Forceup.com - here is more information about the malicious Firstchoice advertisement

The SWF has been analysed.  We find this URL in the code:
quinquecahue.com/statsa.php?u=1202136191&campaign=oseximious 

The allowed countries for this particular malicious campaign are ZA, US and UK

Banned IPs: 

209.160.0.0-209.160.255.255 Hop One Internet Corporation
196.36.0.0-196.36.255.255 (Internet Solutions (Pty) Ltd (South Africa)

Banned cities: Johannesburg, Tukwila

Kudos to Kimberley for decrypting the SWF contents.

 

Published Thu, Feb 28 2008 7:51 by sandi
Filed under: , , ,

Comments

# re: Forceup.com - here is more information about the malicious Firstchoice advertisement

Thursday, February 28, 2008 9:26 AM by Malcolm

Quinquecahue suprise suprise.

Keep up the good work btw.