3 malvertizements
All created using, we think, Fuse – all use the encrypted-code-as-dynamic-text trick.
Malvertizement 1 (reported by Greg Feezel) and seen on Fox Audience Network:
Hits bigstat.net
ICANN Registrar: REGTIME LTD
Created 18 February 2009
NS1.NAMESELF.COM
NS2.NAMESELF.COM
IP: 212.95.32.166 - Berlin, Netdirekt
Shares IP with greatstat.com
Registrant - bigstat.net and greatstat.com
Anemari Rotko (ranemari@yahoo.com)
Tulskaya, 247/14
Moscow, 109029, Russia
+7 495 364 9627
*****
Malvertizement 2:
Hits clickmatter.net, a domain already featured on this blog several times.
ICANN Registrar: REGTIME LTD
Created 11 July 2008
NS08.DOMAINCONTROL.COM
NS09.DOMAINCONTROL.COM
IP: Currently no web site. Last held IP was 216.195.59.78
Registrant:
Mark Haagland (markhaagland@gmail.com)
Ehijajate tee 150
Tallin, Harjumaa, 13522, EE
+37 262 01114
The email address has been seen in association with domains previously registered to jackyouthere@gmail.com and other malvertizing incidents:
http://msmvps.com/blogs/spywaresucks/archive/2009/01/15/1661878.aspx
http://msmvps.com/blogs/spywaresucks/archive/2009/02/18/1672789.aspx
*****
Malvertizement 3:
Hits adoptserver.info, another domain featured on this blog several times.
ICANN Registrar: REGTIME LTD
Created 24 Jun 2007
NS.ADOPTSERVER.INFO
NS2.ADOPTSERVER.INFO
IP: Offline and currently not resolving. Last held IP was 64.28.187.77
Registrant:
Javier Vega (softjoda@yahoo.com)
Tegelbacken 7, Box 193
Stockholm, 10123
+46 841 23433
softjoda@yahoo.com is associated with 12 domains, including servedad.net which has been implicated in malvertizing incidents in the past: http://msmvps.com/blogs/spywaresucks/archive/2008/12/13/1656668.aspx