Malvertisement featuring FedEx Kinko reported to be appearing on www.diynetwork.com
This alert was sent to me via private email, by the same person who reported the latest malvertizement at 123greetings.com.
It should be noted that I have not personally seen the advertisement appearing on www.diynetwork.com.
The advertisement itself can be seen at:
http://id325708.adszedo.com/300x250.swf
Loading the URL also loads:
adtds2.promoplexer.com/statsa.php?campaign=708&u=1207097411103
As well as adsraise.com/mbuyers/statistics.html
Other malicious URLs associated with this campaign include:
station-appraisals.com/c/index.php?id=TGVwWjgwV29vcWdVVWlxRk8wNDRoPTEyMDQ2NTE3
MjcmcG56Y252dGE9cWJjYmm7NkiZmdm95bAYNkiDgNmYNkiDgNm
and waytotheprofit.com/?cmpid=dopossibly
Note that the campaign ID, "dopossibly", has been linked to the malicious advertisements that hit Expedia France, and voyages-sncf.com. In the case of Expedia France and voyages-sncf.com, the malvertizement was a French language "YourMusic" advertisement.
adszedo.com is hosted by IWEBGROUP, and their name servers are supplied by everydns.net. Its closest name and mailserver relationship is, according to Robtex, with jamclam.us.
The Registrar for adszedo.com, promoplexer.com and adsraise.com is the infamous ESTDOMAINS, a registrar that has been associated with many domains associated with malvertizements. The domain itself was created just a short while ago, on 5 February 2008.
Malvertisement analysis:
http://www.adopstools.com/index.asp?page=quicklink&id=i41EYjMlT19abS2W
Any and all content from adszedo.com, promoplexer.com and adsraise.com should be treated with extreme caution.
Screenshots of malvertizement:
