ALERT: malvertizement featuring Rhapsody (alternative title: Well well, they have a sense of humor….)

I’ve been taking a look-see at the latest malvertizement that has hit my desk (sourced from multiple IP addresses and received over several days) – it is a Rhapsody themed malvertizement that looks like this:

image

 

Visually the malvertizement is identical to one that was circulating at least a year ago.

The malvertizements are hitting different domains despite being visually identical, which is nothing unusual.  That being said, there is a new domain being used to facilitate a browser hijack, and I just to laugh when I saw it:

welovesandi.com

Anyway, let’s take a look-see at this new domain:

welovesandi.com
Website Title: “TotalVirusProtection” (seems they’re still not cleaning up their site code when creating new sites)

ICANN Registrar: Communigal Communications Ltd
Created: 20 March 2009
NS1.WELOVESANDI.COM
NS2.WELOVESANDI.COM
NS3.WELOVESANDI.COM
NS4.WELOVESANDI.COM

IP: 212.177.165.128 - Luxembourg, Steinsel, Root Esolutions

Shares IP address with the following domains, all of which should be treated with extreme caution:

enterprisestat.net, givemystats.com, measurehits.com, pleaselinkmeto.com, statsnclick.com and waytotheprofit.com.

Registrant:

Robert Robinson (RobertSRobinson@mail.com)
4452 Dogwood Lane
Phoenix 85012
602 5205539781

Published Wed, Apr 1 2009 16:00 by sandi
Filed under: ,

Comments

# re: ALERT: malvertizement featuring Rhapsody (alternative title: Well well, they have a sense of humor….)

Wednesday, April 01, 2009 3:56 AM by Conrad Longmore

Mindful of today's date, I checked it out myself. It seems that they do love you after all :)

# re: ALERT: malvertizement featuring Rhapsody (alternative title: Well well, they have a sense of humor….)

Wednesday, April 01, 2009 7:45 AM by sandi

>>LOL<<  Y'know, after I posted, I wondered if anybody would think it was an April Fools joke :o)