Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Please treat content from these domains with caution…

December 17th 2009 in Uncategorized


The Registrants are all hidden behind Domains By Proxy, Inc, all domains are hosted at IP (carohosting.net), all were registered using Godaddy, and all were created on 14 July 2009.

All are using name servers at softdreams.eu

softdreams.eu was registered on 6 February 2009 to a Ionut Bogdan Dumitru, Str.Zambielor nr. 6, bl. 60, ap.5, sector 2, 032801 Bucuresti, Romania.

You’ll see that there was a complaint about cdn-adrotation.com content back in September of this year at gaiaonline.com (a web site that has had more than its fair share of malvertizing):


and the Kaspersky forums:


As well as a smattering of other places.

It is concerning that names such as businessweek and veoh are there.  In fact, take away "cdn-" and every single URL leads to legitimate domain (except for adrotation.com).

It makes you wonder if the domains are intended for use to impersonate legitimate websites such as businessweek.com and veoh.com…

Comments are closed.

Security updates have been released – details here: http://www.adobe.com/support/security/bulletins/apsb09-19.html After updating your Flash version should be and your Air version should be 1.5.3

Previous Entry

See here: http://matchent.com/wpress/?q=node/500   What is interesting is the IP address that the author of the blog post cites as the source of the trouble – belongs to GoDaddy (p3nlh036.shr.prod.phx3.secureserver.net).  The server at that IP is host to over 4,000 web sites.   As for how […]

Next Entry