April 2008 - Posts

Carbon Grove - Carbon Reduction Reminder Service

Internet Explorer has partnered with a carbon reduction reminder service to help increase awareness around one of Earth's most precious resources. Browse three endangered forests and plant your own virtual tree while learning how to become a better steward of the environment.

I've completed the questionnaire, and have added the tree to my web site and blog as a Webslice.

Each week, Carbon Grove will send you an email to remind you of your carbon-reducing commitments. Each email will have a link you can click on to keep your virtual tree growing.  As your tree grows it will provide shelter to animals native to your chosen forest (my tree is already sheltering a butterfly after just one growth spurt)

If you ignore the email and do not click on the link, the emails will stop.

Notes: The Carbon Grove website requires Silverlight and IE7 or IE8.

Posted Wednesday, April 30, 2008 12:04 PM by sandi | with no comments
Filed under:

New malvertizement - americansingles.com

Here it is:
image

The malvertizement, if triggered, redirects victims to the URL windowsxp-privacy.net/?id=987650085.  That URL, if a malicious redirect is not triggered, simply dumps the victim at Google.

windowsxp-privacy.net is hosted in Russia, with mail services supplied by estboxes (Intercage) and is registered via Estdomains.

 

Posted Tuesday, April 29, 2008 8:39 AM by sandi | with no comments
Filed under: , , ,

Slow malvertizement clean-up... how frustrating.

The malvertizements discovered on Yahoo are STILL there...

image

Moli.com is still displaying malvertizements as well

image

Posted Monday, April 28, 2008 11:52 PM by sandi | with no comments
Filed under: ,

Alert: malvertizements at moli.com

Kimberley found these ones - full information here:
http://www.bluetack.co.uk/forums/index.php?s=ae5aae56f29889c26c465d6f3aa4e9c1&showtopic=18064&st=30&p=87072&#entry87072

atlas-ads.com is registered using the infamous Estdomains, and if you try to visit the domain you are automatically redirected to the Microsoft owned atlassolutions.com - but don't be fooled - atlas-ads.com has nothing to do with Microsoft.

The appropriate parties have been notified.

Malvert 1 - featuring Neopets: atlas-ads.com/23486/728x90.swf

Malvert 2 - again featuring Neopets: atlas-ads.com/23486/300x250.swf

Posted Monday, April 28, 2008 12:41 PM by sandi | with no comments
Filed under: , , ,

p-mediaonline.com - exercise caution if dealing with them....

Earlier I posted an alert that ReachWe (reachwe.com) has been caught distributing malvertizements.

Kimberley has written about another advertising service that shares IP with reachwe.com - P-mediaonline.com - discussed here:
http://www.bluetack.co.uk/forums/index.php?showtopic=18064&pid=87048&mode=threaded&show=&st=30&#entry87048

reachwe.com and p-mediaonline.com have the same Flash navigation on the opening pages.

P-mediaonline.com was created on 4 April 2008; reachwe.com was created on 6 December 2007.

And, to add to the "yuck" factor, Kimberly uncovers another domain that uses the same contact email address in its WHOIS details as ReachWe - the domain has the charming name of ***-juice.net and yes, it too has a sample of the SWF used by reachwe.com and P-mediaonline.com, albeit with a lot of placeholder text, at ***-juice.net/base.swf:
http://www.bluetack.co.uk/forums/index.php?showtopic=18064&pid=87056&mode=threaded&show=&st=30&#entry87056

reachwe.com;s "Administrative Contact": Martin, Sten smith.realty@yahoo.com
***-juice.net uses: Rudenkov, Pavel smith.realty@yahoo.com

 

Screenshots of ***-juice.net/base.swf - note the details in the Contact Us pane and the URL in the address bar:

image

image

image

Posted Sunday, April 27, 2008 6:32 PM by sandi | with no comments
Filed under: ,

Yahoo aren't listening...

Edit: the malvertizements have been removed from circulation .

And still the problems continue....

I wonder how many hits Yahoo gets per day, and how many people are being exposed to fraudware, while these advertisements are allowed to remain online...

image

image

image

Posted Sunday, April 27, 2008 12:21 PM by sandi | 4 comment(s)
Filed under: , , ,

Be very cautious if accepting advertising from ReachWe LLC

Cite this discussion:
http://www.geekvillage.com/forums/showthread.php?p=178973

There are three complaints about malicious advertisements being supplied by ReachWe in that discussion.

You'll note that somebody who claims to be from Yahoo posted a comment to that discussion on 16 April claiming to have been supplied malvertizements by ReachWe.  Yet here we are, seeing malvertizements on Yahoo sites even now.  It seems to me that Yahoo needs to tighten up their processes and procedures - and soon.

Thanks to Kimberley of http://www.bluetack.co.uk/forums/index.php?showforum=239 for the heads up about the thread.  Kimberley will be posting more information about ReachWe soon...

 

Posted Sunday, April 27, 2008 11:29 AM by sandi | with no comments
Filed under: , , ,

Yet another malvertizement at Yahoo Mail...

Edit: the malvertizement has been removed from circulation 

And another one - the URL for this one is:

eur.a1.yimg.com/java.europe.yimg.com/eu/any/yahoonew300x250.swf

Even if you don't get redirected, the malvertizement still let's the bad guys know that it is on display by sending info to adtds2.promoplexer.com/statsa.php?campaign=yahoo and adsraise.com/mbuyers/statistics.html

Yahoo is one of the few companies where I *don't* have a high level contact  :o(

image

Posted Saturday, April 26, 2008 8:29 PM by sandi | with no comments
Filed under: , , ,

Malvertizement problems continue at Yahoo

Edit: the malvertizement has been removed from circulation 

Here it is at Yahoo Mail:
image

Posted Saturday, April 26, 2008 6:57 PM by sandi | with no comments
Filed under: , , ,

Warning: malvertizement at Yahoo Groups!

Edit: the malvertizement has been removed from circulation 

Here it is, in situ - it is familiar, yes?

 image

 

This is the URL of the malvertizement:
eur.a1.yimg.com/java.europe.yahoo.com/eu/any/yahoonew728x90.swf

The malicious SWF leads us to:
adtds2.promoplexer.com/statsa.php?campaign=yahoo

And:
track.trackads.net/statsa.php?campaign=yahoo

 

Any other site that uses Yahoo advertising (Yahoo mail, or Ebay for example) could potentially expose visitors to the malvertizement and fraudware sites.

Posted Saturday, April 26, 2008 11:35 AM by sandi | 1 comment(s)
Filed under: , , ,

Old malvertizement featuring getsafeonline

I was intrigued to see this malvertizement pop up on my radar - Mike of mikeonads.com first wrote about this advert back in early 2007.  Perhaps the bad guys think we have short memories Wink

The URLs (thanks Kimberley) used by the malvertizement are:

burnads.com/crossdomain.xml  (this page was apparently last modified in November 2007)
burnads.com/stats.php?campaign=heldthin

Screenshots:

 

Posted Wednesday, April 23, 2008 10:50 AM by sandi | 1 comment(s)
Filed under: , , ,

New malvertizement featuring Nielsen/NetRatings

Yet another big name is being impersonated via a malvertizement.

The Nielsen malvertizement reveals a new malicious domain, xp-vista-update.net, hosted in Russia with name servers provided by the infamous estboxes.

The domain was created on 25 March 2008.

The malicious URL is xp-vista-update.net/?id=244400121 (currently redirecting to Google).

Here are screenshots of the malvertizements:

 image

   image

   image

 

 

 

 

 

 

 

Posted Wednesday, April 23, 2008 8:30 AM by sandi | with no comments
Filed under: , , ,
More Posts Next page »