Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Report: Malvertizements that are currently circulating

June 28th 2008 in Uncategorized

First Choice in French (we have seen malvertizements featuring First Choice before – eg: this one in English)

image

image

image

This malvertizement exposes a domain to us, waytotheprofit.com/?cmpid=atrecreant and click.adlbrite.com

adlbrite.com is hosted by nine.ch in Switzerland (yes, the same nine.ch that has hosted domains used by malvertizements in the past).

click.adlbrite.com is also sharing name servers with several well known malvertizement domains, including:

aboutstat.com
akamahi.net
entrerrenglonadura.com
newstat.net
officialstat.com
quinquecahue.com
stat-diagnostic-imaging.net
stat-diagnostic-imaging.com
stathisranch.net
station-appraisals.com
station-appraisals.net
thetechnorati.com
vozmiliogaranon.com
googiesindication.com
statestr.com
statgroup.net
staticglobalsources.com
staticglobalsources.net
statnation.net
statsla.net
statworld.net

adlbrite.com’s registrar is TLDS, LLC DBA SRSPLUS.  The WHOIS is unhelpful, being:

Sara Sen  (mail@adlbrite.com)
Hight  str  45 
Baltim, NONE  8232
CL
152656555

waytotheprofit.com is just as interesting, sharing IP with A-Records and mail servers with many known malvertizement domains including:

ad2profit.com
adgurman.com
adnetserver.com
adredired.com
astalaprofit.com
bizmarketads.com
brandmarketads.com
bucksbill.com
glorymarkets.com
iddqdmarketing.com
intervarioclick.com
invulnerableads.com
luckyadcoin.com
luckyadsols.com
mythmarketing.com
popadprovider.com
prevedmarketing.com
rocktheads.com
popadprovider.com

waytotheprofit.com also shares name server with many, many, MANY known fraudware and malvertizement domains, as well as domains associated with the sale of malvertizements.


Comments are closed.

Information courtesy of Intego, a company specializing in security products for the Mac. Intego has released a security memo describing a trojan horse for the Mac – a poker game that, when run, harvests the username, password and IP address of the victim and transmits it to a server, as well as enabling ssh on […]

Previous Entry

perfectmatch.com   Domains exposed: profitabill.com/?cmpid=cancrineso stat-diagnostic-imaging.net/c/index.php   profitabill.com Hosted by Plusserver, Germany.  Administrative contact is the infamous Serg Moon – WHOIS details are, of course, unhelpful. Note: WHOIS notes that registration services are provided by NameCheap.com, which shares IP indirectly via cnames with davidrohlf.com, georgerohlf.com, kristinerohlf.com and therohlfs.com. Registar is the well […]

Next Entry

Archives