More on the hijacking Flash banner ads....
Y'all may remember in this article that I mentioned that I was concerned that, because we had found an advertisement that hijacked users and sent them to a MalwareAlarm site (scanner.malware-scan.com) that the original complaint, about redirects to Performance Optimizer sites, may still be outstanding - in short, that there may be more than one SWF out there, or the SWF was redirecting users to different sites depending on circumstance.
Well, it turns out that the latter was correct. The SWF that was redirecting some victims to scanner.malware-scan.com, wad redirecting other victims to performanceoptimizer.com (via blessedads).
I had the opportunity to analyse a 9 megabyte txt file today, being a Fiddler capture of a Performance Optimizer redirect at the same site that was hit by the MalwareAlarm redirect ... and let me tell you, a 9 megabyte TXT file can have a seriously detrimental effect on PC performance; even my ACER Ferrari 5000 struggled under the load.
Anyway, the URL for the SWF that redirected users to a Performance Optimizer site and which was identical to that which has been proven to force users to scanner.malware-scan.com, is now dead. Yay us!!