ALERT: Malvertizement at allmusic.com and billboard.com
Note: the incident has been reported to a contact at allmusic.
Originally discovered by Kimberley.
Malicious SWF: web.checkm8.com/Ads/435513/bill_300x250-border.swf
Encrypted dynamic text within malvertisement:
From web.checkm8.com we hit clickmatter.net, which loads a "static.gif" which is actually an SWF. From there I was bounced to windows-scannercenter.com to onlinetds.info and forcedscan.com.
web.checkm8.com were involved in other malvertizement outbreaks affecting allmusic:
http://msmvps.com/blogs/spywaresucks/search.aspx?q=checkm8&o=Relevance
checkm8.com - 65.216.116.106 - Massachusetts - Woburn - Mirror Image Internet
ICANN Registrar: Network Solutions Inc
Created: 3 July 1999
NS: DNS01.CHECKM8.COM
NS: DNS02.CHECKM8.COM
clickmatter.net - 216.195.59.78 - Oregon - Portland - Aps Telecom
ICANN Registrar: Estdomains Inc
Created 11 July 2008
NS: DNS251.3FN.NET
NS: NS2.3FN.NET
Shared IP:
1. 6incest.com
2. Cash-traffic.com
3. Clickmatter.net
4. Comix6.com
5. Delmy.com
6. Dragondusk.net
7. Fakerape.net
8. Free-sex-webcams.net
9. Freeringtonesplace.com
10. Full3gp.com
11. Happy-pearls.com
12. Hexinfo.com
13. Incest-team.com
14. Krasavcy.com
15. Listsitepro.com
16. Lyjine.com
17. Masculinaes.com
18. Mondakalendaro.org
19. Mylovegirls.com
20. Pariclub.com
21. Rusexvideo.org
22. Signweeklyhoroscopes.com
23. Sildenafilcitrato.info
24. Sis69.com
25. Sochiss.com
26. Unclezaebiz.com
27. Us-secured.com
28. Violence-action.com
29. Weatherstantion.com
30. Yadirect.com
31. Yourrealsex.com
32. Zadnic.net
windows-scannercenter.com - 83.229.251.28 - Moskva - Moscow - Mchost.ru Inc
ICANN Registrar: DIRECTI INTERNET SOLUTIONS
Creatd 21 Sept 2008
NS: NS1.WINDOWS-SCANNERCENTER.COM
NS: NS2.WINDOWS-SCANNERCENTER.COM
onlinetds.info - 216.240.134.211 - California - Irvine - Go2online Corp
ICANN Registrar: Estdomains Inc
Created: 16 Sept 2008
NS: NS1.FREEFASTDNS.COM
NS: NS2.FREEFASTDNS.COM
forcedscan.com - 64.86.17.44 - Ontario - Brampton - Velcom
ICANN Registrar: Onelinenic, Inc
Created: 26 Sept 2008
NS: NS1.FREEFASTDNS.COM
NS: NS2.FREEFASTDNS.COM
3FN.NET - 64.124.84.145 - California - San Jose - Aps Communication
ICANN Registrar: Intercosmos Media Group, Inc D/B/A directnic.com
Created: 2 Sept 2002
NS: NS5.3FN.NET
NS: NS8.3FN.NET
FREEFASTDNS.COM
ICANN Registrar: Onlinenic, Inc
Registrant, "Igor Goroshko", Moscow, RU
Created 17 Sept 2008
NS: NS1.FREEFASTDNS.COM (91.203.92.47)
NS: NS2.FREEFASTDNS.COM (77.244.220.138)
NS1.FREEFASTDNS.COM (91.203.92.47) - United Kingdom Isp Uatelecom
Reverse IP: protectiononlineinfo.com
protectiononlineinfo.com - 91.203.92.47 - United Kingdom - Isp Uatelecom
ICANN Registrar: Wild West Domains Inc
Created: 8 Sept 2008
NS: NS51.DOMAINCONTROL.COM
NS: NS52.DOMAINCONTROL.COM
NS2.FREEFASTDNS.COM (77.244.220.138) - Russian Federation St. Petersburg Allocation For Our Customer Primenet
77.244.220.%
1. A-vxp2008.com
2. Anti-virus-xp.com
3. Anti-virusxp2008.net
4. Antivir08.com
5. Antivirxp.net
6. Av-xp08.net
7. Av-xp2008.net
8. Avx08.net
9. Eantivirus-payment.com
10. Xp-protector.com
11. Xpprotector.com
12. Youpornzztube.com
13. Counterlog.net
14. Dumps4your.biz
15. Optdns.org
16. Google-analyzing.com
17. Besenok.net
18. Gibrportable.net
19. Chronotimex.com
20. Flagclubx.com
21. Umanoid.org
22. X0x0l.com