Dynamoo finds malvertizing at ebuddy.com
The domain cited by Dynamoo as the end of the legitimate chain, zoombanner.com, is worth a closer look. It may be registered to “Domain Owner” (trafficbuyer.@gmail.com) of 15156 SW 5th of Scottsdale, Arizona *now*, but it used to be registered to a name with a far older, nefarious, history - Modena Inc.
Modena Inc have a dubious history, with complaints as far back to 2005 about "spyware infested filesharing programs", site scraping and 302 domain poisoning:
Modena Inc domains were also part of the malvertizing incident that hit digitalspy.co.uk:
And was implicated in malvertizing that attempted to infect computers via PDF exploit:
There is also a dishonorable mention at bluetack.co.uk (**10** different security exploits were used in that incident) - domains used were banners.exitexchange.com and count.exit1208.com:
It is interesting that ashoping.com was part of the incident recorded at bluetack.co.uk. The registrant, email@example.com, has been seen myriad times, in association with traffichunters.net (which we can tie to Innovative Marketing in the Ukraine):
Since we can follow the bouncing ball back from zoombanner.com to Innovative Marketing in the Ukraine it occurs to me that I should check to see if there has been any progress with the FTC versus Innovative Marketing Lawsuit. My regular readers will know that Sam Jain's lawyers, Patton Boggs, asked for permission to withdraw as Jain's lawyers. That request was granted on the 15th of January.
A telephone conference regarding "Discovery Dispute" was held on the same day - sorry, I have no further information about that.
The second motion for sanctions against Sam Jain, filed on 22 October last year, remains outstanding:
Second MOTION for Sanctions Pursuant to Rule 37 Against Sam Jain by Federal Trade Commission.
"Sam Jain has made a mockery of this proceeding and has demonstrated nothing but contempt for this Court and the American judicial system as a whole. Together with his codefendants, Jain perpetrated one of the largest online frauds ever prosecuted by the FTC, with a total consumer injury figure that – as the Court will soon hear – exceeds $150 million. After being caught red-handed by the FTC, Jain promptly fled the United States, leaving his lawyers behind to delay the FTC’s efforts to redress the massive consumer injury Jain helped inflict. After nearly a year of delay, Jain has reached the end of the road. Unwilling to comply with this Court’s command that he participate in discovery, Jain has no further ability to stall this litigation. As a result, Jain has washed his hands of this matter, and simply disappeared. Given these facts, it is difficult to imagine a case that better supports the imposition of terminating sanctions, or an individual more deserving of such an outcome than Jain."
Personally, I think that people who use services such as ebuddy.com, which asks you to hand over your username and password for MSN, Yahoo, AIM, GTalk, Facebook, ICQ and MySpace, are very foolish. There’s no way I’m ever going to do that – no how, no way.
Don’t forget what happened to RockYou (to cite a recent example):