Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Malvertizements – cyberipod and mediaman

March 31st 2008 in Uncategorized

IMPORTANT: THE TWO ADVERTISEMENTS FEATURED BELOW WERE SHUT DOWN IN JUNE 2007.  My mistake. I’ll be more careful in future to ensure that reports I see are for current malvertisements.  My apologies to Doubleclick.


Lesson learned: previously identified malicious content should be moved out of public view.


‘m on the road at the moment, so only have screenshots for now.


Preliminary analysis at adopstools indicates malicious content:
http://www.adopstools.com/index.asp?page=quicklink&id=z45zlyl4R7sJ5L6I
http://www.adopstools.com/index.asp?page=quicklink&id=2nk99FyQ6qot025u


Mediaman:
m1.2mdn.net/1612895/NHL_MediaMan_728x90_flash.swf


Campaign.
adtraff.com/statsa.php?u=23423424&campaign=pushmama


—–


cyberipod:
m1.2mdn.net/1487544/160x600_Cyberipod.swf


Campaign.
workhomecenter.com/crossdomain.xml
workhomecenter.com/stats.php?campaign=5pentt00&u=1206974120161




  


Comments are closed.

It has been reported that Joseph Bochner’s lawsuit against a some people allegedly behind the distribution of “Winfixer” type software has been dropped.
I have correspondeded several times with Joseph over the past year or so, and am disappointed for him.  You’ll see from the article that one of the accused, James Reno, was never served and […]

Previous Entry

This alert was sent to me via private email, by the same person who reported the latest malvertizement at 123greetings.com.
It should be noted that I have not personally seen the advertisement appearing on www.diynetwork.com.
The advertisement itself can be seen at:http://id325708.adszedo.com/300×250.swf
Loading the URL also loads:adtds2.promoplexer.com/statsa.php?campaign=708&u=1207097411103
As well as adsraise.com/mbuyers/statistics.html
Other malicious URLs associated with this campaign include:
station-appraisals.com/c/index.php?id=TGVwWjgwV29vcWdVVWlxRk8wNDRoPTEyMDQ2NTE3MjcmcG56Y252dGE9cWJjYmm7NkiZmdm95bAYNkiDgNmYNkiDgNm
and waytotheprofit.com/?cmpid=dopossibly
Note […]

Next Entry

Archives