Wednesday, April 16, 2008 8:43 AM
sandi
Another malvertizement featuring yourmusic.com
Here's a screenshot - nothing new here...
Malicious SWF URL:
adroll.com/u/ads/POOPATPCXNFSNB35TZLVYO/FKM7SN4NXNAJLH75HOCZYB.swf
Campaign.
(Edited to correct host details)
page2.googiesindication.com/crossdomain.xml
Note: page2.googiesindication.com is hosted by the infamous Securehost. Nine Internet Solutions, the same provider implicated in the Blick.ch outbreak - is host of googiesindication.com [no page2 appended]). Domain created on 26 November 2007.
page2.googiesindication.com/c/index.php? id=eWtkekFoRmpzSFQwMWVySTVRSUNoPTEyMDQwMzE5MjMmcG56Y252dGE9Ymm7NkiZmcmFncmFwcgYN
kiDgNmYNkiDgNm
waytotheprofit.com/?cmpid=ossentence
prevedmarketing.com/?tmn=mwatmpsmcmp&aid=ossentence&lid=&ax=1&ed=2&mt_info=5640_5846_16615
scanner2.malware-scan.com/14_swp/?tmn=null&aid=ossentence_ma14s_mb1sct&lid=&affid=&ax=1&ed=2&mt_info=5640_5846_16615:5745_0_16604
statsgod.com/a/?lang=en&aid=ossentence_ma14s_mb1sct&lid=keyin&affid=keyin&prod_id=655&ref=
bucksbill.com/.stats/refil.php?p=14&aid=ossentence_ma14s_mb1sct&lid=keyin&affid=keyin
Source of information - thanks Kimberley:
http://www.bluetack.co.uk/forums/index.php?showtopic=18064&pid=86914&mode=threaded&show=&st=30&#entry86914
Filed under: Vulnerabilities, Security, safety and privacy on the Internet, viruses and exploits