Browse by Tags

All Tags » Malvertizing » Fraudware (RSS)
Fri, Jan 28 2011 9:23

FTC versus Innovative Marketing etc - developments

The FTC announced today that Marc D'Souza and Maurice D'Souza will hand over $8.2 million in ill-gotten gains which is pretty much the entirety of money that they made from the scareware schemes that they participated in, or benefited from, years...
Posted by sandi | 1 comment(s)
Filed under: ,
Thu, Jul 29 2010 19:05

ALERT: Please treat content from aegadvancedmedia.com with extreme caution

Nokia Theatre L.A. Live (nokiatheatrelalive.com) is serving exploits via aegadvancedmedia.com Historical badness at aegadvancedmedia.com (btw, homedepotcenter.com is still serving exploits – stay away from there too): http://www.google.com/safebrowsing...
Posted by sandi | with no comments
Filed under: , ,
Thu, Jul 15 2010 15:54

Malvertizing at Tweetmeme (again)

  You may recall that Wayne Small of SBSFAQ contacted me to warn that there was malvertizing at tweetmeme back in December 2009 – well, tweetmeme have a problem again. This time I see no openx.  Instead, we bounce from ads.tweetmeme.com to y5...
Posted by sandi | 2 comment(s)
Filed under: ,
Wed, Jul 7 2010 18:46

Innovative Marketing - slowly the old domains fall away

I still keep an eye on known Innovative Marketing pseudonyms; information continues to trickle in about domains that they have registered in the past. Old bad domains have been expiring, and sometimes the protection of services such as Moniker Privacy...
Posted by sandi | 1 comment(s)
Filed under: ,
Mon, Jul 5 2010 17:45

A quick update regarding James Reno

In what I can only describe as a display of optimism, Reno has hired an attorney and entered a plea of "not guilty" to all counts of the indictment filed by the Special March 2010 Grand Jury which charged him, Bjorn Daniel Sundin and Shaileshkumar...
Posted by sandi | with no comments
Filed under: ,
Wed, Jun 2 2010 14:36

Interpol photograph of Shaileshkumar Jain (aka Sam Jain)

Seen here: http://www.interpol.int/public/Data/Wanted/Notices/Data/2009/45/2009_13445.asp   I’m not sure that I see a similarity to the Wikipedia picture:   Thanks to Sophos for the link to the Interpol entry.
Posted by sandi | 5 comment(s)
Filed under: ,
Mon, May 31 2010 15:22

Some quick notes re Jain and the charges of money laundering

The indictment filed against Sam Jain gives an indication of the sort of money Jain was making from his fake Symantec software. The indictment lists the following international money transfers: approximately US$150,000 transferred on 15 March 2005 from...
Posted by sandi | with no comments
Filed under: ,
Mon, May 31 2010 15:01

U.S. v Bjorn Daniel Sundin, Shaileshkumar P Jain (aka Sam Jain) and James Reno

I am pleased to report that on 26 May 2010, in the United States District Court (Northern District of Illinois, Eastern Division) documents were filed by the Special March 2010 Grand Jury which charged Bjorn Daniel Sundin, Shaileshkumar P Jain (aka Sam...
Posted by sandi | 1 comment(s)
Filed under: ,
Sun, May 30 2010 13:39

ALERT: Please treat “Tuned ads” (tunedads.com), "Barkley & Davis Advertising" (barkleydavis.com), “AweMedia” (awemedia.net) and “Moksly Digital Advertising” (moksly.com) with extreme caution

Domains in this report: tunedads.com - 95.143.193.252 rogloard.com - 95.143.193.246 roxantb.com - 188.72.192.52 moksly.com - 95.143.193.254 barkleydavis.com - 95.143.193.251 awemedia.net - 95.143.193.253 togueno.com - 95.143.193.244 smtpst.com - 95.143...
Posted by sandi | 2 comment(s)
Filed under: ,
Sat, May 1 2010 10:08

Malvertizers stealing old, watermarked graphics

  There are reports of a malvertizement incident using a “Curves” malvertizement. Note the watermark on the advertisement (which was being served via a domain that is attempting to spoof mediaplex: adfarm.mediaplex.com. rulash.com /banners/load.php...
Posted by sandi | with no comments
Filed under: ,
Sun, Apr 18 2010 13:16

More trouble at cubics.com

Again, a Facebook application is affected, but this time it is users in the United States (and perhaps elsewhere) who are being targeted.  The App owner, cubics.com and Facebook have all been notified of the incident and given the necessary evidence...
Posted by sandi | 3 comment(s)
Filed under: ,
Wed, Apr 14 2010 0:13

One last post on the Farm Town malvertizement incident

I posted this to Farm Town here :   This response was posted, just 14 minutes later – note that my post was edited not once (by “candlelight”), but twice – once to disable the links (which I don’t have a problem with) and then again over 12 hours...
Posted by sandi | 2 comment(s)
Filed under: ,
Mon, Apr 12 2010 23:57

Update on Farm Town

I received an email from adknowledge.com 50 minutes ago to advise that they have identified and taken down the malicious advertisement. There is, of course, much that needs to be addressed.  How did the advert get in in the first place? If Farm Town...
Posted by sandi | 6 comment(s)
Filed under: ,
Mon, Apr 12 2010 21:53

Conrad digs deeper

Oh boy… Conrad took a look at the traffic hitting justimpression.com http://blog.dynamoo.com/2010/04/farmtown-impressionclubcom-and.html   One thing I will point out is that those stats are for people visiting justimpression.com who are based in...
Posted by sandi | with no comments
Filed under: ,
Mon, Apr 12 2010 21:34

More on the Malvertizing problem

Graham Cluney writes: http://www.sophos.com/blogs/gc/g/2010/04/12/farm-town-virus-warning-malvertising-work/   And there is a *big* thread on the Farm Town forums: http://slashkey.com/forum/showthread.php?s=0ac5ce13b15397a9577dee639cf9e205&t...
Posted by sandi | with no comments
Filed under: ,
Mon, Apr 12 2010 18:55

Confirmed – the FarmTown application on Facebook is displaying malicious advertising

IMPORTANT NOTE: THE APPLICATION AFFECTED IS FARM TOWN , NOT FARMVILLE.  THE ORIGINAL ARTICLE HAD ‘FARMVILLE’ IN THE TITLE – THAT WAS QUICKLY AMENDED BUT SOME RSS FEEDS MAY HAVE PICKED UP THE ORIGINAL TITLE. Google Chrome’s protections stopped the...
Posted by sandi | 2 comment(s)
Filed under: ,
Fri, Apr 2 2010 17:09

Alert: malvertizing at eventful.com

  eventful.com have been hit by a malvertizing incident involving mojoadserver.net.  All domains marked in BOLD should be treated with extreme caution. I did not see a redirect during my tests, but I did see content from t.locpub.com that led...
Posted by sandi | with no comments
Filed under: ,
Wed, Mar 31 2010 12:07

ALERT: Please treat all content from plexusmedia-adv.com and plexusmedia.net with extreme caution

As always, all domains listed here (except for plexusmedia.co.uk) should be treated with extreme caution.   Sources report that suspicious content using the domain plexusmedia-adv.com has been discovered.  This domain redirects to plexusmedia...
Posted by sandi | 3 comment(s)
Filed under: ,
Tue, Mar 30 2010 14:26

These people are not the real MediaPlex

ww1-mediaplex.com ICANN Registrar: BIZCN.COM Created 3 March 2010 IP: 188.72.252.150 - Netdirekt E.k Shares IP with excladri.com, lianeu.com and turn-srv.com Registrant: Amber Clevenger, DNS, admin@ww1-mediaplex.com ***** excladri.com ICANN Registrar...
Posted by sandi | with no comments
Filed under: ,
Fri, Mar 26 2010 14:44

ALERT: Please treat content from coneincorporated.com with extreme caution

  My sources tell me that at least two major online sites have been approached by coneincorporated.com in recent days, and that coneincorporated.com have been caught using the same spoofing sub-domain trick that I wrote about earlier . coneincorporated...
Posted by sandi | with no comments
Filed under: ,
More Posts Next page »