Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Malvertizement at Expedia.com

November 23rd 2008 in Uncategorized

image

Expedia have been alerted.

Details here:
http://www.mikeonads.com/2008/11/23/malvertisement-on-expediacom/

It looks identical to the malvert at allrecipes.com discussed here:
http://www.bluetack.co.uk/forums/index.php?s=6152c183e90c1f780588775106ba8be6&showtopic=18064&st=180&p=89945&#

Some of the same domains are used, prolinar.com and clicksoverview.com.  The fraudware domain is also the same, antivirusdefense.com.

prolinar.com

ICANN Registrar: ESTDOMAINS
Created: 18 November 2008
NS57.1AND1.COM
NS58.1AND1.COM
IP: 74.208.131.124 – United States – 1&1 Internet Inc
Registrant: Thomas Schultz (ts8317@googlemail.com)

vernariostar.com

ICANN Registrar: NETFIRMS INC
Created: 20 November 2008
NS1.NETFIRMS.COM
NS2.NETFIRMS.COM
IP: 38.113.185.172 – United States – Performance Systems International Inc
Registrant: No WHOIS details <?>

triesto.com

ICANN Registrar: ESTDOMAINS INC
Created: 20 November 2008
NS57.1AND1.COM
NS58.1AND1.COM 
IP: 74.208.131.124 – United States – 1&1 Internet Inc
Registrant: Andy Borman, Copress (andyborm@googlemail.com)

clicksoverview.com

ICANN Registrar: BIZCN.COM, INC
Created: 11November 2008
NS1.FREEFASTDNS.COM
NS2.FREEFASTDNS.COM 
IP: 69.10.44.207 – United Kingdom – Innovation It Solutions Corp
Registrant: Arina Zubina (cndomainz@yahoo.com)

antivirusdefense.com

ICANN Registrar: BIZCN.COM, INC
Created: 13 November 2008
NS1.FREEYOURDNS.COM
NS2.FREEYOURDNS.COM 
IP: 64.20.38.90 – Arizona – Phoenix – Interserver Inc 
Registrant: Aleksey Kononov (cndomainsz@yahoo.com)

freeyourdns.com

ICANN Registrar: BIZCN.COM, INC
Created: 4 November 2008
NS1.FREEYOURDNS.COM (84.243.196.136) (Netherlands Grafix Internet B.v)
NS2.FREEYOURDNS.COM (64.86.17.44) (Canada Brampton Velcom)
IP: 64.20.38.90 – Arizona – Phoenix – Interserver Inc 
Registrant: Evgeny Makarov (cndomainz@yahoo.com)

84.243.196.136:
antivirus-scan-online.com
ns1.freeyourdns.com 
privateinfoclick.com 
protectionlive-scan.com 
quickscanpc.com 
totalantivirusscan.com 

64.86.17.44:
clickwww2.com
forcedscan.com 
ns2.freefastdns.com 
ns2.freeyourdns.com 

freefastdns.com

ICANN Registrar: ONLINENIC, INC
Created: 17 September 2008
NS1.FREEFASTDNS.COM (91.203.92.47) (United Kingdom Isp Uatelecom )
NS2.FREEFASTDNS.COM (64.86.17.44) (Canada Brampton Velcom)
IP: “On Hold” 
Registrant: Goroshko Igor (alexvasiliev1987@cocainmail.com)

91.203.92.47:
liveupdateservice.cn
ns1.mysecuritysupport.com
protectiononlineinfo.com
totalantivirusscan.com
travelmaxinside.cn 

64.86.17.44:
clickwww2.com
forcedscan.com 
ns2.freefastdns.com 
ns2.freeyourdns.com 

 

I also see that a domain 247-realmedia.com is sharing IP address with prolinar.com – it is also sharing Registrant details – could it be that the purpose of the domain is to impersonate the real 247realmedia?

ICANN Registrar: ESTDOMAINS
Created: 18 November 2008
NS57.1AND1.COM
NS58.1AND1.COM
IP: 74.208.131.124 – United States – 1&1 Internet Inc
Registrant: Thomas Schultz (ts8317@googlemail.com)


2 comments to...
“ALERT: Malvertizement at Expedia.com”

Spyware Blockers

Malvertizement, I love that term!!!

Sadly, these are becoming more and more common. I recently saw a google ad for AntiVirus 2008 or 2009 (I forgot which one). It sucks that these malware companies can get into legitimate advertising to spread their garbage around. It really goes to show that there is money to be made in malware!

Tim



Rich

sexy-screen-savers.com also redirects you automatically to anti-virus-full-scan.com which also try to dish out a dose of this nasty spyware.. Hope this helps.. The domains are using the same name servers.


But, she had to agree to plead guilty to a misdemeanor charge of “disorderly conduct”, to finally see an end to her nightmare.  She had to pay a fine of $100 and give up her license to teach in Connecticut. Cite: http://sunbeltblog.blogspot.com/2008/11/breaking-julie-amero-horror-is-over.html The Prosecutor, David Smith, added insult to injury by saying to the Court [...]

Previous Entry

  Announcement:http://www.icann.org/en/announcements/announcement-25nov08-en.htm It is important to note that Estdomains designated Directi as its successor.  This is despite the fact that Directi apparently dumped Estdomains as a client a while back (see “Historical Stuff” below). It will be very interesting to watch developments going forward.  What Registrar will the fraudsters use from now on?  Will [...]

Next Entry