Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Please treat advertising from Gilmours Media (gilmoursmedia.com) with extreme caution

May 20th 2009 in Uncategorized

image
They have been caught distributing malvertizing.


Current registration details are:


ICANN Registrar: REGTIME LTD
Created 24 March 2008
NS1.NAMESELF.COM
NS2.NAMESELF.COM


IP: 64.28.187.33 – New York, Internet Path Inc


Registrant:


Jacob Tua (saidfahtih@gmail.com)
Maltiskam 12-67
Belgrade 11008
Russia
+381 113 114 094


It should be noted that gilmoursmedia.com was originally registered via the infamous ESTDOMAINS, to a “Jacob Tua” of Maltiskam 12-67, Belgrade, 11008, telephone +381.113114094.


More importantly, the email address for “Jacob Tua” was “jackyouthere@gmail.com“.  See this Apple discussion forum conversation about a the clipboard hijacking problem – the same clipboard hijacking problem that led to Adobe changing the way Flash behaves:
http://discussions.apple.com/thread.jspa?messageID=7768848


The domain being copied to clipboard via the Flash exploit was “windowsxp-privacy.net“, which just so happened to be registered to, you guessed it, jackyouthere@gmail.com!! This information was posted to the discussion thread on 20 August 2008.


“Jacob Tua” was also listed as owning adclickmate.net, another domain associated with malvertizing:
http://msmvps.com/blogs/spywaresucks/archive/2009/02/18/1672789.aspx


The contact phone number for Gilmours Media is/was the same as that for “Trackstar Media”, being tel 401.237.4731.


But the address is different, being 17 Vernon Street, Warren:
http://www.merchantcircle.com/business/Trackstarmedia.401-237-4731


 


 


 


image


 


trackstarmedia.com was suspended due to inaccurate WHOIS information.  That domain has also been featured on this blog before:
http://msmvps.com/blogs/spywaresucks/archive/2008/08/13/1644602.aspx 


 


 


 


 


 


 


image


 image  image


image


One comment to...
“ALERT: Please treat advertising from Gilmours Media (gilmoursmedia.com) with extreme caution”

Anon

Gotta love how they slipped in the IAB logo on that screenshot you posted.


    The malvertizements are at a web site called mediatakeout.com.  There are two of them: mediatakeout.com/adserver/classmates300x250.swf Adopstools results – http://www.adopstools.com/index.asp?section=quicklink&id=qjQ0XEgKuMwGOH2m mediatakeout.com/adserver/classmates728x90.swf Adopstools results – http://www.adopstools.com/index.asp?section=quicklink&id=5xX9tYDn83p75I5q It looks like they have been in circulation for less […]

Previous Entry

All created using, we think, Fuse – all use the encrypted-code-as-dynamic-text trick. Malvertizement 1 (reported by Greg Feezel) and seen on Fox Audience Network:   Hits bigstat.net ICANN Registrar: REGTIME LTD Created 18 February 2009 NS1.NAMESELF.COM NS2.NAMESELF.COM […]

Next Entry