Expedia France/Realmedia hosting malicious SWF featuring yourmusic.com
MAD discovered this incident. Full details here:
The SWF is identical to the one hosted by SNCF.COM
Malicious URLs include:
"http : //station-appraisals.com/c/index.php?id=TGVwWjgwV29vcWdVVWlxRk8wNDRoPTEyMDQ2NTE3MjcmcG56Y252dGE9cWJjYmm7NkiZmdm95bAYNkiDgNmYNkiDgNm"
http: // waytotheprofit.com/?cmpid=dopossibly
The redirect happens as follows. First we hit waytotheprofit.com/?cmpid=dopossibly
which sends us to:
From there we end up at:
And a cookie that expires after just 24 hours or so is set by adservernet.com, statsgod.com and bucksbill.com.
Expedia and 247RealMedia have been alerted.