Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: malvertizement featuring Rhapsody (alternative title: Well well, they have a sense of humor….)

April 1st 2009 in Uncategorized

I’ve been taking a look-see at the latest malvertizement that has hit my desk (sourced from multiple IP addresses and received over several days) – it is a Rhapsody themed malvertizement that looks like this:

image

 

Visually the malvertizement is identical to one that was circulating at least a year ago.

The malvertizements are hitting different domains despite being visually identical, which is nothing unusual.  That being said, there is a new domain being used to facilitate a browser hijack, and I just to laugh when I saw it:

welovesandi.com

Anyway, let’s take a look-see at this new domain:

welovesandi.com
Website Title: “TotalVirusProtection” (seems they’re still not cleaning up their site code when creating new sites)

ICANN Registrar: Communigal Communications Ltd
Created: 20 March 2009
NS1.WELOVESANDI.COM
NS2.WELOVESANDI.COM
NS3.WELOVESANDI.COM
NS4.WELOVESANDI.COM

IP: 212.177.165.128 – Luxembourg, Steinsel, Root Esolutions

Shares IP address with the following domains, all of which should be treated with extreme caution:

enterprisestat.net, givemystats.com, measurehits.com, pleaselinkmeto.com, statsnclick.com and waytotheprofit.com.

Registrant:

Robert Robinson (RobertSRobinson@mail.com)
4452 Dogwood Lane
Phoenix 85012
602 5205539781


2 comments to...
“ALERT: malvertizement featuring Rhapsody (alternative title: Well well, they have a sense of humor….)”

Conrad Longmore

Mindful of today’s date, I checked it out myself. It seems that they do love you after all 🙂



sandi

>>LOL<< Y'know, after I posted, I wondered if anybody would think it was an April Fools joke :o)


Cite: http://support.microsoft.com/kb/894199/en-us  (Offers to existing IE8 Beta and RC users only)   For those of you that need it: IE8 Group Policy spreadsheet Toolkit to Disable Automatic Delivery of Internet Explorer 8 Using and troubleshooting the IE8 blocker toolkit How to set IE8 […]

Previous Entry

In a previous article I was able to draw a connection between Traffichunters and the infamous Innovative Marketing. It just so happens that I have a copy of a credit application form submitted by a representative of traffichunters.  This credit application form gave the following names and phone numbers as references: […]

Next Entry

Archives