Are Advertisers promoting Malware?

I was going to blog about another Trojan.Codec site I found, but truthfully this is getting boring … instead I thought I’d do a follow-up on something I saw at Sunbelt’s blog

Looking at the image SunBelt provided I saw oemtop(dot)com at the bottom. Now this is yet another “Google Warning” site … so do not visit there, as there are multiple exploits on this Warez type site. In the image below you can see the cast of characters involved …

What I find disturbing is, notice the two “CONNECT” entries? This is part of the WinFixer group … nice place to advertise your products, a Warez type site that will infect your machine if you do not have the latest Windows updates, etc … Now if you follow those connections:

hxxp:// it redirects to the following:
(view safely here)

And another hxxp:// that redirects to:
(view safely here)

So here again we have “” involved with the WinFixer gang … Sandi and others have exposed this ValueClick ad server before, yet they have not changed their ways suggesting that the $$$ is all they are after, even at the expense of their reputation.

Another exploit on the site is “vevdqimkcm(dot)info” (Trojan.PWS.Tanspy) which is already included in the HOSTS file, so a word to the wise … stay far away from these Warez type sites!

You know I’m often asked why I block these ad servers … “you may be blocking revenue from that site” … well as you can see a huge majority of these ad servers are involved in very questionable tactics.

Leave a Reply