New malvertizement featuring Colgate...
Here it is folks, hot off the press...
What can I say... the sheer arrogance of those behind the malvertizement is staggering - they believe that they can impersonate a multi-million dollar corporation without fear.
When we analyse the malvertizement we find this URL:
That URL, in turn, redirects us to:
The trackads.net URL loads an SWF that dumps a victim at hijack sites, including a URL at:
trackads.net is a new name, which Robtex reports as being hosted by "GE Medical Systems Information Technologies".
trackads.net is registered via ESTDOMAINS.
trackads.net was created on 7 April 2008.... yep, it is that new. It was then updated on 8 April 2008.
Trackads shares A Records and Name Servers with many interesting names, including:
aachilpavet.com; adult-amateur-porn-videos.com; adultamateurpornvideos.com; alifethatworks.com; animalgangbangs.com; annieobrien.com; ashyboy.com; assrascal.com; beautifullbutts.com; biblesbythecaselot.com; bigtitsbreasts.com; boundforwealth.com; caloffe.com; diablostocks.com; dns112.com; domix.info; dumpthedodo.com; energosnab.com; fivestarsporno.com; fscl.info; geldenfish.com; golden-retriever-puppies.com; harken-home.com; mature-sexxx.com; mikeswannmusic.com; myharleyforsale.com; nikkilopez.com; novimagem.info; plumperpictures.com; politicalbbq.com; preciousfantasia.com; searchowl-info.com; sulfiteinfo.com; tastethetoe.com; teen-sex-pages.com; thebanquetthemovie.com; thelandofmyr.com; voyah.com; ;wildwildwicks.com; womanextra.com; xxx-designer.com; zastonjserver.com
I also see we are being referred to a URL at:
maxconvert.com is in the Ukraine.... and shares A Records with none other than... promplexer....
I'm not reproducing the entire URL because, to be honest, part of the URL is encrypted and I have no idea what information may be being revealed if I make it public, so, better safe than sorry....
Screenshot of malvertizement web site: