Spyware Sucks

"There is no magic fairy dust protecting Macs" - Dai Zovi, security researcher and co-author of The Mac Hacker's Handbook.

"The Biblical wisdom “pride comes before a fall” needs to be foremost in the minds of security professionals. There are several aspects to this truth, but it starts with believing it is true. For one, the bad guys are always getting better and trying to get in. They are working harder than ever to defeat whatever you are doing to protect your enterprise. This knowledge alone will change your perspective on your job and when you are “done". What worked today may not work tomorrow. In this light, be careful about the promises you make to others regarding security and the protections you are deploying." - Dan Lohrmann

Fake Fedex advertisement appears again

This time, the SWF can be accessed via:
unicastads.com/32452/300x250.swf

The last time I saw a fake Fedex malvertizement, just a few days ago, it was here:
id325708.adszedo.com/300x250.swf

As I noted the other day, the Registrar for adszedo.com is the infamous ESTDOMAINS, a registrar that has been associated with many domains associated with malvertizements and the domain itself was created just a short while ago, on 5 February 2008.

Once again, the Registrar for unicastads.com is, you guessed it, ESTDOMAINS. The domain itself was created on 31 March 2008.

Unicastads.com is hosted by IWEBGROUP, and its name servers are provided by SCHLUND and EVERYONES-INTERNET

The unicastads malvertizement, when triggered, brings us to:

adtds2.promoplexer.com/statsa.php?campaign=32452&u=1207445706435

A cookie is set that expires after just 24 hours or so.

We also hit:
tds.promoplexer.com/statsa.php
tds.promoplexer.com/statsg.php
tds.promoplexer.com/swf/gnida.swf

And then we hit:
adtds2.promoplexer.com/in.cgi?12

Before finally hitting:
antispywaredeluxe.com/scanner/scan.php?landid=1&depid=&cid=&parid=&bs=1

Published Sun, Apr 6 2008 12:25 by sandi

Filed under: Security, safety and privacy on the Internet, Vulnerabilities, viruses and exploits

Comments

# re: Fake Fedex advertisement appears again

Sunday, April 06, 2008 5:55 PM by Barry

This prompts me to wonder how much legal responsibility belongs to the owners of websites for the content of the ads they display. What I mean is, it's pretty obvious that whoever is pushing these ads is pretty much untouchable directly because of international boundaries, but could FedEx sue the operators of the websites that display the ads? They are, after all, profiting from exploiting the good name (and trademarks) of FedEx without permission.

For that matter, it may take a lawsuit against the website operators to get the website operating community to take greater responsibility for the ads they display. Whether it'll be filed by a company like FedEx whose trademarks are being misused, or as a class action suit by people whose machines got pwned by the resultant malware, is anybody's guess.

Spyware Sucks

This Blog

Syndication

Search

Tags

Community

Archives

News

Fake Fedex advertisement appears again

Comments

# re: Fake Fedex advertisement appears again