ALERT: treat all content from Olympic Media (olympicmedia.net) with extreme caution
Olympic Media has been caught distributing malvertizing ... again (thanks to Kimberley for the heads up).
Why do I say again? Because a usatoday representative posted to my blog back in September claiming that Olympic Media had sold them a malvertizement.
Anyway, back to present day. This time Olympic Media are distributing a cyberipod malvert.
Adopstools results - you will see that it is not even one of the newer style, difficult to detect adverts:
http://www.adopstools.com/index.asp?page=quicklink&id=o0CVw0KNmEe0g8sv
When the advert is run, it reaches out to two domains - freegreenstats.com and statisticsmanager.com.
statisticsmanager.com drops a cookie for adnetserver.com before leading us to onlinestatsmanager.com. From there we end up at online-info-clicks.com, is which the first URL that exposes the victim to fraudware. online-info-clicks.com redirects the victim to anti-virus-live-scan.com.
The advert also uses _url within its code (which means it can change its behavior depending on where it is run from), and runs timezone checks (again, as a way to control the advert's behavior).
So, what does the various domains tell us? Kimberley has done already done the hard work so I shall refer you to her report. You'll note that she draws a connection between Olympic Media and a known bad actor, Atlantmedia.
Also, you'll see that another malvert was discovered on MSN (this time the Encarta site). Thankfully, that advert has been pulled from circulation.
BTW, note the spelling mistakes on the Olympic Media home page... "dvertising" instead of "advertising" appears twice.
