Help Fight Malware via Google Toolbar

…we need your help in filling in the gaps. If you come across a site that is hosting malware, we now have an easy way for you to let us know about it. If you come across a site that is hosting malware, please fill out this short form. Help us keep the internet safe, and report sites that distribute malware. – Google’s Security Blog

If you come across a site that’s hosting some evil evil bad bad stuff: you should report it. Doing so will be good for the health of the internet as a whole and might save you from having to pass by your Uncle Bud’s house to remove some garbage from his PC so he can get back on “The eBay”. The only problem is that people (you, me, Michael Jackson to some degree) quickly become complacent with reporting such stuff if it’s not super quick and easy to do. So… I tossed together a button for Google’s toolbar that makes reporting malware hosting urls easier than your little sister.

How you would normally go about reporting urls:
1. Copy the malware hosting url. That requires a click, drag, click, click.
2. Access your bookmarks and visit the page where you report these things. That requires a click, seek, click.
3. Paste the url into their form. That requires two clicks.
4. Enter the captcha. That requires being human ;-)
5. Click the submit button.

How you will report urls with the nifty little button:
1. While on the malware hosting url, you click the custom Google toolbar button.
2. Enter the captcha.
3. Click the submit button.

Google Toolbar Malware Report Button

That breaks down an eight click, one seek, one drag, and captcha entering process into two clicks and the captcha. And, I used a skull icon for the button so it has a decent presence on your toolbar. The mere presence of that should get you into the habit of reporting stuff as you come across it. For all the security nuts out there, I added the feed from’s blog. The skull’s eyes will turn red to alert you to any new posts they toss up.

Stop Badware: New Blog Entries

Stop Badware Blog Feed

If you already have Google’s toolbar it’s a ‘one click to install’ kinda thing. If not, you can click the same install link to get their toolbar and the button will already be there when the install is done.

To install the “Report Malware Hosting URL” button, Click Here.

Spam King Celebrates Legal Wins Over MySpace

For those of you that missed the insanely huge (over-publicized) story of MySpace filing suit against Scott Richter back in January, here’s a little pre-blog warm-up…

Step One:
Watch this video and bathe in the douche baggery that is Scott Richter, AKA: The Spam King…

Step Two:
Wonder to yourself how I managed to put bathe, douche, and one of the biggest shit bags on the internet into the same sentence without disrupting the space-time continuum.

Step Three through Twenty-Six:
Doc Emmett Brown
Get that mental image of Doc Brown out of your head.

Step Twenty-Seven:
Go read or reread this old blog entry of mine about MySpace filing suit against Scott.

“Based on [MySpace’s] track record of unrelenting incompetence and boneheaded moves, I find it unlikely that they’re really ready for this war.”

My predictions in that blog entry have proven to be dead accurate so far.

Step Twenty-Eight:
Ponder the notion of me being a time traveler like George Bush to explain away my ability to predict the future.

All caught up? Good. Now, let me explain what all the legal mumbo jumbo in them there fancy legal documents actually means…

Continue reading Spam King Celebrates Legal Wins Over MySpace

FDKE: Pump and Dump Stock Fraud Currently In Progress

That’s right kiddos, “Pump and Dump” is used to describe more than the ageless mating practice enjoyed by alpha males. It’s also used to describe a form of Microcap stock fraud. In both scenarios: people are sold a dream, fucked, and then left standing there with sad looks on their faces.

On Sunday afternoon I was helping my cousin and her husband move when her friend walked up talking about a bunch of crazy text messages she had gotten on her cell phone. Being the ex douche bag that I am, I was singled out to explain what was going on. The messages were written to appear as if they had been sent to the wrong person with a juicy (insider?) tip on a penny stock that was about to skyrocket in price. This is the Pump side of a Pump and Dump. Someone looking to manipulate (*cough* *cough* defraud) the market can artificially inflate a stock by as much as tenfold with relative ease. They simply have to get a ton of people to buy the hell out of it within a short period of time.

How the hardcore guys did this back in the day:

1. Buy a metric assload (literal translation: whole bunch) of any random penny stock.
2. Rent some temporary office space with a bunch of phone lines and set up a telemarketing operation.
3. All the cohorts would sit around calling residential numbers during business hours in hopes of getting answering machines. If someone answered: “Whoops, wrong number”. If they got a machine, they’d lay down one of several scripted voice mails that carried the same message: stock XYZ is going to explode on [whatever date].

“Hey Jim, Bobby again. It’s a Go on XYZ the 19th of this month. I just dropped 50k into that puppy. Our friend at the FDA said that their cholesterol pill is going to get the green light for sure. We’re in the know ahead of the company, even. This is going to be huge.”

4. After leaving thousands upon thousands of these fake insider tips on people’s answering machines the stock would jump up in price because of all the people buying it based on the bogus tips. Before the magical day when the stock is supposed to skyrocket, the evil evil bad bad people sell (dump) all of theirs for big profits before the stock levels out to its actual worth.
5. The people who bought the stock based on bogus insider tips are left with sad looks on their faces and are reluctant to report anything to law enforcement. No one likes admitting to being suckered. And, it was “illegal insider info” they were acting on – not something you want to tell police about.

Think I’m bullshitting about this not being rocket science? About seven years back a freaking 15 year old kid got fined over 250k by the Securities and Exchange Commission for such stuff. Even after that spanking from the SEC, Jonathan Lebed was sitting on 500k in profits from two years of shady stock manipulating.

Back to this current Pump and Dump hustle…

Continue reading FDKE: Pump and Dump Stock Fraud Currently In Progress

Dear Walmart: Your Online Security Blows

Gather around kids, this is gonna be a fun one. I might even get sued, finally. Yay!!1

Recently, on some random news station, I heard about Walmart’s new “Money Card” which is nothing more than a prepaid Visa card. Just like any other such card, it has a website where you can check your balance, add funds to your account, etc. Alternatively, you can have your account information stolen, be exposed to hardcore XXX porn, or line the pockets of a bottom-feeding douche bag while trying to reach the site. Why? Because Walmart, just like most companies, is nothing short of retarded when it comes to internet security and protecting their brand in the online world.

Walmart Money Card

But, but, but… Their site says that it’s secure. It even has a nifty little seal on it from Thawte verifying that it’s protected by RC4 128-bit encryption.

Thawte Seal Yeah, so what? I said that all those evil evil bad bad things could happen to a person while trying to reach the site. I never said that they’d actually make it there. Your good ol’ Uncle Buck or Aunt Charlene who’s not too savvy on that there interweb, but falls perfectly into the demographic of folks who would have a Wally World prepaid money card, is likely to mistype the web address. That’s why any security-minded company who wants to protect their customers and brand’s image would / should at the very least register all of the most common typo domains when setting up shop on a new domain – especially if it’s a financial kinda deal. In Walmart’s infinite wisdom, they did no such thing.

After hearing about this new Walmart card and the accompanying website, I checked to see if they had registered and were forwarding over traffic from one of the most common typos: the full web address prefixed with a “www”. Typing out “www” and then forgetting or simply missing the dot afterwards is commonplace among eTards and fast typers. Sure enough, was wide open. So, I registered it. Just for good measure, I went ahead and registered today too. Missing the first letter of a domain is also pretty common. Luckily for Wally World, I snagged those domains with the sole intent of using them as an example for this blog entry. This could have played out much differently…

Continue reading Dear Walmart: Your Online Security Blows

LoLo's safe for work blog about Internet scams, deceptive marketing, spam, spyware, adware, and other asshatery.