Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Gemini Interactive caught distributing malvertizements

March 27th 2008 in Uncategorized

You may recall that I theorised that the URLs for the malvertizements that were displayed at classmates.com may indicate that the malvertizements were supplied by Gemini Interactive (cite: http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550951.aspx)  You may also recall that all of the malvertizements that I found at classmates.com featured myjewelrybox.com.

I have received, by email, a copy of an advertisement that was supplied by Gemini Interactive for display on several websites.  An analysis of the advertisement that I have received indicates that it contains malware actionscript code.  Also, the SWF features myjewelrybox.com (cite: http://www.adopstools.com/index.asp?page=quicklink&id=ARCI83U67Z7LN8D3)

Please exercise caution when accepting advertising for your web sites. At the very least you should run each and every advertisement that you receive through the online click checker at adopstools.com and potentially save yourself a lot of grief.

 


7 comments to...
“Gemini Interactive caught distributing malvertizements”

Conrad Longmore

geminiinteractive.net = 89.149.242.64 which is Netdirekt E.k
But, the name servers (e.g. MANAGEDNS1.ESTBOXES.COM) are all on Atrivo/Intercage who are VERY well known for malware through their relationship with Esthost / Estdomains.

Even if you didn’t know this, a look at the WHOIS entry for geminiinteractive.net raises so many red flags then even someone with basic technical knowledge could see them. The domain was registered in March 2007, there are no contact details on the registration, no contact details on the site, Googling them shows now footprint etc. These are basic due diligence steps that anybody should do when scoping out a business partnet!



sandi

Hi Conrad,

Nice to see you here, and yes, I read your blog 🙂

Unfortunately the people who sell advertising time for websites are not technically proficient – they are salesmen and women.

Slowly but surely the awareness is building as education campaigns ramp up, but its a slow, painful process.

Sometimes I wish for the simple old days of home page and search engine hijackings, aberrant toolbars and basic BHO based drive-by downloads.

Sandi



n-blue

I don’t know if there was a previousely report about malicious attack hosted on Google Group. But if you’re interesting, please take shot look at:
http://n-blue.nblogz.net/security-warning-google-group



Conrad Longmore

Hi Sandi,

I’m glad someone reads it 🙂

It seems to me that a combination of Adops Tools + VMware + a Linux distro + WHOIS are the basic tools of the trade for checking these things out. It’s just a question of getting the steps out to people who buy and sell ads! (errr, OK, that’s the tricky part I suppose!)



Olivier

Hi everyone
I’m in contact with somebody at geminiinteractive.net who wants to buy advertising on my web site; I’m just a salesman ;-), but what you say makes me freak about working with Gemini…
Do you know somebody anywhere who has a real experience with them?
Thank’s for your advices.
Olivier



sandi

@ Oliver

Read this:
http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550951.aspx

My personal opinion, as somebody deeply involved in studying and reporting on malvertizements, is that Gemini Interactive is highly suspicious and should be treated with extreme caution.

As you see from this blog entry, I have been given a copy of an actual advertisement supplied by Gemini Interactive to a web site, and that advertisement was malicious.

Sandi



Bernard from Canoë (Montréal, QC).

Answering Oliver : Gemini interactive sign me a 100 000 $ deal in March 08. The contact : Jono Magat. They never sent the material (maybe it’s a good thing). So, I had to cancel all the reserved impressions. I still don’t understand why they did that. The phone number I had is not responding, neither than Jono’s email of course…


Cite: http://www.theregister.co.uk/2008/03/26/apple_safari_eula_paradox/
Via: http://www.setteb.it/content/view/3647
According to the Register article, we can’t be sued for not reading the EULA and installing Safari on Windows, but that doesn’t make this slip up any less embarrassing for Apple.
The grumblings about the Safari push are getting louder; there is an interesting conversation on the patchmanagement mailing list with unhappiness being the order […]

Previous Entry

Today we are going to take a look at social engineering and other tactics used by the fraudsters that push malicious banner advertisements.  Heaven knows we have talked enough about what the malicious advertisements actually *do*; now it is time to talk about what the *fraudsters* do… I cannot stress how important it is that […]

Next Entry

Archives