A Possible 16 Years In Jail :-D

I'm a veteran SPAMRAT hunter / destroyer. I've killed off so many SPAMRATS, I'm convinced I'm on their 'Do Not Spam' list for fear that I'll hunt them down and eliminate them. I very rarely receive SPAM in my email these days. Instead, I get verification and thank you notes from ISPs when they shut down SPAMRATS I've reported.

Therefore, it is with great glee that I read over the past couple days that the single most infamous SPAMMER of all time is facing a possible 16 years in jail for his nefarious damage to the Internet. Who's the SPAMRAT? It's Sanford 'Spamford' Wallace. He represents the ultimate Marketing Moron, an idiot who literally hates his customers and bombs them with marketing manure at every opportunity with no conscience, no respect for the consequences. I'd go so far as to label him and his ilk psychopathic, but don't consider me any expert on psychology.

Spamford's trial is scheduled to start August 22nd. Below are a few articles about the story so far.

Spam King Sanford Wallace Indicted for Facebook Spam

Infamous spam king could get prison time for Facebook spamming, phishing

Sanford Wallace @ Wikipedia

If you'd like to become a SPAMRAT hunter as well, here's a great place to start. I've been a paying contributor since 1998:


Every chunk of SPAM you turn in to SpamCop.net is verified, reported to affected ISPs, the offender listed on a SPAM blacklist provided free to the public. I've heard SPAMRATS rant in public about how much they hate SpamCop.net. Relish that thought. Contribute to the cause.


Wednesday, August 3, 2011

McAfee Figures Out That Red China
Has Been Hacking The USA
For Five Years

Red China has been hacking the USA government since 1998, the year China was given 'Most Favored Nation' status. 1998 was the year the roots of China's government hacking gathered together and formed 'The Red Hacker Alliance'. It used to be that the Red Chinese government denied paying The Red Hacker Alliance for its services. These days TRHA has simply been integrated directly into the Chinese government. They no longer operate as in independent entity.

The USA government was forced to admit China's activity in 2007 after the public was informed that government Windows OS computers connected to the Internet had been infected with bot malware that was feeding ALL available USA government documents directly to China. An internal Chinese memo was also uncovered around that time which declared a cyber war against the USA.

And now we get to read that McAfee figured out, here in 2011, that Red China has been hacking the USA for the last five years. Incredible DUH Factor:

Travel back to some of my earliest posts in this blog for more about the history of Red China's declared Cyber War against the USA. Here's a relevant article from 2006, five years ago:

Here's a link to a post I made over at Soft32.com's Mac forum on May 31, 2007:

As I quoted from the SANS Institute's NewsBites newsletter, Volume 9, Number 43:
--DoD Report: China Bolstering Cyber Warfare Capabilities  (May 28 & 29, 2007) 
China "has established information warfare units to develop viruses to  attack enemy computer systems and networks, and tactics and measures to  protect friendly computer systems and networks," according to a recent  report from the US Defense Department (DoD). In previous years, the  Pentagon's annual report to Congress on China's military power has  indicated that China was focusing on defensive measures, so the shift  to offensive tactics merits attention. 
So where have you been for five years McAfee? And why does the tech press think McAfee's late revelation is news?

Here are a further few China cyber war articles from way back when:

May 30, 2007

Cyber Warfare: Beyond Estonia-Russia, Rise of China's 5th Dimension Cyber Army for the 21st Century

September 14, 2007

October 9, 2009

CONCLUSION: Think about Red China screwing over the USA as well as the rest of the world the next time you buy cheap stuff 'Made In China'. Wonder why the USA still provides Red China with 'Most Favored Nation' status considering the fact that China has declared war against us. Think about the motives of the traitorous Corporate Oligarchy that really rules the USA government.