Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Hooray for teamwork – the malvertizements at photobucket.com have been identified

May 8th 2008 in Uncategorized

Once again, communication and cooperation between anti-malvertizement activists around the world has resulted in success.


We have found the malicious malvertizements on photobucket.com – Kimberley has the details.


The incident has been reported to Photobucket.  The malvertizements themselves are not new.  Speedstick and TokyoDrift have been featured on this blog several times.  As noted by Kimberley, the malicious domains being used by the cretins behind the malvertizements are:


atlas-ads.com (host of a malicious SWF)
track.trackads.net
tds.maxconvert.com
adtds.trackads.net
spywaredestructor.com
adoptserver.info
iexplorer-security.org
fastwebway.com
xponlinescanner.com


photobkt-images.adbureau.net (host of a malicious SWF)


adbureau.net is Akamai – the incident has been reported.


Atlas-ads.com is registered via Estdomains, created on 10 April 2008.





 


One comment to...
“Hooray for teamwork – the malvertizements at photobucket.com have been identified”

Jane McIntyre

I was surfing my space this morning when a pop-up came on with the domain tds. maxconvert.com. I tried to get out of it, had to shut computer down to get out. Is this something I should be concerned with?? My e-mail mcintyre3447@comcast.net


Thanks to Susan for the heads up…
Cite:  http://blog.mozilla.com/security/2008/05/07/compromised-file-in-vietnamese-language-pack-for-firefox-2/
Cite:  https://bugzilla.mozilla.org/show_bug.cgi?id=432406
Anybody who downloaded and installed the Vietnamese language pack ***since 18 February*** will have got an infected copy.  Symptoms include the display of unwanted advertising.
Mozilla notes that because only “16,667 total downloads of the Vietnamese language pack since November 2007” they consider that the impact on users […]

Previous Entry

Several comments have been posted to my blog recently about a malvertizement problem at mininova.org:
http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550824.aspx#1601871http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550824.aspx#1602159http://msmvps.com/blogs/spywaresucks/archive/2008/03/23/1550824.aspx#1614547
Anyway, I went looking and found a thread that claimed the malvertizements had been identified and removed on 5 May so I didn’t take things any further (a decision which may have been a mistake)http://forum.mininova.org/index.php?showtopic=235009007
Kimberley has now identified a malvertizement on […]

Next Entry

Archives