Spyware Sucks

But here is the dirty little secret of browser security: Even if every Internet browser made today were completely bug-free, it wouldn't stop malicious hackers and malware. Why? Because the vast majority of successful malicious exploits today don't exploit buggy browsers, but rather unwitting end-users. That is, Web-based malware is successful because end-users are intentionally installing it! Most exploit code doesn't search for an unpatched vulnerability, but simply asks the user to install. - Roger Grimes, Infoworld

"There is no magic fairy dust protecting Macs" - Dai Zovi, security researcher and co-author of The Mac Hacker's Handbook.

New malvertizement featuring Colgate...

Here it is folks, hot off the press...

What can I say... the sheer arrogance of those behind the malvertizement is staggering - they believe that they can impersonate a multi-million dollar corporation without fear.

When we analyse the malvertizement we find this URL:

adtds2.promoplexer.com/statsa.php?campaign=mark

That URL, in turn, redirects us to:
track.trackads.net/statsa.php?campaign=mark&u=

The trackads.net URL loads an SWF that dumps a victim at hijack sites, including a URL at:
antispywaredeluxe.com

trackads.net is a new name, which Robtex reports as being hosted by "GE Medical Systems Information Technologies".

trackads.net is registered via ESTDOMAINS.

trackads.net was created on 7 April 2008.... yep, it is that new. It was then updated on 8 April 2008.

Trackads shares A Records and Name Servers with many interesting names, including:

aachilpavet.com; adult-amateur-porn-videos.com; adultamateurpornvideos.com; alifethatworks.com; animalgangbangs.com; annieobrien.com; ashyboy.com; assrascal.com; beautifullbutts.com; biblesbythecaselot.com; bigtitsbreasts.com; boundforwealth.com; caloffe.com; diablostocks.com; dns112.com; domix.info; dumpthedodo.com; energosnab.com; fivestarsporno.com; fscl.info; geldenfish.com; golden-retriever-puppies.com; harken-home.com; mature-sexxx.com; mikeswannmusic.com; myharleyforsale.com; nikkilopez.com; novimagem.info; plumperpictures.com; politicalbbq.com; preciousfantasia.com; searchowl-info.com; sulfiteinfo.com; tastethetoe.com; teen-sex-pages.com; thebanquetthemovie.com; thelandofmyr.com; voyah.com; ;wildwildwicks.com; womanextra.com; xxx-designer.com; zastonjserver.com

I also see we are being referred to a URL at:

maxconvert.com

maxconvert.com is in the Ukraine.... and shares A Records with none other than... promplexer....

I'm not reproducing the entire URL because, to be honest, part of the URL is encrypted and I have no idea what information may be being revealed if I make it public, so, better safe than sorry....

Screenshot of malvertizement web site:

Published Mon, Apr 14 2008 23:32 by sandi

Filed under: Security, safety and privacy on the Internet, Vulnerabilities, viruses and exploits

Comments

# re: New malvertizement featuring Colgate...

Monday, April 14, 2008 3:40 PM by Alonzo

Was this up and running for a long period of time? it seems not to do its malicious stuff anymore...

Spyware Sucks

This Blog

Syndication

Search

Tags

Community

Archives

News

New malvertizement featuring Colgate...

Comments

# re: New malvertizement featuring Colgate...