Malicious banner advertisements at www.allmusic.com
Once again we are going to see some familiar names – blessedads and prevedmarketing.
I have received numerous complaints about malicious banner advertisements being displayed at www.allmusic.com. The banner advertisement that I saw redirects victims to a site touting something called Deuce Cleaner Inc.
Interestingly, there is little to be found via various Google searches about “Deuce Cleaner”.
Apparently www.allmusic.com have been less than responsive to complaints about the malicious banner advertisement, responding to complaints with some inane” thank you for your feedback about our advertisements” claptrap, so it’s time to throw some undeniable proof at them and wait to see how long it takes them to act.
As always, a Fiddler capture is available for examination by the appropriate authorities.
Be warned, there may be more dangerous advertisements than the one that I captured tonight.
This is what happened. The following Flash advertisement is displayed – yes, that really is the URL – proceed with caution:
ny.checkm8.com/Ads/336249/728x90_emusic.swf?clickTag=http://web.checkm8.com/adam/em/click/342369/cat=vnu_AMG_allmusic.
ROS.ROS&clickTAG=http://web.checkm8.com/adam/em/click/342369/cat=vnu_AMG_allmusic.ROS.ROS&clicktag=http://web.checkm8.com/
adam/em/click/342369/cat=vnu_AMG_allmusic.ROS.ROS&clickTag2=http://web.checkm8.com/adam/em/other2/342369/cat=vnu_AMG_allmusic.
ROS.ROS&clickTAG2=http://web.checkm8.com/adam/em/other2/342369/cat=vnu_AMG_allmusic.ROS.ROS&clicktag2=http://web.checkm8.com/
adam/em/other2/342369/cat=vnu_AMG_allmusic.ROS.ROS
This then bounces us to:
adtraff.com/statsa.php?u=23423424&campaign=c1ot4ing
Then on to:
blessedads.com/?cmpid=c1ot4ing&adid=728
then:
prevedmarketing.com/?tmn=mwatmp&aid=c1ot4ing&lid=728&ed=2
and
shivanetworking.com/?cmpname=destro&tmn=mwatmp&aid=c1ot4ing&lid=728&ed=2
and finally to:
deuscleaneronline.com/?n=7&end=1&xx=1&ag=2&g=2&aid=c1ot4ing-promo7-tst3&lid=728_ao_4370_0_10754_ao_&mt_info=4370_0_10754
Here is the dangerous advertisement – lots of screenshots – a description of the fraudware and the host site, and the lengths that they are going to to try and install this crud on to computers follows after the advertisement screenshots:
Here is the site that you end up at (deucecleaneronline.com) – that’s not a real scan, it’s nothing more than a web page displaying a pretend scan…
Before that page appears you see some pretty scary warnings … DO NOT CLICK ON OK … click on the red x instead
FAKE!!! This will appear on a web page when you click the Red X:
You then end up at another page that tries to install an ActiveX control:
If you try to install the ActiveX control, or close the Web page you will see the following – again, click the Red X:
They don’t like that… you may see this – note that the site has tried to download files:
Close *that* page and you see – again, use the Red X:
Red X the above and you finally get to close IE.
“Malicious banner advertisements at www.allmusic.com”