Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Malvertizing at perezhilton.com

April 27th 2009 in Uncategorized

perezhilton.com is an extremely popular site, and the potential audience for the malvertizers is *huge*.

Kimberley and I make a great team.  I knew that there was a malvertizement being displayed on perezhilton.com, but I hadn’t been able to get definitive proof – Kimberley got it.

Check out the screenshot below – note that the referrer is perezhilton.com/page/2

Also, note that the screenshot is evidence of a GET request for f.blogads.com/www/delivery/ai.php?filename=ebay_300x250.swf&contentype=swf



Now, let’s look at the rest of the capture:


statcluster.com is a known bad domain – so is enjoyspringtime.com, crustat.com, olinred2.com, pyani.com and offer-provider.com.

The malvertizements have been reported to blogads.com and I have every confidence that they will be removed very quickly.

This is what the malvertizement looks like:


Comments are closed.

  Edited to fix subjectline It is a malvertizement featuring HP (visually identical to the HP malvertizement described in my earlier article): http://msmvps.com/blogs/spywaresucks/archive/2009/02/28/1674634.aspx The malvertizement itself is at this URL: m1.au.2mdn.net/1949664/hp_300x250.swf Adopstools test results here: http://www.adopstools.com/index.asp?section=quicklink&id=ZdWLlE0YcK7rkK5C […]

Previous Entry

The malvertizement redirects victims to various fraudware/scareware products via several redirects (some of the URLs change at random – victims don’t hit all of the domains listed below). These are the URLs that are hit by the malvertizement – we have seen all of them before: statcluster.com/crossdomain.xml statcluster.com/c/index.php?id<<redacted>> […]

Next Entry