Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Firstchoice comments on malicious banner advertisements…

February 28th 2008 in Uncategorized

Just like Skyauction, Emusic and QPAD before them, Firstchoice have advised that they have nothing to do with the malicious advertisements featuring their company.


I quote the contents of an email from Firstchoice to the web site that supplied the copy of the malicious advertisement from Forceup to me for analysis:


“1. Our site [is] firstchoice.co.uk not firstchoice.com. (Which is a chain of hairdressers in the US!)


2. More importantly, I would like her to mention that the advert had nothing to do with First Choice. We have never been in contact with Forceup, have never seen that creative, and have not done any banner advertising for a long time now. I have no idea why they chose our site, but I would suspect we are not the only ones.”



2 comments to...
“Firstchoice comments on malicious banner advertisements…”

jeff davis

I found a malicious banner on http://www.articleblotter.com a site I have used with no problems in the past. The ad was fro antivirus2009 a vicious rogue anti spyware program. I cannot get in touch with the owners as the banner makes contact impossible.



sandi

Hi Jeff

I’ve had a quick look and am not seeing any graphical advertisments – only Google Ads. Were you visitig a particular page?

Sandi


More later… I’m out of office at the moment and don’t have access to my normal toolset.
Screenshot:
Online analysis of SWF:http://www.adopstools.net/index.asp?page=quicklink&id=2526I2UFLC7Ri029 

Previous Entry

Interesting. 
“openadstream.net/ad0.php?url=http://ad.doubleclick.net/click/nxtgcbb80290000125ave/direct/wi/ai&key=V24567233828272323&c=127500043″”iexplorer-security.org/?id=463400043″
iexplorer-security.org has hidden some information behind Privacy Protect, but we can find out some things.
First, iexplorer-security.org is hosted by Masterhost in Russia.  Second, its nameservers are provided by the infamous eshosst.com (aka estdomains) – the list of malicious/fraudulent domains associated with Estdomains is staggering.
I’ll need to get in touch with Doubleclick about their appearance in a […]

Next Entry