Developments in the malvertizing world - a new distribution conduit involving MySpace
Kimberley writes about a new distribution conduit that she has found - in this example it is an old malvertizement with a currently inactive campaign.
Details here: Bluetack Forum
In short, funmunch.com is offering a "MySpace Banner" for download that is, in fact, a malvertizement (an old one, but still a malvertizement).
Here's the question - why would funmunch.com make the banner available for download in the first place, presumably without being paid for it, and why would they have left it there after the inevitable complaints were received (of course, we're assuming that MySpace users actually downloaded and used the SWF file, and that victims (sorry, visitors) to the MySpace pages were savy enough to work out how they being hijacked).
Coincidentally, a Jane McIntyre posted a comment to my blog, advising that she had been hijacked while surfing MySpace, and dumped at maxconvert.com (hosted in the Ukraine). I have highlighted maxconvert.com before, and it was discovered that maxconvert.com shares A records with promoplexer.com (a domain associated with fraudware) - a peak at that domain revealed associations with macsweeper and cleantor (both fraudware).
I'm not surprised that the criminals behind malvertizements are using whatever conduit they can to distribute their wares. As advertising networks have gotten better at spotting dodgy advertisements and as the networks pressure their clients (even 'self managing' clients) to check advertising when it is accepted, and as the major web sites have also become more cautious when accepting advertising, and as the names/domains behind malvertizements become more well known, I get the feeling that the pushers of malvertizing are finding it harder and harder to get their wares on to high profile, high traffic sites, with the result being that they are having to pimp their ads to lower traffic, less well known sites where, thankfully, the impact of malvertizing is proportionally lower.
Now, if only we could get MySpace to clean up their act...