Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Alert: recurring malvertizements at ifrance.com (and isuisse.com)

July 2nd 2008 in Uncategorized

Do you ever get the feeling that people are not listening?

I blogged about malicious advertisements featuring XM Radio on Sunday here:
Report- Malvertizements that have been circulating

Now Kimberley has discovered that those same XM Radio malvertizements are appearing on the ifrance.com web site – info here:

I admit to feeling a lot of frustration about ifrance.com.  As noted by Kimberley, this is the 3rd malvertizement that has been discovered on the ifrance.com website since the 12th of June.  They seem to be completely incapable of vetting advertising creatives that are being submitted to them, or acting to get rid of malvertizements that are reported to them within a reasonable period of time (if at all).

I rarely do this, but I now advise that all advertising that appear on ifrance.com should be blocked unless and until they can assure us that they have removed the malvertizements, and that that they have put procedures in place to prevent the problem in future.  The same goes for isuisse.com (guilty by association).  Heck, let’s also pay close attention to ibelgique.com, iespana.es, iitalia.com and iquebec.com, all of which are closely related to ifrance.com and isuisse.com (also subject to guilt by association).

Other incidents affecting ifrance

ifrance.com – malicious banners featuring FirstChoice and again here

ifrance.com – malicious banner featuring Curves

ifrance.com – still serving malvertizements

6 comments to...
“Alert: recurring malvertizements at ifrance.com (and isuisse.com)”


YeAhH iEUROP s*x !

john in silicon vallley

Are you still seeing the malverts from mediaman? I am not seeing them everytime. There doesn’t seem to be any logic to it (ok, like there should be logic for malicious advertising).

keep it up.
john in silicon valley

Martin (a.k.a.)

Wow. Funny. I just got hit with one yesterday on that domain. Jammed up my clipboard with a permanent link to a false-flag security scan. I couldn’t paste anything until I quit IE and cleared the clipboard multiple times.

Here’s the address. It actually might not have been that site, but one of about five, but now that you’re alerting me to iFrance, that’s the top suspect.

KachouMusic [Comoros music site] — on iFrance
x http://kachou-music.ifrance.com/CDs.htm

KachouMusic [Comoros music site]

Comores-Online – Musique


Hi John,

Frequency capping is often used to control how often a particular advertisment is displayed for a particular person.

Sandi &c.

Morgan Jones

I seem to have been hit with one of these malvertizements. My browsers keep opening themselves up and going to various advert sites. What’s more, they just won’t goto certain sites (like yahoo, anymore). How do fix this? I’ve tried ad aware, Kaspersky, and reinstalling windows (windows won’t reinstall because it says the version on my computer is newer than my disc). Could someone point me in the right direction?


Sorry, I forgot to add my e-mail is mj@sabrejet.ca

The Internet Explorer team have published 3 new articles about IE8 that are well worth a read.   First, the SmartScreen filter:IE8 Security Part III- SmartScreen® Filter The feature that I want to call out about the SmartScreen filter is the antimalware support – SmartScreen not only blocks access to known phishing and malware sites, […]

Previous Entry

I’ve been keeping a close eye on Australian web sites that have been affected by malicious SQL injection attacks, specifically concentrating on sites that are ‘repeat offenders’. One of the repeat offenders is walkingchallenge.gov.au.  On that site I found code pointing to the domain ucomddv.com (created today, 2 July 2008), and what may be a […]

Next Entry