Malicious advertisement source -

I received new intelligence overnight about a malicious advertising campaign (that has since been shut down).  I was advised that the content for the campaign in question was provided by  I haven't received permission yet to link the incident with a particular website, so will simply tell you that it happened.

So, who are  Well, I'm sure you won't be surprised by the ties that I am about to highlight.'s IP address, at time of writing, is (Cogent).

It's WHOIS reveals that the registrar is YESNIC CO LTD.

First of all,, at time of writing, share an IP address with none other than the now infamous proximogroup, a name that I am sure you all recognise.

But that is only the start of it.  It's when we start digging deeper that things start getting really interesting:

What I have done here is simply pull names that I personally recognise as having sold, or been involved in facilitating the distribution of, malicious advertising creatives and campaigns, and the fraudware domains themselves.  I *know* that my regular readers are going to recognise these names as well.

Hostnames sharing ip with a-records,,,,,,,,,,,,,,,,,,

Domains sharing mailservers,,,,,,,,,,,,,,,,,

Domains sharing nameservers,,,,,,,,,,,,,,,,,

So we see, once again, that if we do a bit of digging some familiar names appear.

My next task will be to take another look at TimeTrack Media who I mentioned on my blog the other day.


Published Tue, Jan 22 2008 7:40 by sandi


# re: Malicious advertisement source -

Tuesday, January 22, 2008 1:01 PM by K

I want to comment on this because I was tricked by as well. They approached us very professionally. We setup the ad campaign really quickly. After a while, I began receiving emails that people were getting some spyware. I didn't know what it was at first until I did a search on and found this post.

# re: Malicious advertisement source -

Tuesday, January 29, 2008 3:24 PM by Sjarel

Great to see someone confirming my suspicions :

# re: Malicious advertisement source -

Saturday, February 16, 2008 9:18 AM by Joel Teo

This sucks, affiliate marketers being scammed to promote spyware related programs...

I wonder what next is in store for us.

# re: Malicious advertisement source -

Wednesday, September 24, 2008 7:14 AM by WGilbert

I would appreaciate it if you would stop NOW breaking into my computer and advertising WINDEFENDER.  If I wanted to take this out I can read your stuff and I would buy it BUT I dont want it.  Once I can understand but to keep on and on.  I dont want your stuff so please quit sending it to me.  It is annoying and I would like it if you stopped now.  I do know how to contact you if I change my mind, but please stop ASAP.  Thank You.

# re: Malicious advertisement source -

Wednesday, September 24, 2008 10:25 PM by sandi


You do realise that this web site (Spyware Sucks) has got nothing to do with the distribution of WinDefender, yes?  You're complaining to/asking the wrong person.