Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Forceup.com – here is more information about the malicious Firstchoice advertisement

February 27th 2008 in Uncategorized

The SWF has been analysed.  We find this URL in the code:

The allowed countries for this particular malicious campaign are ZA, US and UK

Banned IPs: Hop One Internet Corporation (Internet Solutions (Pty) Ltd (South Africa)

Banned cities: Johannesburg, Tukwila

Kudos to Kimberley for decrypting the SWF contents.


One comment to...
“Forceup.com – here is more information about the malicious Firstchoice advertisement”


Quinquecahue suprise suprise.

Keep up the good work btw.

I received an email tonight warning me that a Diane Samuels from forceup.com is contacting web sites wanting to place an advertising banner.  I was contacted by those behind a web site with checks in place that identified the advertising banner as “a virus of some sort”. The creative’s name was firstchoise_728x90.swf. “Diane Samuels” did […]

Previous Entry

More later… I’m out of office at the moment and don’t have access to my normal toolset.
Online analysis of SWF:http://www.adopstools.net/index.asp?page=quicklink&id=2526I2UFLC7Ri029 

Next Entry