Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Malvertizement featuring TravelRes

August 10th 2009 in Uncategorized

image

image

image

image 

 

The malvertizement attempted to load a clickrevenue.info URL, and features the now familiar ‘dynamic text’:

image

 

clickrevenue.info
ICANN Registrar: REGTIME LTD
Created 21 July 2009
NS1.NAMESELF.COM (89.108.122.149 – Agava) (195.161.113.218 – RTCOMM, Russia)
NS2.NAMESELF.COM (89.108.122.120.153 – Agava) (217.16.27.38 – MASTERHOST, Russia)

IP:  89.149.243.28 – Berlin, Netdirekt E.k

Registrant:
Paul McShane (paulmcshane@pisem.net)
St Mainlow 212
San Jose CA 96014
Tel: +1 212 265 4785

pisem.net (Registrant email address)
ICANN Registrar: NETWORK SOLUTIONS, LLC.
Created 19 November 1999
NS1.POCHTA.RU
NS2.POCHTA.RU
NS3.POCUTA.RU

IP: 82.204.219.251 – Moscow City, Pochta.ru Network

Shares IP with chat-open.biz, chat-open.info, chat-open.net, chatopen.ru, fromru.com, fromru.su, front.ru, hotbox.ru, kaka.net.ru, krovatka.su, land.ru, lflirt.com, mail15.com, mail15.su, mail333.com, mail333.su, newmail.ru, nightmail.ru, nm.ru, pisem.su, pochta.com, pochta.ru, pochtamt.ru, pop3.ru, rbcmail.ru, smtp.ru, tosno-online.ru

Registrant:
Ltd. Halverston Holdings Limited (hosting@hc.ru)
Drake Chambers, Tortola
Tortola 18502
VG
Tel: +7495 363 1111
Fax: +7495 363 1125


Comments are closed.

  This investigation started after I read a report by a fellow member of the security community that his mother had called him downstairs "because her screen had been filled with warnings and download boxes whilst she was on Facebook’s ‘Owned" site’", […]

Previous Entry

An Order of Default was entered against Innovative Marketing and Daniel Sundin on 6 August 2009 “for want of answer or other defense”. Regular readers will know that Innovative Marketing and Daniel Sundin have ignored the FTC action right from the start, and are unrepresented.  Innovative Marketing is meant to be paying a fine […]

Next Entry

Archives