HTTP capture of a visitor to the National Geographic website being hijacked and redirected to scanner2.malware-scan.com. As we know, we’ve traced the guilty advertisement as far back as 66.179.234.173/images/1847_560766_7006263_90_728.html
I only have time to post screenshots at the moment – the malicious advertisement can be seen at:66.179.234.173/images/1847_560766_7006263_90_728.html
A Google search reveals that the IP address 66.179.234.173 has a history of involvement with malicious banner advertisements:http://www.google.com/search?q=66.179.234.173&rls=com.microsoft:en-us&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1
The SWF itself is being pulled from:rmedia.adonnetwork.com/images/560766_90_728_200711011430_tubesnow_728x90.swf
With javascript being pulled from:rmedia.adonnetwork.com/adon_flash_v2.js
and
I’ll post more specific details in roughly 9 hours time… I won’t […]
Alex Eckelberry of Sunbelt has been in touch with me to advise that he has contacted AdOn Network about the malicious SWF that we have been studying on this blog over the past day or so – something I am ashamed to admit I had not done yet.
AdOn advise that they have removed the advertiser, […]
