Yet another malicious banner advertisement at www.123greetings.com
OK, so tell me oh gentle reader... just how many "free passes" should a website get?
123greetings.com is, once again, displaying a malicious banner advertisement. This is the third incident that I have personally experienced thanks to an advertisement accepted by those responsible for 123greetings.com, and enough is enough.
The URL of the malicious advertisement is:
As you can see, the campaign is new to this blog:
When we analyse the SWF we find this URL:
Yes, Promoplexer.com are known badguys. We also hit adsraise.com/mbuyers/statistics.html
adsraise.com and promoplexer are both hosted by WNET who also provide the name servers. WNET have been mentioned several times in this blog.
The advertisement dumped me at tds.promoplexer.com/statsg.php
That URL led me to the now infamous gnida.swf (tds.promoplexer.com/swf/gnida.swf)
And from there to adtds2.promoplexer.com/in.cgi?12
before I finally ended up at antispywaredeluxe.com/scanner/scan.php?landid=2&depid=&cid=&parid=