New "surveys" malvertizement
Adopstools.com was not able to analyse the sample that I have, but there is more than one way to get things done.
The malicious SWF exposes victims to two different URLs:
The yourredirect.com URL redirects to a fraudware site, being:
yourredirect.com was created on 4 April 2008 and is protected by privacyprotect.org
impressiontracker.com was created on 8 April 2008, and WHOIS refers us to a "Carol Hamilton" of eosads.com .
Both impressiontracker.com and yourredirect.com use mynickname.com name servers...
eosads.com (the domain revealed by a WHOIS check of impressiontracker.com) is, in turn, registered via none other than the infamous estdomains. The domain was created on 8 February 2007, updated on 10 March 2008 and expires on 8 February 2009.
Screenshots of the malvertizement:
The malicious SWF is hosted by content.yieldmanager.edgesuite.net. The appropriate parties have been notified.