Breaking news: skyauction.com, unauthorised malicious advertisements, a fake letter of mandate.. oh my...
My regular readers may recall my recent article about emusic's claim that various advertising networks (uniqueads.com, adtraff.com and forceup.com) were fraudulently claiming to represent emusic. Said advertising networks were apparently selling unauthorised, malicious, advertisements touting emusic.com; advertisements that hijacked users in an attempt to spread malware.
Well, I have received an email from the Chief Technology Officer at skyauction.com and he has quite a story to tell. Here is a quote from his email - information shared with permission:
"We were contacted by another company today that were duped into hosting one of the fraudulent ads for a couple of days (which have since been taken down). It seems that the source of the ads is a company called NetMediaGroup (http://www.netmediagroup.net). They are claiming to represent us and even provided a fake letter of mandate" (which I can email you) to one of their targets saying that they represent us. As with our logo, they were pretty sloppy creating this fake "mandate" because there are some obvious errors. In this case, someone with the pseudonym (one can only guess) of "Jim Burch" (jim@netmediagroup.net) contacted the site claiming to represent us and asking to put up ads on the contact's site. The the ads go up and deliver the fake malcious Skyauction ads until someone complains and they are finally taken down. NetMediaGroup appears at first glance to be a real company, but they are probably a completely
fraudelent one. The domain name is registered to some organization in Germany, but the contact us phone number seems to be in the Netherlands. All of the names on the web site are just generic (i.e. they don't give full names)."
Here is a picture of the fake letter of mandate as sent to me by skyauction.com - click on the graphic to view a full size copy:
Ok, so who are netmediagroup.net? Let's do a Whois search (copied below) - hmm, note the email address burnads_c@yahoo.com. Yep, that rings a bell - thinking back to the fake skyauction.com advertisement that hit soccernet.com, I remember that the name burnads appeared. The referrer for performanceoptimizer was: burnads.com/swf/gnida.swf?campaign=flatfootup&u=23423424. That URL, when I just loaded it in my system, redirected me immediately to fraudware site.
I think it is time to get in touch with the CTO of emusic and find out what *his* story is. The CTO of skyauction and I both believe that the best way to fight the fraudsters is to expose their activities.
Domain Name : netmediagroup.net
::Registrant::
Name : Martin Such
Email : burnads_c@yahoo.com
Address : Debusweg 6-18, Koenigstein - Falkenstein Frankfurt
Zipcode : 61462
Nation : DE
Tel : +49(0)4513456
Fax :
::Administrative Contact::
Name : Martin Such
Email : burnads_c@yahoo.com
Address : Debusweg 6-18, Koenigstein - Falkenstein Frankfurt
Zipcode : 61462
Nation : DE
Tel : +49(0)4513456
Fax :
::Technical Contact::
Name : Martin Such
Email : burnads_c@yahoo.com
Address : Debusweg 6-18, Koenigstein - Falkenstein Frankfurt
Zipcode : 61462
Nation : DE
Tel : +49(0)4513456
Fax :
::Name Servers::
ns1.netmediagroup.net
ns2.netmediagroup.net
::Dates & Status::
Created Date 2006-06-29 05:38:33 EDT
Updated Date 2007-06-27 17:59:00 EDT
Valid Date 2008-06-29 05:38:33 EDT
Status ACTIVE