Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Malvertizements at disney.fr

June 10th 2008 in Uncategorized

These criminals, whoever they are, have absolutely no shame.  I thought that they were the scum of the earth when they impersonated Oxfam; now they are getting their malvertizements onto popular chidren’s sites.

As reported by Kimberley – the malvertizements have been reported to RealMedia:

openad.tf1.fr/RealMedia/ads/Creatives/OasDefault/AUTOPROMO_DISNEY_SKY_CINEMA_NOW/cinemanow_120x600.swf


adoptserver.info/_stat029.gif?url=[removed]
windowsxp-privacy.net/?id=987650098
xponlinescanner.com/soft.php?aid=024217&d=2&product=XPA
xponlinescanner.com/2008/2/freescan.php?aid=77024217


openad.tf1.fr/RealMedia/ads/Creatives/OasDefault/AUTOPROMO_DISNEY_MEGA_CINEMA_NOW/cinemanow_728x90.swf


adoptserver.info/_stat029.gif?url=[removed]
windowsxp-privacy.net/?id=987650097
xponlinescanner.com/soft.php?aid=024218&d=3&product=XPA
xponlinescanner.com/2008/3/freescan.php?aid=77024218


 


 


Comments are closed.

Adopstools.com was not able to analyse the sample that I have, but there is more than one way to get things done. The malicious SWF exposes victims to two different URLs: impressiontracker.com/url/sc_6.php and yourredirect.com/soft.php?aid=000417&d=3&product=XPA The yourredirect.com URL redirects to a fraudware site, being: onlinescannerxp.com/2008/3/freescan.php?aid={removed} yourredirect.com was created on […]

Previous Entry

First, driveway: waytotheprofit.com/?cmpid=comedogeni&adid=intl statgroup.net/c/index.php?id=WmhuaHhDTEFpUXm7NkiZmOVpYVnd4cGtoPTEyMDgxNjk3MDUmcG56Y252dGE9cGJ6cnFidHJhdgYNkiDgNmYNkiDgNm Next, dreammates: waytotheprofit.com/?cmpid=comedogeni&adid=intl stat-diagnostic-imaging.net/c/index.php?id=eklscHhaSzFya3JIUElYNjNm7NkiZeUloPTEyMTIwNzc5MjYmcG56Y252dGE9cGJ6cnFidHJhdgYNkiDgNmYNkiDgNm     You can see that both malvertizements use the same waytotheprofit campaign URL. I ended up at goldenantispy.com on one occasion, and antispyarewaremaster on another and performanceoptimizer.com on another. You will end up at different […]

Next Entry

Archives