Sunday, March 23, 2008 5:57 PM
sandi
And another one.... classmates.com has a problem....
This time the URL is:
http://nztv.prod.untd.com/RealMedia/ads/Creatives/ISP/CM_GeminiIntera_FPWS_5_10179/160x600.swf
Same malicious SWF:
iexplorer-security.org/?id=624400105
Same redirect, same end result...
----------
Something occurs to me - let's look closely at the URL - it refers to "GeminiIntera"... could that be a reference to "Gemini Interactive", an online advertising agency?
I'm betting it does. Let's check out who is behind www.geminiinteractive.net.
Gemini Interactive's web site is hosted by...
NETDIRECT (reverse 89-149-242-64.internetserviceteam.com)
Gemini Interactive's name servers are supplied by... and this is a BIG indication of guilt:
ESTBOXES (aka Estdomains, hosted by the infamous INTERCAGE)
Gemini Interactive's mail server is hosted by CERNELNETWORK. There is some interesting information about CERNELNETWORK to be gleaned. A quick Robtex check of IP 64.28.182.147 (the IP address of the mail server used by Gemini Interactive and supplied by CERNELNETWORK) resolves to:
SMTP:220 tiger.esthost.com
The IP address in turn reveals even more names:
2barrels.com
4x4project.com
adoptserver.info
bestseatreserved.com
beststuffservice.com
civilengres.com
freebondagecentral.com
iwantmyseat.com
mail.2barrels.com
mail.4x4project.com
mail.adoptserver.info
mailbestseatreserved.com
mail.beststuffservice.com
mail.civilengres.com
mail.freebondagecentral.com
mail.geminiinteractive.com
mail.iwantmyseat.com
mail.realsearchonline.com
mail.rupissing.com
mail.usaticketinfo.com
realsearchonline.com
rupissing.com
samoterra.com
usaticketinfo.com
Once again we can see that if a web site is willing to complete basic investigations into an advertising agency then they may save themselves a lot of grief.
Any advertising network with the sort of ties revealed in this article cannot and should not be trusted.
It says on the classmates.com web site that classmates.com is a "United Online Company". So, who are United Online?
United Online describes itself as "a leading provider of consumer Internet and media services with over 50 million members across its stable of brands. The company's primary Content & Media segment services include social networking (Classmates) and online loyalty marketing (MyPoints). Its primary Communications segment services include Internet access and email (NetZero and Juno)."
I think I know, now, why I have received several complaints about malicious banner advertisements in association with Juno.
United Online then goes on to say that they "reach over 20% of the US online adult population and have over 50 million members across [their] properties. [Their] advanced targeting and integrated advertising solutions allow advertisers to effectively and efficiently engage with their target audience. In addition, United Online provides advertisers with sophisticated market research capabilities through its CyberTarget division. CyberTarget can create real-time market research in an Internet environment."
United Online may have "sophisticated market research capabilities" but it seems that their researching abilities do not extend to checking into the background or bona fides of those they accept advertising from.
Filed under: Security, safety and privacy on the Internet, Vulnerabilities, viruses and exploits