Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Forceup.com caught trying to sell a malicious advertisement featuring firstchoice.com

February 27th 2008 in Uncategorized
2 comments to...
“Forceup.com caught trying to sell a malicious advertisement featuring firstchoice.com”

Conrad Longmore

Ahhh… adopstools.net. Now that *is* a useful looking site. It looks a lot more useful than Trillix for this type of analysis, that’s for sure. Thanks!



James Smith

Forceup.com seems to be at it again.  Eric Gordon contracted my company to run a dating offer. 6MM impressions later…no response.


Those of you with a technical mindset may find this explanation about what happened, and the timeline, informative:http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube.shtml
Some chatter at NANOG (with a few glimmers of paranoia to add spice):http://www.merit.edu/mail.archives/nanog/threads.html#06347
 

Previous Entry

The SWF has been analysed.  We find this URL in the code:quinquecahue.com/statsa.php?u=1202136191&campaign=oseximious 
The allowed countries for this particular malicious campaign are ZA, US and UK
Banned IPs: 
209.160.0.0-209.160.255.255 Hop One Internet Corporation196.36.0.0-196.36.255.255 (Internet Solutions (Pty) Ltd (South Africa)
Banned cities: Johannesburg, Tukwila
Kudos to Kimberley for decrypting the SWF contents.
 

Next Entry