Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Please treat advertising from letssingit.com with extreme caution

April 17th 2009 in Uncategorized

image  image  image

Note, the malvertizement was reported to “kraz”, who is apparently responsible for advertising on the letssingit.com web site, a couple of days ago via the “Advertise on letssingit” contact form.  The advertisement was immediately removed.

letssingit.com is hosting a malicious advertising featuring SWATCH as per this URL:
includes.letssingit.com/ads/SWATCH300x250.swf

Adopstools check:
http://www.adopstools.net/index.asp?section=quicklink&id=8973swVapP174q1A

The malvert hits some well known bad domains, being cosmotraf.net and welovesandi.com.

From there we bounce through various domains, including crustat.com, olinredr2.com, truconv.com, top-name.cn, pyani.com  before ending up at one of several fraudware sites including offer-provider.com and total-virusprotection.com.


Comments are closed.

   Note: the malicious SWF has been reported to beyond.com.   Beyond.com is displaying a malicious advertisement with this URL: ads.beyond.com/banners/jobfox_468x60.swf   Adopstools test results for jobfox_468x60.swf: http://www.adopstools.com/index.asp?section=quicklink&id=4K57pJYUj1f874Sr "The file has a sprite/movieclip which is containing Malware actionScript code." […]

Previous Entry

  Same old same old. A rhapsody advertisement.  Reported to clevescene URL of malvertizement: 72.167.208.179/adserver/www/images/rhapsody728x90.swf Adopstools results confirming malicious code: http://www.adopstools.com/index.asp?section=quicklink&id=IN91asr1bK1W3pv3  URLs encountered: hitoptimist.com/crossdomain.xml and: hitoptimist.com/c/index.php?<<redacted>> as well as: statsnclick.com/?cmpid=<<redacted>> From […]

Next Entry

Archives