Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Warning: malvertizement at Yahoo Groups!

April 25th 2008

Edit: the malvertizement has been removed from circulation  Here it is, in situ – it is familiar, yes?     This is the URL of the malvertizement:eur.a1.yimg.com/java.europe.yahoo.com/eu/any/yahoonew728x90.swf The malicious SWF leads us to:adtds2.promoplexer.com/statsa.php?campaign=yahoo And:track.trackads.net/statsa.php?campaign=yahoo   Any other site that uses Yahoo advertising (Yahoo mail, or Ebay for example) could potentially expose visitors to the malvertizement […]

Read On 1 Comment

Old malvertizement featuring getsafeonline

April 22nd 2008

I was intrigued to see this malvertizement pop up on my radar – Mike of mikeonads.com first wrote about this advert back in early 2007.  Perhaps the bad guys think we have short memories [;)] The URLs (thanks Kimberley) used by the malvertizement are: burnads.com/crossdomain.xml  (this page was apparently last modified in November 2007)burnads.com/stats.php?campaign=heldthin Screenshots:  

Read On 1 Comment

New malvertizement featuring Nielsen/NetRatings

April 22nd 2008

Yet another big name is being impersonated via a malvertizement. The Nielsen malvertizement reveals a new malicious domain, xp-vista-update.net, hosted in Russia with name servers provided by the infamous estboxes. The domain was created on 25 March 2008. The malicious URL is xp-vista-update.net/?id=244400121 (currently redirecting to Google). Here are screenshots of the malvertizements:      […]

Read On 2 Comments

Update re malvertizement at livejournal.com

April 22nd 2008

I have been advised that the malvertizement has been removed from circulation.  

Read On 1 Comment

Malvertizement appearing on livejournal.com

April 22nd 2008

This incident has been reported to livejournal, Atlas Solutions (aka adbureau.net) aquantive and Microsoft.   Here is a screenshot of the malvertizement: The malvertizement is being displayed at community.livejournal.com.  (Screenshot at end of article)  Heck, the darn thing is popping up on every livejournal page that has an advert – don’t they have *anything* else […]

Read On 2 Comments

New malvertizement featuring driveway.com

April 18th 2008

This malvertizement is *very* new [;)] Cite – Kimberley’s site – she has all the details: http://www.bluetack.co.uk/forums/index.php?s=8085d39a6043e446198cbd9ab8234f01&showtopic=18064&st=30&p=86950&#entry86950  

Read On Comments Off on New malvertizement featuring driveway.com

Apple, pardon the pun, changes its (i)tune and rejiggs the Apple Software Updater….

April 17th 2008

Remember how I got so grumpy with Apple back in March, when they were pushing out Safari to Windows users as an “update”? I was far from the only person criticizing Apple for their behaviour, and it seems Apple have listened and changed the way their Updater. As reported by eWeek Security Watch:http://securitywatch.eweek.com/apple/after_criticism_apple_software_updater_gets_ui_makeover_1.html  

Read On 1 Comment

New malvertizement featuring WeightWatchers

April 17th 2008

Here’s a screenshot – the SWF leads you to adtds2.promoplexer.com/statsa.php?campaign=bebo  

Read On 1 Comment

Another malvertizement featuring yourmusic.com

April 15th 2008

Here’s a screenshot – nothing new here…     Malicious SWF URL: adroll.com/u/ads/POOPATPCXNFSNB35TZLVYO/FKM7SN4NXNAJLH75HOCZYB.swf   Campaign. (Edited to correct host details)  page2.googiesindication.com/crossdomain.xml Note: page2.googiesindication.com is hosted by the infamous Securehost.  Nine Internet Solutions, the same provider implicated in the Blick.ch outbreak – is host of googiesindication.com [no page2 appended]).  Domain created on 26 November 2007. page2.googiesindication.com/c/index.php? id=eWtkekFoRmpzSFQwMWVySTVRSUNoPTEyMDQwMzE5MjMmcG56Y252dGE9Ymm7NkiZmcmFncmFwcgYNkiDgNmYNkiDgNm […]

Read On Comments Off on Another malvertizement featuring yourmusic.com

Another malvertizement at radiofrance.fr

April 14th 2008

Here it a screenshot of another malvertizement featuring Lady Speedstick “in situ”.  The URL for the malvertizement is:media.ftv-publicite.fr/0/OasDefault/2008_1349_I_1_4__Mega-RF-RG//france_728x90_LADY.swf As before, the malvertizement sends data to the criminals, even if you are not redirected to a fraudware site.  In this case, the URL in use is:adtds2.promoplexer.com/statsa.php?campaign=france&u=  

Read On 1 Comment


Archives