Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Oxfam impersonated by Errorsafe pimps

February 29th 2008 in Uncategorized

Oxfam does fantastic work – in fact several people received “Oxfam Unwrapped” gift cards from me for Christmas (donations on their behalf) – and it makes me FURIOUS to see Oxfam’s good name taken advantage of, and a malicious advertisement featuring their name used as a conduit to fraudware.

I received a sample SWF today, an advertisement touting Oxfam – screenshots below.

An examination of the internal code reveals:

www.errorsafe.com/pages/scanner/index.php?aid=50ftf0rm&lid=sw23&ax=1&ed=2, __self.str, _root.c4.color(14688422)

which redirects to:

errorsafe.com/download/2007/index.php

Y’know, I already do all I can to track down, and shut down, the bastards behind malicious banner advertisements.  I promise you this, if there is one thing that the criminals can do to make me even more determined to chase them to the ends of the earth, it is to do something like impersonating Oxfam.

 

image

image

image


One comment to...
“Oxfam impersonated by Errorsafe pimps”

Joseph

“Y’know, I already do all I can to track down, and shut down, the bastards behind malicious banner advertisements. I promise you this, if there is one thing that the criminals can do to make me even more determined to chase them to the ends of the earth, it is to do something like impersonating Oxfam.”

Well, don’t talk to me, ’cause I have no idea who these people are.

:o)

P.S. Hope you are well, good to see you’re still in the game (even if it is just you).


Interesting. 
“openadstream.net/ad0.php?url=http://ad.doubleclick.net/click/nxtgcbb80290000125ave/direct/wi/ai&key=V24567233828272323&c=127500043″”iexplorer-security.org/?id=463400043″
iexplorer-security.org has hidden some information behind Privacy Protect, but we can find out some things.
First, iexplorer-security.org is hosted by Masterhost in Russia.  Second, its nameservers are provided by the infamous eshosst.com (aka estdomains) – the list of malicious/fraudulent domains associated with Estdomains is staggering.
I’ll need to get in touch with Doubleclick about their appearance in a [...]

Previous Entry

I received this email today via my Spyware Sucks “Contact Me” link:
“At least a have a problem that i find no pleasent, i think it comes from your url, a receyve continusely messages that my pc is infected by viruses or spam.  I ask you for  all of your possibilitys no more sending those messages [...]

Next Entry