Spyware Sucks

But here is the dirty little secret of browser security: Even if every Internet browser made today were completely bug-free, it wouldn't stop malicious hackers and malware. Why? Because the vast majority of successful malicious exploits today don't exploit buggy browsers, but rather unwitting end-users. That is, Web-based malware is successful because end-users are intentionally installing it! Most exploit code doesn't search for an unpatched vulnerability, but simply asks the user to install. - Roger Grimes, Infoworld

"There is no magic fairy dust protecting Macs" - Dai Zovi, security researcher and co-author of The Mac Hacker's Handbook.

Malwarealarm hits www.whitepages.com.au

And, yes, the infamous mysurvey4you, blessedads.com and prevedmarketing.com are all involved.

The fact that the redirect is happening at www.whitepages.com.au means that in all likelihood www.yellowpages.com.au and www.whereis.com.au (and any other Sensis site, for that matter) are a risk

This is a SWF causing a redirect:

medrx.sensis.com.au/content/SkyAuction/106804/skyauction_300x250.swf

Screenshot:

When the SWF loads the victim is automatically hijacked, taking a route through various nefarious types that are well known to those of us who have been dealing with malicious banner advertisements for a while including:

mysurvey4u.com/stats.php?campaign=master0n&u=1194950569546

blessedads.com/?cmpid=master0n

and

prevedmarketing.com/?tmn=mwatmp&aid=master0n&lid=keyin_ao_4681_2796_2358_ao_&ax=1&ed=2&mt_info=4681_2796_2358

before finally hitting:

scanner2.malware-scan.com/3_swp/?tmn=mwatmp&aid=master0n&lid=keyin_ao_4681_2796_2358_ao__ao_3958_0_10227_ao_&ax=1&ed=2&mt_info=4681_2796_2358&tmn=null

If I find more malicious content I'll blog again. Watch this space...

BTW, two Fiddler captures that provide conclusive proof of the redirect is available to the appropriate authorities, and authorised Whitepages and Sensis representatives.

Published Tue, Nov 13 2007 19:15 by sandi

Filed under: Vulnerabilities, Security, safety and privacy on the Internet, viruses and exploits

Comments

# re: Malwarealarm hits www.whitepages.com.au

Monday, November 26, 2007 2:17 PM by Gary Doughty

Just to be clear, Skyauction.com had no part in the creation and distribution of these ads.

Skyauction.com is a victim along with the general public in this situation as the reputation of Skyauction is damaged by this type of malicious behavior.

These "ads" are not associated with any advertising campaign ever used by Skyauction.com The ads were created by some third party by stealing the logo from the Skyauction web site and have a completely different design from Skyauction's approved ad campaigns. In addition, Skyauction has no affiliation with the company that served the ads, Sensis.

Spyware Sucks

This Blog

Syndication

Search

Tags

Community

Archives

News

Malwarealarm hits www.whitepages.com.au

Comments

# re: Malwarealarm hits www.whitepages.com.au