Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

New malicious SWF featuring "Curves"

February 28th 2008 in Uncategorized

More later… I’m out of office at the moment and don’t have access to my normal toolset.


Screenshot:


Online analysis of SWF:
http://www.adopstools.net/index.asp?page=quicklink&id=2526I2UFLC7Ri029 


One comment to...
“New malicious SWF featuring "Curves"”

John Dowdell

That link requires log-in.

What’s “malicious”? Is it another ad which redirects the page elsewhere?

jd/adobe


The SWF has been analysed.  We find this URL in the code:quinquecahue.com/statsa.php?u=1202136191&campaign=oseximious 
The allowed countries for this particular malicious campaign are ZA, US and UK
Banned IPs: 
209.160.0.0-209.160.255.255 Hop One Internet Corporation196.36.0.0-196.36.255.255 (Internet Solutions (Pty) Ltd (South Africa)
Banned cities: Johannesburg, Tukwila
Kudos to Kimberley for decrypting the SWF contents.
 

Previous Entry

Just like Skyauction, Emusic and QPAD before them, Firstchoice have advised that they have nothing to do with the malicious advertisements featuring their company.
I quote the contents of an email from Firstchoice to the web site that supplied the copy of the malicious advertisement from Forceup to me for analysis:
“1. Our site [is] firstchoice.co.uk not […]

Next Entry