Another Video ActiveX Object
Landing on "sweet-cindy(dot)info" ... a typical hard-core adult site (with a Teen theme)... oh what do we find?
The first site highlighted in red shows the WinFixer group hawking their bogus products (nothing new) and if you have been following this blog lately, the "go.drivecleaner.com" link routes you thru ... you guessed it "adfarm.mediaplex.com"
hxxp://go.drivecleaner.com/MTUzODQ=/2/5669/ax=1/ed=2/ex=1//
redirects to: (view safely here)
hxxp://adfarm.mediaplex.com/ad/ck/45688?mpt=1178437888&aid=swp_dc&lid=5669&affid=pp_2190830023&ax=1&ed=2&ex=1
The second highlighted site is your typical Trojan.Codec site ... actually that one redirects several times until you end up on "videosoftwareax(dot)com" which Kaspersky detects as: Trojan-Downloader.Win32.Zlob.btc
So here again we have ValueClick getting a commission via some highly questionable methods ... no wonder they are reported to be under a FTC investigation. And after reading this story ValueClick can not deny they were not aware of the problem.
Edelman singled out ValueClick as a repeat offender in running advertisements for rogue security applications.
John Ardis, vice president of corporate strategy at ValueClick, admitted that some rogue software had slipped through its net.
This is not the first time Ben Edelman has documented ValueClick being involved with undesirable types ...