Sex , Lies , and Toolbars

This is a good one to start off the New Year … landing on the below site I was prompted with the following message … now being the skeptic I am … I figured this was a new tactic to get the visitor to install a Trojan.Codec type of file … much to my surprise I was fooled …

Once you “click here to download one” you are redirected quite a few times … this is hard to follow … but here goes:

hxxp://affiliates.millnicmedia.com/sw/14604/CD8129/ (affiliates.millnicmedia.com = Digital River)

hxxp://nbjmp.com/click/?s=5015&c=45863&subid=CD8129 (nbjump.com = NeverBlue Media)
(nbjmp.com = Rated Red site via McAfee SiteAdvisor)

hxxp://lwken.com/click/?s=5015&c=45863&subid=CD8129 (lwken.com = NeverBlue Media) also set a 3rd party Cookie

hxxp://1.globalonlineweb.com/ct/1-14-0/?psid=9273 (also set a 3rd party Cookie)

hxxp://www.vivo7.com/pop/?pid=CD7&cid=866&bid=8320&deploy_id=0&landing_id=0&pool=0&sid=&psid=9273

hxxp://partners.dmoglobal.com/sw/8320/CD7/&dp=0&l=0&p=0&psid=9273 (sets 3rd party Cookie for directtrack.com)
(directtrack.com = Digital River) … ever though you never visited directtrack … imagine that = cookie stuffing)

hxxp://1.ofsnetwork.com/sw/32931/CD7246/&dp=0&l=0&subid1=CD7&subid2=&subid3=&subid4=&subid5=&&psid=9273&

hxxp://ourfreestuff.net/sw/32931/CD7246/&dp=0&l=0&subid1=CD7&subid2=&subid3=&subid4=&subid5=&&psid=9273&
(ourfreestuff.net = running on the Digital River server) owned by “Canadawebhosting”

Where you eventually end up here … (translated via Google)

So where is my Toolbar? … this looks like another scam to get your email address … but I filled it out (bogus info) and all this does is send you to yet another survey type site that wants even more personal info … “So where is my Toolbar?” … I never saw any mention of that … or why I had to divulge my personal info …

Remember Canadawebhosting … imagine that … looks like Digital River is up to something shady? The Internet is full of complaints about Digital River and their many questionable Affiliates …

# [Canadawebhosting][64.34.132.0 – 64.34.132.255]
127.0.0.1  echtegratisproben.de
127.0.0.1  1.ofsnetwork.com
127.0.0.1  temp.ourfreestuff.net

Now just to show you that this was not a one-time occurrence … this is a hard-core adult site, that clicking any image results in routing you thru the same mess as I described above …

Be careful out there Folks … looks like even the 3rd party affiliates want to get in one the amount of traffic generated thru adult sites … although in this case there actually is no “adult” … just Sex , Lies , and Toolbars …



Comments are closed.