Well, I said I would get in touch with Doubleclick – their response was interesting – I quote: “it’s to confuse people… look you get the same results: openadstream.net/ad0.php?url=http://www.google.com/click/nxtgcbb80290000125ave/direct/wi/ai&key=V24567233828272323&c=127500043 openadstream.net/ad0.php?url=http://www.microsoft.com/click/nxtgcbb80290000125ave/direct/wi/ai&key=V24567233828272323&c=127500043″ The original URL I provided was: openadstream.net/ad0.php?url=http://ad.doubleclick.net/click/nxtgcbb80290000125ave/direct/wi/ai&key=V24567233828272323&c=127500043 Each of those URL renders the same result – a plain white white page with the text “stats=917174773” […]
I received this email today via my Spyware Sucks “Contact Me” link: “At least a have a problem that i find no pleasent, i think it comes from your url, a receyve continusely messages that my pc is infected by viruses or spam. I ask you for all of your possibilitys no more sending those […]
Oxfam does fantastic work – in fact several people received “Oxfam Unwrapped” gift cards from me for Christmas (donations on their behalf) – and it makes me FURIOUS to see Oxfam’s good name taken advantage of, and a malicious advertisement featuring their name used as a conduit to fraudware. I received a sample SWF today, […]
Interesting. “openadstream.net/ad0.php?url=http://ad.doubleclick.net/click/nxtgcbb80290000125ave/direct/wi/ai&key=V24567233828272323&c=127500043”“iexplorer-security.org/?id=463400043” iexplorer-security.org has hidden some information behind Privacy Protect, but we can find out some things. First, iexplorer-security.org is hosted by Masterhost in Russia. Second, its nameservers are provided by the infamous eshosst.com (aka estdomains) – the list of malicious/fraudulent domains associated with Estdomains is staggering. I’ll need to get in touch with Doubleclick about their […]
Just like Skyauction, Emusic and QPAD before them, Firstchoice have advised that they have nothing to do with the malicious advertisements featuring their company. I quote the contents of an email from Firstchoice to the web site that supplied the copy of the malicious advertisement from Forceup to me for analysis: “1. Our site [is] […]
More later… I’m out of office at the moment and don’t have access to my normal toolset. Screenshot: Online analysis of SWF:http://www.adopstools.net/index.asp?page=quicklink&id=2526I2UFLC7Ri029
The SWF has been analysed. We find this URL in the code:quinquecahue.com/statsa.php?u=1202136191&campaign=oseximious The allowed countries for this particular malicious campaign are ZA, US and UK Banned IPs: 209.160.0.0-209.160.255.255 Hop One Internet Corporation196.36.0.0-196.36.255.255 (Internet Solutions (Pty) Ltd (South Africa) Banned cities: Johannesburg, Tukwila Kudos to Kimberley for decrypting the SWF contents.
I received an email tonight warning me that a Diane Samuels from forceup.com is contacting web sites wanting to place an advertising banner. I was contacted by those behind a web site with checks in place that identified the advertising banner as “a virus of some sort”. The creative’s name was firstchoise_728x90.swf. “Diane Samuels” did […]
Those of you with a technical mindset may find this explanation about what happened, and the timeline, informative:http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube.shtml Some chatter at NANOG (with a few glimmers of paranoia to add spice):http://www.merit.edu/mail.archives/nanog/threads.html#06347
Well, the EV problem experienced at Tim Callan’s blog has been fixed – by removing Google Analytics and Feedburner tracking code from the page. I should point out that Google’s code was removed LAST, therefore it is possible that Feedburner may be blameless – we won’t know for sure unless the site is tested with […]