Search Engine Poisoning...

AplusWebMaster

AplusWebMaster

New member
Advisor Team
SEO poisoning attacks - researched

FYI...

SEO poisoning attacks - researched
- http://www.sophos.com/blogs/sophoslabs/?p=9264
March 31, 2010 - "Regular readers will have seen numerous recent SophosLabs blogs describing how attackers are poisoning search engine results in order to hit victims with malware. In recent months, these type of Search Engine Optimisation (SEO) attacks have become a route through which fake anti-virus malware is being distributed. One thing common to the attacks is that the SEO pages are hosted within legitimate sites. This makes it harder for the search engines to identify the rogue pages, and exclude them from search results. It also lets the SEO pages piggyback on the reputation of that host site, which may help boost the search engine ranking... SophosLabs have published a new technical paper* that describes how these SEO attacks are being managed, by analyzing a selection of the kits that are being used by the attackers..."
* http://www.sophos.com/sophos/docs/eng/papers/sophos-seo-insights.pdf

:fear::mad:
 
SEO poisoning - 2010 Masters

FYI...

SEO poisoning - 2010 Masters
- http://www.m86security.com/labs/i/2010-Masters-SEO-poisoning,trace.1299~.asp
April 12, 2010 - "For cyber criminals, distributing malware is as easy as increasing the Google page-rank of a malicious landing page. But before cybercriminals can do that, they need to ride on a hot topic that people are currently searching for... take an example of a current hot topic: "2010 Masters"... We have noticed that most search results point to a malicious PHP webpage... If you are unfortunate enough to click on one of these malicious links, it will point you to the usual fake antivirus scanner page and ask you to install a fake antivirus executable. After installation, this rogueware asks you to pay a fee to “disinfect” your machine of bogus malware... To make sure the fake antivirus doesn't get caught by any real malware detection tool, it stops your favorite antivirus and other security monitoring tools from running. It adds a key to the registry, so that instead of executing your antivirus process, the malware will execute a legitimate Windows program SVCHOST.EXE. Furthermore, the fake antivirus edits the Windows hosts file preventing Google, Bing and Yahoo search engines from opening in a browser, instead directing you to a malicious IP address... when doing your online searching, be wary and don't automatically trust search results especially when using Google."

:mad:
 
Search Engine results continue to be poisoned

FYI...

Search Engine results continue to be poisoned
- http://www.symantec.com/connect/blogs/search-engine-results-continue-be-poisoned
April 26, 2010 - "... poisoning search engine results with links to fake antivirus software is an effective way for attackers to infect users’ machines. As such, we constantly track search results for malicious links... Hackers clearly have a vested interest in ensuring their attacks are effective in poisoning Google results, most likely because of its large market share — Google’s breadth and speed of indexing will also play a role.
• On average at any given hour, 3 out of the top 10 search trends contained at least one malicious URL within the first 70 results.
• On average, 15 links out of the first 70 results were malicious for search terms that were found to be poisoned (had at least one malicious URL).
• On average on any given day, 7.3% of links are malicious in the top 70 results for top search terms.
• The most poisoned search term resulted in 68% of links leading to malicious pages in the first 70 results
• Almost all of the malicious URLs redirect to a fake antivirus page...
While attackers are sometimes more successful in poisoning certain search terms, this is primarily due to luck. They use an automated system to determine which terms to poison... These days, the attackers continue to be effective at poisoning search results. They have an automated infrastructure that is able to automatically collect the latest, most popular search trends and poison the results. So, be careful when clicking on search result links, especially when searching for hot search topics..."

(Screenshots and graphs available at the URL above.)

:fear::mad:
 
SEO poisoning attack variants...

FYI...

SEO poisoning attacks - new variants...
- http://blog.trendmicro.com/fake-youtube-pages-flash-installers-used-in-blackhat-seo-attacks/
July 14, 2010 - "Using search engines and watching videos are two of the top Internet activities that users do on a daily basis. In the threat landscape, this usually translates to threats such as blackhat SEO attacks, malicious pages crafted to look like YouTube pages, and, as we recently found out, attacks that use -both- blackhat SEO and malicious YouTube-like pages. In the recent attack that we saw, query results... were found to initially lead to YouTube-like pages before displaying the all-too-familiar fake malware infection warnings. The results are most likely to be compromised sites, all injected with search keywords that will lure users into visiting them... page may trick the user into thinking that the link that they’ve clicked leads to a video, and that they need to install Adobe Flash Player to view it... the cybercriminals behind this attack have a keen eye for detail; not only did they use a convincing interface for the fake Adobe installer, they also used a URL that strongly suggests that it is an Adobe-related site. This is a very notable change, since blackhat SEO attacks have been known to bring about FAKEAV variants specifically. These changes are just a few that we’ve seen. Blackhat SEO attacks no longer just ride on the popularity of big news, as it did before. SEO poisoning attacks are being deployed every day, tainting searches and bringing forth malware..."

:fear::fear:
 
Google - malicious search results...

FYI...

Google - malicious search results...
- http://www.zdnet.com/blog/security/google-tops-comparative-review-of-malicious-search-results/7009
July 30, 2010 - "According to a newly released report by Barracuda Labs, based on a two-month study reviewing more than 25,000 trending topics and 5.5 million search results, Google remains the most popular search engine used by malicious attackers, relying on poisoned keywords. The company, which also sampled Yahoo Search, Bing, and Twitter, contributes Google’s leading position to the fact that Google remains the market share leader in online search, and consequently the most targeted search engine..."

:sad:
 
Massive BlackHat SEO Attacks

FYI...

New Massive BlackHat SEO Attacks
- http://blog.urlvoid.com/new-massive-blackhat-seo-attacks/
August 1st, 2010 - "... websites hacked and used in a new campaign of blackhat seo attack with the objective to -redirect- all users to very dangerous websites that spread the infamous and well known rogue security software and the other dangerous threats such as TDSS rootkit and Zeus..."

(Hijacked keywords and summary of malicious domains at the URL above.)

:mad::mad:
 
Halloween SEO poisoning...

FYI...

Halloween SEO poisoning...
- http://www.eweek.com/c/a/Security/Hackers-Target-Halloween-Search-Terms-569624/
2010-10-30 - "Attackers are targeting people searching for last-minute ideas on Halloween costumes... CyberDefender identified a fake anti-virus Trojan downloader infecting pages that come up when searching for Halloween costumes. When users land on these infected pages, the fake anti-virus installer hijacks the user’s Web browser and initiates a malicious process, CyberDefender said. The infected PC becomes sluggish and slow-performing while exposing personal data, according to the company. One form, identified by Panda Labs*, displays a fake video player page and asks the user to download a codec in order to play the video. Popular search terms reflect what users are interested in at that time, making it a lucrative target. Criminals often create pages that are highly search engine optimized, with keywords reflecting currently popular search terms... Called SEO poisoning, hackers create these pages that Google and other search engines pick up thinking they are legitimate, and return them when users type in the search terms..."

* http://pandalabs.pandasecurity.com/malware-spreading-via-halloween-related-keywords/
"... top 5 most targeted phrases:
1. Halloween costumes
2. Halloween decorations
3. Halloween ideas
4. Adult Halloween costumes
5. Free pumpkin pattern ..."

:fear::fear:
 
SEO Poisoning - Election results...

FYI...

SEO Poisoning - Election results...
- http://isc.sans.edu/diary.html?storyid=9868
Last Updated: 2010-11-02 21:36:09 UTC - "We have seen a couple of instances of search result poisoning for election related search terms..."

- http://community.websense.com/blogs...e-av-rides-the-US-midterm-elections-wave.aspx
01 Nov 2010 - "... some search terms related to the ongoing event return sites employing black hat SEO... some of the infected sites already come with a warning. However, there are still a handful of Web sites that do not have warning messages attached to them. Search terms used in this attack include:
2010 midterm election
midterm election results
midterm election 2010
midterm election latest polls
midterm election 2010
midterm election season
midterm election latest polls gallup
At the time of writing, the black hat SEO'd sites appear benign, only redirecting users to what appears to be a blank page. A closer look at the code reveals that the page contains a URL to a rogue AV site... If you copy and paste this URL in your browser, it will redirect you to the rogue AV download page which prompts the user to download inst.exe, identified by 10 of 43 VirusTotal engines*..."
* http://www.virustotal.com/file-scan...84a322b611d878845ab75b52a0a994d8f8-1288630936
File name: inst.exe
Submission date: 2010-11-01 17:02:16 (UTC)
Result: 10/43 (23.3%)
___

- http://community.websense.com/blogs...efox-updates-join-the-rougue-av-election.aspx
2 Nov 2010 - "... we spotted further activity on what appeared to be blank pages from the Black Hat SEO... This particular attack is browser-aware, as the threats are specific to the browser being used... As of the time of writing and publishing this blog, the coverage for the file download prompts for both IE Flash Update* and Firefox Flash update** was about 27.9%* as confirmed by VirusTotal."
(Screenshots available at the URL above.)

* http://www.virustotal.com/file-scan...9ebac1471e611e3a9ade482832a08fc60d-1288711379
File name: v11_flash_AV.exe
Submission date: 2010-11-02 15:22:59 (UTC)
Result: 12/43 (27.9%)

** http://www.virustotal.com/file-scan...b51e21188c35a56f57ff0d7d130a8c9054-1288711390
File name: firefox-update.exe
Submission date: 2010-11-02 15:23:10 (UTC)
Result: 12/43 (27.9%)

:mad:
 
Last edited:
SEO poisoned search results - Prince William / Kate Middleton

FYI...

SEO poisoned search results - Prince William / Kate Middleton

- http://community.websense.com/blogs...g-prince-william-engagement-for-attacks.aspx?
16 Nov 2010 - "... attackers have the process down to a science. They monitor breaking news, trending topics, and buzz words, then automatically manipulate search results based on what's happening in the world... searching for news and buzz words is now more dangerous than searching for adult content, with approximately 22.4% of all searches for current news leading to malicious search results..."

- http://sunbeltblog.blogspot.com/2010/11/royal-engagement-announced-seo.html
November 16, 2010 - "The British royal family announced today that Prince William will marry his long-time girlfriend Kate Middleton next year. Every news source on the planet is gushing and the dark side of the Internet is taking advantage of the news coverage. Surf with care. A Google search for “Kate Middleton” results in a poisoned link..."

- http://community.websense.com/blogs...ant-previews-a-pawn-for-malicious-intent.aspx
17 Nov 2010 - "Ever noticed a magnifying glass next to your Google search results lately? It is actually a new service that Google launched last week called Instant Previews. This service allows users to see what a page looks like before going to it by hovering or clicking the magnifying glass next to the Google search results. Simple? Yes. Secure? Not so much. Our research shows that the images shown in Instant Previews is not updated as frequently as anyone might assume. Therefore, we don't think this feature would help users as much in making an informed decision on judging whether a link is indeed malicious or not... We reported some Black Hat SEO'd websites from searches relating to Prince William's engagement yesterday. Using Google's Instant Preview on the malicious search results may lead users into believing that the links they're clicking on is actually safe when in fact it's not..."

- http://www.theregister.co.uk/2010/11/17/royal_engagement_malware/
17 November 2010 - "... The process of manipulating search results - black hat search engine optimisation - has been going on for at least three or four years and is increasingly becoming automated. Hackers affiliated with scareware outfits in the Ukraine, Russia and elsewhere carry out the coding work."

Infected searches (chart)...
- http://community.websense.com/cfs-f..._5F00_percentage_5F00_2010.png_2D00_550x0.png
17 Nov 2010 - Filed under: Rogue AV, Blackhat SEO

:mad::fear:
 
Last edited:
SEO poisoning subject: Korea...

FYI...

SEO poisoning subject: Korea...
- http://blog.trendmicro.com/cross-border-korean-shelling-leads-to-fakeav/
Nov. 23, 2010 - "News outlets all over the world are talking about the recent cross-border clash between North and South Korea... Within -hours- of the incident, certain Korea-related search terms were already poisoned... This malware redirects users to different pages based on their browser..."

:mad:
 
SEO poison missed by Google...

FYI...

SEO poison missed by Google...
- http://threatpost.com/en_us/blogs/seo-poisoned-sites-still-slipping-google-012111
January 21, 2011 - "Attacks that use search engine optimization to push malicious pages into the top rankings on search engine results are on the rise in 2011, but new research from zScaler* suggests that efforts to identify and block the pages are paying meager dividends. A blog post by Web security firm zScaler* notes that Google's own data shows it spots just more than one in two malicious links served up by its search engine. Google reports that they are flagging 52 percent of all malicious links rendered by their search engine. When it comes to malicious links that lead to malware infected pages, Google flags a slightly higher 57 percent. Still, this only accounts for 44 percent of all spam across the Web..."
* http://research.zscaler.com/2011/01/blackhat-seo-numbers-for-december-2010_20.html
___

Be Careful What You Search For ...
- http://www.symantec.com/connect/blogs/careful-what-you-search
18 Jan 2011

:fear::mad:
 
Last edited:
Massive Blackhat SEO Malware Campaign Launched

FYI...

Massive Blackhat SEO Malware Campaign Launched
- http://securehomenetwork.blogspot.com/2011/01/massive-blackhat-seo-malware-campaign.html
January 25, 2011 - "On January 23rd, thousands of machine generated attack sites were registered through GoDaddy via DNSPod name servers. These sites generally include a name of 5 characters in length, and utilize the .info TLD. The sites combine black hat SEO poisoning with virulent malware infections. At least one anti-virus vendor has labeled the infections as "not disinfectable". The structure of these sites take two forms. The attack sites utilize a technique known as wild card DNS. This enables an infinite number of subdomains to be created for a single domain name. Sites like pgkqy.info... refer to as the hounds, contain over 6000 links to the attack sites. The hounds' content (6000 links) consists of 200 links to the subdomains of 30 different attack domains... The hounds' large number of links serve to boost the search engine rankings of the attack sites. The attack sites themselves are littered with keywords and phrases designed to poison search engine results, and lure the unwary. These include references to celebrity sex scandals, teenage sex, and so forth. The attack sites also contain machine generated text consisting of numerous paragraph length narratives (in English and Mandarin). Inserted among these narratives are out of context messages, which resemble coded messages... One of the sites distributing malware to the visitors of the attack sites (code1.2bj.cc) has previously distributed malware deemed "exact, not disinfectable" by F-Prot. In that incident, anti-virus detection rates were approximately 50%... both hound site dsqof .info and attack site bjpwn .info are at 184.82.9.206. -All- are utilizing f1g1ns1 .dnspod .net as a DNS server. We will pinpoint more hostile IP addresses as time permits. You can pursue further investigation with the use of this file:
- http://doc.emergingthreats.net/bin/...essNetwork?rev=1;filename=includes_skynet.txt ..."
(Note "RussianBusinessNetwork" in the URL...)

:mad::mad:
 
Last edited:
SEO poisoning - Google Image search ...

FYI...

SEO poisoning - Google Image search...
- http://community.websense.com/blogs...ker-google-image-search-results-poisoned.aspx
21 Apr 2011 - "... Websense... has detected that Google Image search returns poisoned pictures when searching on celebrity child "Presley Walker". We first found on Monday that all the image search results took users to a notorious exploit kit – Neosploit. Later, it changed to redirecting users to rogue AV sites. As we publish this blog, the search results are -still- poisoned and are leading to Neosploit again... From the chain, we see the third URL is the malicious site holding the exploit code. We found that all the exploited sites are hosted on the same IP 66.235.180.91, and interestingly, they constructed it with the same path named TF19, which looks like a pattern of this campaign. At last it will trigger appropriate vulnerabilities targeted by this exploit kit according to the user's operating system and browser... we see it downloaded a PDF file that targeted -three- Adobe Reader vulnerabilities. This PDF file is heavily obfuscated and has a relatively low VirusTotal detection*... Neosploit is a well-known exploit kit in the black market. The authors reportedly stopped supporting and updating the exploit kit due to financial problems, but variants of Neosploit have been updated frequently. The variants may contain MDAC (CVE-2006-0003), ActiveX (CVE-2008-2463, CVE-2008-1898), and three Adobe Reader (Collab.getIcon, Util.Printf, Collab.collectEmailInfo) vulnerabilities, among others..."
* http://www.virustotal.com/file-scan...19cb6ad0a89b13a2b68c0f1fbecd41dbd4-1303201008
File name: neosploit.pdf
Submission date: 2011-04-19 08:16:48 (UTC)
Result: 6/40 (15.0%)

:fear::mad:
 
Blackhat SEO and Osama Bin Laden...

FYI...

Blackhat SEO and Osama Bin Laden
* http://www.securelist.com/en/blog/6202/Blackhat_SEO_and_Osama_Bin_Laden_s_death
May 2, 2011 - "As always, when big news appear in the press the bad guys start blackhat SEO campaigns in popular search engines trying to lure users to install Rogueware. It's not different this time, with the top news about Osama's Bin Laden death being everywhere. The bad guys were quite fast and started to poison searches results in Google Images. Some of the search results are now leading users to malicious pages..."

- https://www.computerworld.com/s/article/9216315/Osama_bin_Laden_s_death_is_key_topic_on_Internet
May 2, 2011

- http://www.us-cert.gov/current/#osama_bin_laden_s_death
May 2, 2011

:mad: :mad:
 
Last edited:
Search Engine poisoning....

(See previous post in this thread!)
___

Blackhat SEO, Osama Bin Laden’s death, Rogue AV
- http://www.malwaredomains.com/wordpress/?p=1796
May 3rd, 2011 || 0day, New Domains, rogue antivirus - "... Searches on “Osama Bin Laden Body” * are leading users to malicious rogueware domains:
antivirus. cz. cc/fast-scan/ and pe-antivirus. cz. cc/fast-scan/hese
... domains will be blocked on the next update but you shouldn’t wait..."

- http://research.zscaler.com/2011/05/osama-bin-laden-related-malware.html
May 2, 2011 - "... went from seeing fewer than 1,000 URLs containing the terms 'osama', 'usama' or 'laden' on Sunday afternoon, to a peak of over 4 million** by 10am PST on Monday morning..."
** http://4.bp.blogspot.com/-F2W9MNgKk...gE/geRwEKG14OY/s1600/OBL+Queries+per+Hour.png

- http://www.virustotal.com/file-scan...b385cd23653c0215fb0518107bda2cbb93-1304434879
File name: file-2191417_
Submission date: 2011-05-03 15:01:19 (UTC)
Result: 35/41 (85.4%)
___

Osama malware scams spread to Facebook
- http://www.theregister.co.uk/2011/05/03/osama_malware_scams/
3 May 2011

- http://blog.commtouch.com/cafe/malware/“osama-bin-laden-dead-–-actual-video”-new-facebook-malware/
May 3, 2011

- http://www.f-secure.com/weblog/archives/00002152.html
May 3, 2011

- http://community.websense.com/blogs.../05/02/osama-bin-laden-scams-on-facebook.aspx
02 May 2011
- http://community.websense.com/blogs...n-laden-s-death-twitter-fame-and-malware.aspx
02 May 2011

:mad::fear::mad:
 
Last edited:
WebbyAwards hacked - compromised w/Blackhat SEO

FYI...

WebbyAwards hacked - compromised w/Blackhat SEO
- http://blog.sucuri.net/2011/05/thewebbyawards-hacked-and-compromised-with-blackhat-seo.html
May 4, 2011 - "The WebbyAwards web site (www .webbyawards .com) is currently hacked and compromised with Blackhat SEO. If you try to search for it on Google you will get a warning saying that “This site may be compromised” * ... if you look at the source code of the page, you will see thousands of hidden spam links in there (about selling Windows vista, buying office, etc) pointing to gl.iit .edu:8080, www .korea .edu, www .gefassembly .org, www .ncsconline .org and car .dost .gov .ph. Yes, all “important” and high PR sites (one university, two .gov sites, etc)... We have no details on how it was compromised yet, but we will keep you posted (if we hear back from them)..."
* http://3.bp.blogspot.com/-gZayHrDkpLc/TcE_SZ0CCaI/AAAAAAAAAO4/nLjcgQnqsAA/s1600/webby.png

- http://www.google.com/support/websearch/bin/answer.py?answer=190597

:mad: :fear:
 
Last edited:
Scammers - Google Images - malware

FYI...

Scammers - Google Images - malware
- http://krebsonsecurity.com/2011/05/scammers-swap-google-images-for-malware/
May 6, 2011 - "A picture may be worth a thousand words, but a single tainted digital image may be worth thousands of dollars for computer crooks who are using weaknesses in Google’s Image Search to foist malicious software on unsuspecting surfers. For several weeks, some readers have complained that clicking on Google Images search results directed them to Web pages that pushed rogue anti-virus scareware via misleading security alerts and warnings. On Wednesday, the SANS Internet Storm Center posted a blog entry* saying they, too, were receiving reports of Google Image searches leading to fake anti-virus sites. According to SANS, the attackers have compromised an unknown number of sites with malicious scripts that create Web pages filled with the top search terms from Google Trends. The malicious scripts also fetch images from third-party sites and include them in the junk pages alongside the relevant search terms, so that the automatically generated Web page contains legitimate-looking content. Google’s Image Search bots eventually will index this bogus content. If users are searching for words or phrases that rank high in the current top search terms, it is likely that thumbnails from these malicious pages will be displayed beside other legitimate results... Rogue anti-virus scams almost invariably rely on malicious scripts that can be blocked by the excellent Noscript add-on for Firefox, which lets you decide which sites should be allowed to run scripts.
If you happen to stumble upon one of these fake anti-virus security alerts, stay calm and avoid the urge to click your way out of it. Instead, simply hit Ctrl-Alt-Delete (Task Manager), select the browser process you are using (firefox.exe, iexplore.exe, etc.) and shut it down..."
* http://isc.sans.edu/diary.html?storyid=10822
Last Updated: 2011-05-04 08:04:42 UTC
___

If someone was told there's a minefield out there, and also the area where it was located, why would anyone choose to go through it anyway? 'Don't know, but they do.
Common sense dictates avoidance, at least - look for another way to get whatever it is you're looking for. There are -always- alternatives...
> https://www.ixquick.com/

... until things calm down and they get a handle on fixing the problem.

> http://www.google.com/safebrowsing/diagnostic?site=AS:15169

:sad::fear::mad:
 
Last edited:
SEO poisoning @ MS Safety and Security Center ...

FYI...

SEO poisoning @ MS Safety and Security Center ...
- http://sunbeltblog.blogspot.com/2011/07/interested-in-getting-porn-and-malware.html
July 08, 2011 - "The MS Safety and Security Center (leads to)... porn redirects, and sleazy porn sites invariably lead to malware... blackhat SEOs are seeding illegimate search results within the Microsoft search results... It's Zugo*,a Bing-branded search toolbar with a history of being installed through exploits and other misleading/deceptive means... hope this all gets cleaned up soon..."
* http://www.virustotal.com/file-scan...72a1c2614472bfa86babfdc51b44728f6e-1310483975
File name: XvidSetup_US.exe
Submission date: 2011-07-12 15:19:35 (UTC)
Result: 2/43 (4.7%)

- http://www.theregister.co.uk/2011/07/11/ms_security_search_malware_links_poisioning/
11 July 2011

:mad:
 
Last edited:
SEO poisoning - hijacked sites serve up exploits ...

FYI...

SEO poisoning - hijacked sites serve up exploits ...
- http://sunbeltblog.blogspot.com/2011/09/hijacked-sites-serve-up-exploits-seo.html
September 12, 2011 - "... nasty SEO poisoning scam over the last few days, targeting 9/11 related search terms (alongwith anything else they can get their hands on) to attempt the infection of vulnerable PCs. They use a combination of the Black Hole Exploit Kit and an interesting "on the fly" SEO poisoning tactic to try and drop infections onto the target PC... an example VirusTotal link* to one of the pieces of Malware being used - as you can see, 21/44 currently detect it. As with most attacks of this nature, you can expect to see multiple domains, files and search terms used to lure potential victims. Speaking of search terms, the people behind this are doing some interesting things with their poisoned search results... Keeping your system patched and your security software up to date is a good place to start with regards to avoiding these kinds of attacks, in addition to running a Limited User Account and (perhaps) some browser based script blocking tools such as NoScript..."
(More detail at the sunbeltblog URL above.)
* https://www.virustotal.com/file-sca...46729f8aac66271b348e695950ee5b4a7b-1315527862
File name: file.vxe
Submission date: 2011-09-09 00:24:22 (UTC)
Result: 21/44 (47.7%)

:mad:
 
Bad ads in Bing...

FYI...

Another round of bad ads in Bing
- http://sunbeltblog.blogspot.com/2011/09/another-round-of-bad-ads-in-bing.html
September 19, 2011 - "We're seeing some more bad adverts popping up in Bing - just like the original attack, these results are served with very basic search terms so it's pretty easy to stumble into one of the bad URLs... when searching for "Flash player download"... the end-user arrives at malaysiaaktif(dot)com/flash and the fake Flash Player file is served up from dl-softonic(dot)net (a slight change from the original URL used to push the files which flatlined a few days ago*)... be careful when searching for basic tools, programs and files in Bing until these rogue adverts have a healthy dose of "put in jail and throw away the key" applied to them..."
(Screenshots available at the sunbeltblog URL above.)
* http://forums.spybot.info/showpost.php?p=412937&postcount=201

:mad:
 
Last edited:
You must log in or register to reply here.
Back
Top