Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Forceup.com – here is more information about the malicious Firstchoice advertisement

February 27th 2008 in Uncategorized

The SWF has been analysed.  We find this URL in the code:
quinquecahue.com/statsa.php?u=1202136191&campaign=oseximious 


The allowed countries for this particular malicious campaign are ZA, US and UK


Banned IPs: 


209.160.0.0-209.160.255.255 Hop One Internet Corporation
196.36.0.0-196.36.255.255 (Internet Solutions (Pty) Ltd (South Africa)


Banned cities: Johannesburg, Tukwila


Kudos to Kimberley for decrypting the SWF contents.


 


One comment to...
“Forceup.com – here is more information about the malicious Firstchoice advertisement”

Malcolm

Quinquecahue suprise suprise.

Keep up the good work btw.


I received an email tonight warning me that a Diane Samuels from forceup.com is contacting web sites wanting to place an advertising banner.  I was contacted by those behind a web site with checks in place that identified the advertising banner as “a virus of some sort”. The creative’s name was firstchoise_728x90.swf. “Diane Samuels” did […]

Previous Entry

More later… I’m out of office at the moment and don’t have access to my normal toolset.
Screenshot:
Online analysis of SWF:http://www.adopstools.net/index.asp?page=quicklink&id=2526I2UFLC7Ri029 

Next Entry