Are Advertisers promoting Malware?
I was going to blog about another Trojan.Codec site I found, but truthfully this is getting boring ... instead I thought I'd do a follow-up on something I saw at Sunbelt's blog ...
Looking at the image SunBelt provided I saw oemtop(dot)com at the bottom. Now this is yet another "Google Warning" site ... so do not visit there, as there are multiple exploits on this Warez type site. In the image below you can see the cast of characters involved ...
What I find disturbing is, notice the two "CONNECT softwareprofit.com" entries? This is part of the WinFixer group ... nice place to advertise your products, a Warez type site that will infect your machine if you do not have the latest Windows updates, etc ... Now if you follow those connections:
hxxp://go.errorsafe.com/MTIxNjU=/2/3891// it redirects to the following:
hxxp://adfarm.mediaplex.com/ad/ck/45684?mpt=1177051780&aid=swp_ers&lid=3891&affid=pp_2296726171&p=ers&
(view safely here)
And another hxxp://go.winantivirus.com/MTM4MTM=/2/3891// that redirects to:
hxxp://adfarm.mediaplex.com/ad/ck/45678?mpt=1177052230&aid=swp_wa7p&lid=3891&affid=pp_2642226173&
(view safely here)
So here again we have "adfarm.mediaplex.com" involved with the WinFixer gang ... Sandi and others have exposed this ValueClick ad server before, yet they have not changed their ways suggesting that the $$$ is all they are after, even at the expense of their reputation.
Another exploit on the site is "vevdqimkcm(dot)info" (Trojan.PWS.Tanspy) which is already included in the HOSTS file, so a word to the wise ... stay far away from these Warez type sites!
You know I'm often asked why I block these ad servers ... "you may be blocking revenue from that site" ... well as you can see a huge majority of these ad servers are involved in very questionable tactics.