Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Malvertizing at Tweetmeme (again)

July 15th 2010 in Uncategorized

image

 

You may recall that Wayne Small of SBSFAQ contacted me to warn that there was malvertizing at tweetmeme back in December 2009 – well, tweetmeme have a problem again.

This time I see no openx.  Instead, we bounce from ads.tweetmeme.com to y5-media.com, to 173.244.173.133 to www3. luckfind42td.in to www2. guardhere5.in (thanks to Kimberley for the heads up)

y5-media.com
ICANN Registrar: EVOPLUS LTD
Created 7 June 2010

IP: 178.162.133.226 – Netdirekt E.K

Registrant hidden behind evoprivacy.com

*****

173.244.173.133 – Enet Inc (85.ad.f4.static.xlhost.com)

*****

luckfind42td.in
ICANN Registrar: DIRECTI
Created 13 July 2010

Registrant: Kooken Garritt (gkook@checkjemail.nl) — That email address is associated with 2,939 domains!

*****

guardhere5.in
ICANN Registrar: DIRECTI
Created 14 July 2010

Registrant: Kooken Garritt (gkook@checkjemail.nl)

*****

Also seen:

wareforyou10.in
ICANN Registrar: DIRECTI
Created 14 July 2010

Registrant: Kooken Garritt (gook@checkjemail.nl)

*****

206.217.206.111 – Providence Hosting Services – noptr.midphase.com

178.162.133.218 – Netdirekt E.k

image


2 comments to...
“Malvertizing at Tweetmeme (again)”

Sarah

Hi,

Many thanks for bringing this to our attention. The advertisement causing this issue has now been removed.

Kind regards
Sarah



sandi

Hi Sarah

If you could share information about whoever it was that sold the malvert to you, that would be great – what pseudonyms were they using? Feel free to contact me at sandi @ mvps.org.

Sandi


I still keep an eye on known Innovative Marketing pseudonyms; information continues to trickle in about domains that they have registered in the past. Old bad domains have been expiring, and sometimes the protection of services such as Moniker Privacy Services falls away. For example, on 24 May 2010 the domains [...]

Previous Entry

Brought to light via a comment on this blog. adamazing.com ICANN Registrar: Nameking.com Created 19 April 2010 Current IP: 208.73.210.28 Registrant: "Oversee Research and Development, LLC" (admin@overseedomainmanagement.com) Domain is currently "parked", but previously was hosted at IP 69.64.155.14 (Enom Incorporated). [...]

Next Entry