ALERT: Malvertizements at foxnews.com - treat all content from adserver.adtechie.net with extreme caution

Malvertizements - lots of them - from adtechie.net.  And some are being served via AdMeld.

Here's an interesting snippet for you - as we know from this article's title, malvertizements from adtechie.net via AdMeld have been spotted on Fox news (see Kimberley's report).   Guess who is CEO at AdMeld - none other than somebody who is apparently an ex employee of Fox Media Interactive - a Michael Barrett - "who was most recently Executive Vice President, Chief Revenue Officer for Fox Interactive Media. Mr. Barrett has previously held senior level positions at AOL, Yahoo, Disney Online and more over his 25-year career".

Cite: http://www.admeld.com/news.html

Now, I don't have a contact at AdMeld, but I *do* have a contact at Fox... let's see if we can get a dialogue going.

Now, who does Fox Media Interactive own?  None other than MySpace - let's hope that they don't share advertising. 

adtechie.net was registered on 3 October 2008 via none other than Directi.  Their IP is 212.95.37.206 (Germany, Netdirekt E.k - another name appearing more often in association with malvertizement domains).

Let's take a look at WHOIS. The declared Registrant, "SD", apparently owns 294 other domains, and apparently goes by the name of Dietmar Hebels (hebels@gmx.ch).

The IP range, 212.95.37.% is shared with some charmingly named domains such as pornosupermodels.info, buyrxgeneric.com, cheapgenericrx.com and thegenericpills.com.  That alone should raised alarm bells for AdMeld.

The full list of domains:

Adclickmate.net | Sharemaster.ru | Smoomy.com | 123rt.net | Emazzo.com | Iiiosh.com | Info9f.com | Tizz3r.com | Answersaboutall.com | Ask-about-all.com | Findhm.com | Freeforcat.net | Freeforcat.org | Fuksu.net | Hmaxsite.com | Omerka.com | Servala.com | Vhmax.com | Virtul.net | Vuala.net | Zipkinci.com | Buyrxgeneric.com | Cheapgenericrx.com | Genericrxmed.com | Pornosupermodels.info | Thegenericpills.com | Seedtillubleed.com | Kuchnie.pl | Meine-kueche24.at | Meine-kueche24.de | Adtechie.net | Speakers4car.com | Azartgame.in | Aoaue.com | Axer52.com | Iiltt.net | Mtptpp.com | Tztxi.net | Uiui77.com | Mazers.net

Oh yes, the malvertizements from adtechie - here they are.  All of them use the encrypted dynamic text trickery that became common with the appearance of malvertizements created using Fuse.  

image 

image image

image

image

image

image

 

 

image  image  image

 

Here is the AdMedl announcement about Michael Barrett.

 

image

Published Sun, Nov 16 2008 21:29 by sandi
Filed under: ,

Comments

# re: ALERT: Malvertizements at foxnews.com - treat all content from adserver.adtechie.net with extreme caution

Tuesday, November 18, 2008 2:36 PM by zorro

Great info!!!!  How did you know which creatives?  Could there be others?

# re: ALERT: Malvertizements at foxnews.com - treat all content from adserver.adtechie.net with extreme caution

Tuesday, November 18, 2008 6:25 PM by Zoomer

Sharemaster.ru - does not spyware or sendmail soft.

Please remove Sharemaster.ru  domain from your list.

# re: ALERT: Malvertizements at foxnews.com - treat all content from adserver.adtechie.net with extreme caution

Tuesday, November 18, 2008 8:39 PM by sandi

No.  The fact that sharemaster.ru is within the IP range of a fraudware site is true and correct at time of writing.  Talk to your host and tell them that you do not like the fact that they are providing a service to unsavoury domains.

# re: ALERT: Malvertizements at foxnews.com - treat all content from adserver.adtechie.net with extreme caution

Tuesday, November 18, 2008 9:02 PM by sandi

re "how do you know which creatives"?  We analyse the creatives using various tools.  The general public should use adopstools.com as a first line of defence, and also conduct comprehensive reputational checks into anybody who wants to sell advertising.

re "could there be others"?  Most certainly :(

# re: ALERT: Malvertizements at foxnews.com - treat all content from adserver.adtechie.net with extreme caution

Wednesday, November 19, 2008 3:08 AM by Zoomer

The fact that one of the customers took advantage of datacenters spayware does not necessarily mean that all other clients, such as.

Your article was not reliable.

# re: ALERT: Malvertizements at foxnews.com - treat all content from adserver.adtechie.net with extreme caution

Wednesday, November 19, 2008 7:55 AM by sandi

Directi is hosting far more than one bad client.  My article has succeeded in its goal by making you aware that your site is sharing infrastructure with known bad guys.  The question is, what are you going to do about it?  Move your site? Complain to Netdirekt?  I will not remove the site from the list because it is still correct to say that it is hosted in the IP range 212.95.37.%