Allmusic responds...

Yep, they know what's going on...


And, I've received an email response (via my blog's Contact Me link, not in response to the email that I sent).

In all fairness, I'll show you the response that they sent - it's only fair that they get the right of reply.  Please forgive the blocking out of some sensitive information - Steve's name remains because it's on Wikipedia anyway.


Sadly, my test system was hijacked again after I read the email from and after they had added the notification to their web site - the advertisement still had not been pulled.  Mind you, that was quite  a few hours ago; I have some test systems running as I type to see if the advertisement is still there (this is where Fiddler, and an application that forces a web page to reload every X seconds or minutes comes into its own - set and forget at its best.

(Edit: I've just been hit by another redirect many hours later - the problem is still there) - my test system is bouncing between two URLs and going no further, which is interesting.  The URLs are as follows, including the amazingly immature l33t speak aka "c10t4ing" - do they *really* think that's impressive or clever?

Check this out -  to be honest it is very antisocial for the victim - I have *two* systems trapped in the same loop - talk about jumping out of the frying pan into the fire!!  I don't think I like the way that (presumably) adtraff is dealing with this problem  - the victim's web browser is stuck on a blank white page, in an infinite loop.

Don't be fooled by this small screen shot - my other system is sitting at 2,762 lines of capture, with the count increasing by 2 lines every few seconds.  It's nuts!


What URL caused the above havoc?  Well, here is the referrer - I'm sure you'll find it familiar....

Anyway, this afternoon's hijack let me to MalwareAlarm, not Deuce Cleaner, so let's have a look at this afternoon's incident - did I find a 2nd infective advertisement or was it the same one? And, why did I end up at a different site?

My original report indicated that this URL was dangerous:

This afternoon it was this - same SWF but I ended up at a different site.

and again tonight - the same advertisement, but this time I was stuck in a loop at adtraff.

So, what does this tell us?  It tells us that the same SWF is being used to redirect users to different sites.

I have to ask though... what the heck is so hard about simply pulling the advertisement or, even better, deleting the aberrant afilliate's account entirely?  It is *not* an acceptable solution to allow victims to be hijacked by a constantly looping adtraff setup.