Sunday, April 06, 2008 12:25 PM
sandi
Fake Fedex advertisement appears again
This time, the SWF can be accessed via:
unicastads.com/32452/300x250.swf
The last time I saw a fake Fedex malvertizement, just a few days ago, it was here:
id325708.adszedo.com/300x250.swf
As I noted the other day, the Registrar for adszedo.com is the infamous ESTDOMAINS, a registrar that has been associated with many domains associated with malvertizements and the domain itself was created just a short while ago, on 5 February 2008.
Once again, the Registrar for unicastads.com is, you guessed it, ESTDOMAINS. The domain itself was created on 31 March 2008.
Unicastads.com is hosted by IWEBGROUP, and its name servers are provided by SCHLUND and EVERYONES-INTERNET
The unicastads malvertizement, when triggered, brings us to:
adtds2.promoplexer.com/statsa.php?campaign=32452&u=1207445706435
A cookie is set that expires after just 24 hours or so.
We also hit:
tds.promoplexer.com/statsa.php
tds.promoplexer.com/statsg.php
tds.promoplexer.com/swf/gnida.swf
And then we hit:
adtds2.promoplexer.com/in.cgi?12
Before finally hitting:
antispywaredeluxe.com/scanner/scan.php?landid=1&depid=&cid=&parid=&bs=1
Filed under: Security, safety and privacy on the Internet, Vulnerabilities, viruses and exploits