Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

New "surveys" malvertizement

June 7th 2008 in Uncategorized

Adopstools.com was not able to analyse the sample that I have, but there is more than one way to get things done.

The malicious SWF exposes victims to two different URLs:

impressiontracker.com/url/sc_6.php

and

yourredirect.com/soft.php?aid=000417&d=3&product=XPA

The yourredirect.com URL redirects to a fraudware site, being:

onlinescannerxp.com/2008/3/freescan.php?aid={removed}

yourredirect.com was created on 4 April 2008 and is protected by privacyprotect.org

impressiontracker.com was created on 8 April 2008, and WHOIS refers us to a “Carol Hamilton” of eosads.com .

Both impressiontracker.com and yourredirect.com use mynickname.com name servers…

eosads.com (the domain revealed by a WHOIS check of impressiontracker.com) is, in turn, registered via none other than the infamous estdomains.  The domain was created on 8 February 2007, updated on 10 March 2008 and expires on 8 February 2009.

Screenshots of the malvertizement:

 

image

image

image

image

The malicious SWF is hosted by content.yieldmanager.edgesuite.net.  The appropriate parties have been notified.


One comment to...
“New "surveys" malvertizement”

nathalie

thanks for redirecting me to this page!! it’s already a favorite!


Regular readers may recall the new eBooks malvertizement highlighted the other day – this one: Here’s another version, slightly tweaked. You’ll notice the different wording and different font:  

Previous Entry

These criminals, whoever they are, have absolutely no shame.  I thought that they were the scum of the earth when they impersonated Oxfam; now they are getting their malvertizements onto popular chidren’s sites.
As reported by Kimberley – the malvertizements have been reported to RealMedia:
openad.tf1.fr/RealMedia/ads/Creatives/OasDefault/AUTOPROMO_DISNEY_SKY_CINEMA_NOW/cinemanow_120x600.swf

adoptserver.info/_stat029.gif?url=[removed]windowsxp-privacy.net/?id=987650098xponlinescanner.com/soft.php?aid=024217&d=2&product=XPAxponlinescanner.com/2008/2/freescan.php?aid=77024217
openad.tf1.fr/RealMedia/ads/Creatives/OasDefault/AUTOPROMO_DISNEY_MEGA_CINEMA_NOW/cinemanow_728x90.swf

adoptserver.info/_stat029.gif?url=[removed]windowsxp-privacy.net/?id=987650097xponlinescanner.com/soft.php?aid=024218&d=3&product=XPAxponlinescanner.com/2008/3/freescan.php?aid=77024218
 
 

Next Entry

Archives