Malicious SWF advert captured on NationalGeographic.com
I only have time to post screenshots at the moment – the malicious advertisement can be seen at:
66.179.234.173/images/1847_560766_7006263_90_728.html
A Google search reveals that the IP address 66.179.234.173 has a history of involvement with malicious banner advertisements:
http://www.google.com/search?q=66.179.234.173&rls=com.microsoft:en-us&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1
The SWF itself is being pulled from:
rmedia.adonnetwork.com/images/560766_90_728_200711011430_tubesnow_728x90.swf
With javascript being pulled from:
rmedia.adonnetwork.com/adon_flash_v2.js
and
I’ll post more specific details in roughly 9 hours time… I won’t have time before then to go through the Wireshark capture evidencing the redirect.
“Malicious SWF advert captured on NationalGeographic.com”