Here it is… now we just wait and see if they respond, and how they respond… watch this space… Note that the ‘sent’ date and time is obscured to disguise my current time zone – you’ll understand why I do that if you read the article referenced, “Winfixer hide ‘n’ seek: explaining why some people […]
Once again we are going to see some familiar names – blessedads and prevedmarketing. I have received numerous complaints about malicious banner advertisements being displayed at www.allmusic.com. The banner advertisement that I saw redirects victims to a site touting something called Deuce Cleaner Inc. Interestingly, there is little to be found via various Google searches […]
Never never never never NEVER tell users to turn off their computers firewalls. You can read my brief dialogue with TomTom’s technical support here – yes, I suppose I should have tried switching from wireless to wired before contacting TomTom, but all other downloads from their service were working just fine – it was only […]
Check this out:http://msmvps.com/blogs/hostsnews/archive/2007/11/14/1309806.aspx I ask you, can you trust an antivirus product that cannot distinguish an advertisement or cookie related URL and a “if you can’t get to this address you can’t update your antivirus” URL? In the current environment, where advertising networks are being compromised all over the world, and any web site could serve […]
This afternoon, let’s have a look at the hijack that is affecting www.ok-magazine.com, right on the front page. The dangerous SWF is hosted by r2d2advertising: r2d2adverising.com/edges/fast_get.php?bs=763392451522918384433822949288977796434723741732 From there we’re dragged through to newbieadguide.com: newbieadguide.com/statsa.php?campaign=2fact0ry&u=1194994157514 We then bound over to blessedads: blessedads.com/?cmpid=2fact0ry&adid=gsd2 And prevedmarketing.com: prevedmarketing.com/?tmn=mwatmp&aid=2fact0ry&lid=gsd2&ex=1&ed=2 And end at, you guessed it, scanner2.malware-scan.com: scanner2.malware-scan.com/4_swp/?tmn=mwatmp&aid=2fact0ry&lid=gsd2_ao_3958_0_10228_ao_&ex=1&ed=2&tmn=null&mt_info=3958_0_10228 I am sure, gentle reader, […]
…and they say thank you.
Both of the Sensir URLs mentioned earlier in the article are now 404 – that’s a good thing. medrx.sensis.com.au/content/SkyAuction/106804/skyauction_300x250.swf – dead medrx.sensis.com.au/content/SkyAuction/106804/skyauction_728x90.swf – dead Now, if only we could get the problems in the USA and UK cleaned up as easily – I’ll be posting later about very similar redirects that are hitting visitors to […]
The local Sensis branch is closed, so I had to call the 1800 number. Sensis staff now have a Fiddler capture from me that proves that the redirect is occurring, they have my cell phone number, and my email address, and they have information about my various blog posts about this incident. Now we wait and see […]
Same advert, different size: medrx.sensis.com.au/content/SkyAuction/106804/skyauction_728x90.swf
The malicious Flash advertisement is still being displayed, and is still hijacking visitors to the web site. I’ll continue to check throughout the day. Sensis has not responded to my attempt to contact them last night.