Just when you thought it couldn't get stupider than Cameron' imposing of the smut ban in the UK, this Russian politico has decided to out-do Cameron in the "yep, we can be even more brainless!".
http://www.theregister.co.uk/2013/07/29/russia_to_ban_swearing_on_social_networks_good_luck/
This woman has clearly never seen some of the Russian and Ruskranian blackhat forums I monitor (or for that matter, the majority of forums/social networks etc)
Tuesday, 30 July 2013
Thursday, 25 July 2013
[ALERT] Fake Google Chrome, and yet more malicious SysTweak shenanigans again
Looking up the POST beep codes for a Sony Vaio, led me to a thread on sevenforums.com a few minutes ago, which rather disgustingly (I'd say surprising, but I'm not surprised by SysTweaks ongoing badness anymore - they've been at it so long), led to 4 more examples, of misleading advertising, one belonging to Spark Trust, and 3 others belonging to SysTweak.
The first [1] of these, is at least slightly better, not because it's not misleading - it definitely is (lack of outline around the ad, despite a little icon showing it belongs to an AdChoices ad, and claims of its being free wheen it isn't), and this one belongs to SparkTrust - another company with a history of such behaviour
The second [2] of these is a link that appears to be part of a signature of one of the responders on the forum, but those of us monitoring this for more than 5 minutes, can easily identify it's actual origin.
The third [3] and fourth are yet more SysTweak adverts, using poor attempts to appear as part of the page (note specifically, both the lack of clear outline around the ad, and the placement of the threads title directly above each instance of the offending ads, at the top and bottom of the site).
And the offending URLs (first 3 are the SysTweak ads, the 4th is the SparkTrust ad);
In these cases, sevenforums.com themselves must share the blame, at least partly - they're the ones that chose not only the placement of the offending ads, but also chose to further mislead people by putting the icon (
) and "Recommended Fix:" next to the top and bottom links for SysTweak. Shame on you!
We also have a case of PPI (pay per install) companies, using even worse methods, to peddle their adware and such - this time it's a fake Google Chrome;
googlechrome2013.com
IP: 208.113.174.122 (apache2-quell.sprite.dreamhost.com)
AS: 26347 DREAMHOST-AS - New Dream Network, LLC
The download button leads to (offender: DomaIQ);
hxxp://dls.nicdls.com/d/109/google-chrome/204/446
This is a direct download, no landing pages, nothing. So far, two different MZ's (google-chrome.exe downloaded July 11th, and google-chrome(2).exe downloaded a few minutes ago), but suspect there's more.
Downloads are detected thankfully, with the detection name varying depending on vendors. Malwarebytes users will see it detected as Adware.DomaIQ. However, you'll notice the second file served is showing far fewer detections than the one downloaded a few days ago, which shows the W3i/DomaIQ miscreants, are modifying the installer, and likely (only a suspicion at present) doing so, to prevent flagging.
google-chrome(2).exe - https://www.virustotal.com/en/file/a48d285871ed7d9cc1abde280015500608ae4aa7f3cebe054123df2278fd4cf3/analysis/1374759940/
google-chrome.exe - https://www.virustotal.com/en/file/38f7cff6d599efd4de1d155835b9489e1342d2c214225167bda32d8b4790805d/analysis/1374759948/
I'm going for takedown of this and other offending domains, but in the meantime, you'll want to block the IPs involved.
The first [1] of these, is at least slightly better, not because it's not misleading - it definitely is (lack of outline around the ad, despite a little icon showing it belongs to an AdChoices ad, and claims of its being free wheen it isn't), and this one belongs to SparkTrust - another company with a history of such behaviour
The second [2] of these is a link that appears to be part of a signature of one of the responders on the forum, but those of us monitoring this for more than 5 minutes, can easily identify it's actual origin.
The third [3] and fourth are yet more SysTweak adverts, using poor attempts to appear as part of the page (note specifically, both the lack of clear outline around the ad, and the placement of the threads title directly above each instance of the offending ads, at the top and bottom of the site).
And the offending URLs (first 3 are the SysTweak ads, the 4th is the SparkTrust ad);
hxxp://adclick.g.doubleclick.net/aclk?sa=L&ai=BtijeYyHxUcOcEIGt-gbe84GACenglPcDAAAAEAEgg7-CAjgAWIHMoKRzYLu-roPQCrIBE3d3dy5zZXZlbmZvcnVtcy5jb226AQk3Mjh4OTBfYXPIAQnaAWhodHRwOi8vd3d3LnNldmVuZm9ydW1zLmNvbS9ic29kLWhlbHAtc3VwcG9ydC8xNDkwOTYtb25lLWxvbmctYmVlcC10aGVuLXR3by1zaG9ydC1uby1kaXNwbGF5LXNob3duLTIuaHRtbKkCkVvptyOjuT7AAgLgAgDqAhkvMTAxNTU3OS9TRl9Cb3R0b21fNzIweDYw-AKB0h6AAwGQA4wGmAOMBqgDAeAEAaAGFg&num=0&sig=AOD64_0uhXzZReC_Ca9uGuKqcw3_Z6N5Vg&client=ca-pub-7156303416008077&adurl=https://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=SFlogoFoot&redirectto=http%3a%2f%2fsystweak.com%2fregistrycleaner%2fsf%2f&product=65757
hxxps://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=SFlogoFoot&redirectto=http%3A%2F%2Fsystweak.com%2Fregistrycleaner%2Fsf%2F&product=65757
hxxp://adclick.g.doubleclick.net/aclk?sa=L&ai=BwiMIYyHxUcKcEIGt-gbe84GACYHa6JsDAAAAEAEgg7-CAjgAWKGR6ZhcYLu-roPQCrIBE3d3dy5zZXZlbmZvcnVtcy5jb226AQlnZnBfaW1hZ2XIAQnaAWhodHRwOi8vd3d3LnNldmVuZm9ydW1zLmNvbS9ic29kLWhlbHAtc3VwcG9ydC8xNDkwOTYtb25lLWxvbmctYmVlcC10aGVuLXR3by1zaG9ydC1uby1kaXNwbGF5LXNob3duLTIuaHRtbKkCkVvptyOjuT7AAgLgAgDqAh0vMTAxNTU3OS9TRl9Ecml2ZXJfdG9wXzcyMHg2MPgCgdIekAOMBpgDjAaoAwHQBJBO4AQBoAYW&num=0&sig=AOD64_2Lro3-8iSCd2eCgAIL4vflxnLh-w&client=ca-pub-7156303416008077&adurl=https://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=SFfirst1&redirectto=http%3a%2f%2fsystweak.com%2fregistrycleaner%2fsf%2f&product=65757
hxxps://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=SFfirst1&redirectto=http%3A%2F%2Fsystweak.com%2Fregistrycleaner%2Fsf%2F&product=65757
hxxp://adclick.g.doubleclick.net/aclk?sa=L&ai=Bx7VEYyHxUcGcEIGt-gbe84GACZGK57ECAAAAEAEgg7-CAjgAWKnBnaRzYLu-roPQCrIBE3d3dy5zZXZlbmZvcnVtcy5jb226AQlnZnBfaW1hZ2XIAQnaAWhodHRwOi8vd3d3LnNldmVuZm9ydW1zLmNvbS9ic29kLWhlbHAtc3VwcG9ydC8xNDkwOTYtb25lLWxvbmctYmVlcC10aGVuLXR3by1zaG9ydC1uby1kaXNwbGF5LXNob3duLTIuaHRtbKkCkVvptyOjuT7AAgLgAgDqAhYvMTAxNTU3OS9TRl9Ub3BfNzIweDYw-AKB0h6QA4wGmAOMBqgDAdAEkE7gBAGgBhY&num=0&sig=AOD64_1i00m6dwh3j72K-0Vv5BlsbJn_HA&client=ca-pub-7156303416008077&adurl=https://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=logobig&redirectto=http%3a%2f%2fsystweak.com%2fregistrycleaner%2fsf%2f&product=65757
hxxps://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=logobig&redirectto=http%3A%2F%2Fsystweak.com%2Fregistrycleaner%2Fsf%2F&product=65757
hxxp://www.googleadservices.com/pagead/aclk?sa=L&ai=ColBkYyHxUYSVFsPF8AOb04HQAZL7i5wDqp_0_lTAjbcBEAEgg7-CAigCUOr1_94DYLu-roPQCqABzqGj3wPIAQGoAwHIA9MEqgTFAU_Q9_jsCC0UlzJd6V5U6GkHny1bsZNwKZ6ZQTns4qojhS_0SI5rOmZh2RAAiZ4C0Pc02318b0CaMDr2wE0zrN4uk4Qetvc0Ue0Kqa2zlJG3IMfgctrXwAQWJaewi3TG74VUFl9o6_SsQyF8MLzAsrsD9m7sgrE86jKDU1xHHBENH6G8xg5whsDelEdfmp9ug4TuG_xxrMH5fBQZnXar13mmWtAoCg0z1TsY5QVGUK1m-NMtQtIQdfr1syNcku95r36-W7PciAYBgAea3twg&num=1&cid=5GiY9hllOdF6PD_5b5oCaq15&sig=AOD64_1SLQu_RdKFZ9MvBOiBZxidnA9sTA&client=ca-pub-7156303416008077&adurl=http://www.sparktrust.com/fastercomputerfix&nm=12&mb=2&bg=!A0QyWkbQpMP-3gIAAAAmUgAAACMqANfoeFF1_1mPukFOChei1Pmh8ItgRcBxfOWhLxSWpDDVueX2yfX-Sq458S11mPVB-M893V_MT_VrfzBds4I3prb-kYCAsoTX36jFacQek38efW7i1DCD-uMWd80YG8mxei2fT8M_hh5davO-Xpok7SioQnRgi9nSJYGQwgIxmljh4eWyNvrEwxUyLnGCwlNAVizp6gnFG0V3sMcRgSyAAufd96OxX-POyf9m7PO8BHLnhvtGUeIwJNnPK6gO1IPrynZeA71oNuU1_wQ_WmPaY7Al0cv_A6clzg
hxxp://www.sparktrust.com/fastercomputerfix?gclid=CKO308_dyrgCFcZd3godKkQATg
hxxps://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=SFlogoFoot&redirectto=http%3A%2F%2Fsystweak.com%2Fregistrycleaner%2Fsf%2F&product=65757
hxxp://adclick.g.doubleclick.net/aclk?sa=L&ai=BwiMIYyHxUcKcEIGt-gbe84GACYHa6JsDAAAAEAEgg7-CAjgAWKGR6ZhcYLu-roPQCrIBE3d3dy5zZXZlbmZvcnVtcy5jb226AQlnZnBfaW1hZ2XIAQnaAWhodHRwOi8vd3d3LnNldmVuZm9ydW1zLmNvbS9ic29kLWhlbHAtc3VwcG9ydC8xNDkwOTYtb25lLWxvbmctYmVlcC10aGVuLXR3by1zaG9ydC1uby1kaXNwbGF5LXNob3duLTIuaHRtbKkCkVvptyOjuT7AAgLgAgDqAh0vMTAxNTU3OS9TRl9Ecml2ZXJfdG9wXzcyMHg2MPgCgdIekAOMBpgDjAaoAwHQBJBO4AQBoAYW&num=0&sig=AOD64_2Lro3-8iSCd2eCgAIL4vflxnLh-w&client=ca-pub-7156303416008077&adurl=https://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=SFfirst1&redirectto=http%3a%2f%2fsystweak.com%2fregistrycleaner%2fsf%2f&product=65757
hxxps://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=SFfirst1&redirectto=http%3A%2F%2Fsystweak.com%2Fregistrycleaner%2Fsf%2F&product=65757
hxxp://adclick.g.doubleclick.net/aclk?sa=L&ai=Bx7VEYyHxUcGcEIGt-gbe84GACZGK57ECAAAAEAEgg7-CAjgAWKnBnaRzYLu-roPQCrIBE3d3dy5zZXZlbmZvcnVtcy5jb226AQlnZnBfaW1hZ2XIAQnaAWhodHRwOi8vd3d3LnNldmVuZm9ydW1zLmNvbS9ic29kLWhlbHAtc3VwcG9ydC8xNDkwOTYtb25lLWxvbmctYmVlcC10aGVuLXR3by1zaG9ydC1uby1kaXNwbGF5LXNob3duLTIuaHRtbKkCkVvptyOjuT7AAgLgAgDqAhYvMTAxNTU3OS9TRl9Ub3BfNzIweDYw-AKB0h6QA4wGmAOMBqgDAdAEkE7gBAGgBhY&num=0&sig=AOD64_1i00m6dwh3j72K-0Vv5BlsbJn_HA&client=ca-pub-7156303416008077&adurl=https://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=logobig&redirectto=http%3a%2f%2fsystweak.com%2fregistrycleaner%2fsf%2f&product=65757
hxxps://systweak.cleverbridge.com/305/cookie?affiliate=9809&x-at=logobig&redirectto=http%3A%2F%2Fsystweak.com%2Fregistrycleaner%2Fsf%2F&product=65757
hxxp://www.googleadservices.com/pagead/aclk?sa=L&ai=ColBkYyHxUYSVFsPF8AOb04HQAZL7i5wDqp_0_lTAjbcBEAEgg7-CAigCUOr1_94DYLu-roPQCqABzqGj3wPIAQGoAwHIA9MEqgTFAU_Q9_jsCC0UlzJd6V5U6GkHny1bsZNwKZ6ZQTns4qojhS_0SI5rOmZh2RAAiZ4C0Pc02318b0CaMDr2wE0zrN4uk4Qetvc0Ue0Kqa2zlJG3IMfgctrXwAQWJaewi3TG74VUFl9o6_SsQyF8MLzAsrsD9m7sgrE86jKDU1xHHBENH6G8xg5whsDelEdfmp9ug4TuG_xxrMH5fBQZnXar13mmWtAoCg0z1TsY5QVGUK1m-NMtQtIQdfr1syNcku95r36-W7PciAYBgAea3twg&num=1&cid=5GiY9hllOdF6PD_5b5oCaq15&sig=AOD64_1SLQu_RdKFZ9MvBOiBZxidnA9sTA&client=ca-pub-7156303416008077&adurl=http://www.sparktrust.com/fastercomputerfix&nm=12&mb=2&bg=!A0QyWkbQpMP-3gIAAAAmUgAAACMqANfoeFF1_1mPukFOChei1Pmh8ItgRcBxfOWhLxSWpDDVueX2yfX-Sq458S11mPVB-M893V_MT_VrfzBds4I3prb-kYCAsoTX36jFacQek38efW7i1DCD-uMWd80YG8mxei2fT8M_hh5davO-Xpok7SioQnRgi9nSJYGQwgIxmljh4eWyNvrEwxUyLnGCwlNAVizp6gnFG0V3sMcRgSyAAufd96OxX-POyf9m7PO8BHLnhvtGUeIwJNnPK6gO1IPrynZeA71oNuU1_wQ_WmPaY7Al0cv_A6clzg
hxxp://www.sparktrust.com/fastercomputerfix?gclid=CKO308_dyrgCFcZd3godKkQATg
In these cases, sevenforums.com themselves must share the blame, at least partly - they're the ones that chose not only the placement of the offending ads, but also chose to further mislead people by putting the icon (
) and "Recommended Fix:" next to the top and bottom links for SysTweak. Shame on you!
We also have a case of PPI (pay per install) companies, using even worse methods, to peddle their adware and such - this time it's a fake Google Chrome;
googlechrome2013.com
IP: 208.113.174.122 (apache2-quell.sprite.dreamhost.com)
AS: 26347 DREAMHOST-AS - New Dream Network, LLC
The download button leads to (offender: DomaIQ);
hxxp://dls.nicdls.com/d/109/google-chrome/204/446
This is a direct download, no landing pages, nothing. So far, two different MZ's (google-chrome.exe downloaded July 11th, and google-chrome(2).exe downloaded a few minutes ago), but suspect there's more.
File MD5 Size
/malware/dls.nicdls.com/google-chrome(2).exe 10095b71d0a9979b6e6b61a635ac713a 541.91 KB
/malware/dls.nicdls.com/google-chrome.exe 8e50c65c85f37580238624bc2bbc6b6b 222.29 KB
/malware/dls.nicdls.com/google-chrome(2).exe 10095b71d0a9979b6e6b61a635ac713a 541.91 KB
/malware/dls.nicdls.com/google-chrome.exe 8e50c65c85f37580238624bc2bbc6b6b 222.29 KB
Downloads are detected thankfully, with the detection name varying depending on vendors. Malwarebytes users will see it detected as Adware.DomaIQ. However, you'll notice the second file served is showing far fewer detections than the one downloaded a few days ago, which shows the W3i/DomaIQ miscreants, are modifying the installer, and likely (only a suspicion at present) doing so, to prevent flagging.
google-chrome(2).exe - https://www.virustotal.com/en/file/a48d285871ed7d9cc1abde280015500608ae4aa7f3cebe054123df2278fd4cf3/analysis/1374759940/
google-chrome.exe - https://www.virustotal.com/en/file/38f7cff6d599efd4de1d155835b9489e1342d2c214225167bda32d8b4790805d/analysis/1374759948/
I'm going for takedown of this and other offending domains, but in the meantime, you'll want to block the IPs involved.
Monday, 22 July 2013
Alert: (Yet more) misleading adverts [iLivid, Tuguu]
One of these days (yep, day dreaming again), I'll go on a little virtual walk, and not bounce off of misleading adverts such as the following. All were found in the usual places (adf.ly, adfoc.us) and sites engaged in scamming (watchfreemovies.ch - found whilst investigating another site).
The award for the most disgusting scareware advert goes surprise surprise, to SysTweak - who are responsible the latter of the above.
The offending ad networks include;
a.adorika.net
webtrackerplus.com
network.adsmarket.com
ad.yieldmanager.com
ad.xtendmedia.com
I know what most of you are likely thinking - tell us something we don't know, well I'm afraid - I can't. It's simply blatant misleading adverts, used to push bundleware rubbish. Needless to say - avoid them like the plague they are (those using ad blockers, HOSTS files etc, shouldn't see these).
Offending URLs:
The award for the most disgusting scareware advert goes surprise surprise, to SysTweak - who are responsible the latter of the above.
The offending ad networks include;
a.adorika.net
webtrackerplus.com
network.adsmarket.com
ad.yieldmanager.com
ad.xtendmedia.com
I know what most of you are likely thinking - tell us something we don't know, well I'm afraid - I can't. It's simply blatant misleading adverts, used to push bundleware rubbish. Needless to say - avoid them like the plague they are (those using ad blockers, HOSTS files etc, shouldn't see these).
Offending URLs:
hxxp://vube.com/SexyGirls/OTOWA0fW6U/L/vote?t=s
hxxp://www.webtrackerplus.com/?a_aid=4e7794ed28862&a_bid=d0b987a9
hxxps://cinaplay.com/Registration?&theme=flowplayerregister_darkblue&a_aid=4e7794ed28862&a_bid=d0b987a9&chan=&pubid=&sid=&clickid=&subid=&g=6bec347f256837d3539ad619bd489de7&
hxxps://vidzstar.com/Registration?&theme=flowplayerregister_darkblue&a_aid=4e7794ed28862&a_bid=d0b987a9&chan=&pubid=&sid=&clickid=&subid=&g=47e2c20850a2d37694681de58a4054d7&
hxxp://www.webtrackerplus.com/?a_aid=4e7794ed28862&a_bid=d0b987a9
hxxps://filmlair.com/Registration?&theme=flowplayerregister_darkblue&a_aid=4e7794ed28862&a_bid=d0b987a9&chan=&pubid=&sid=&clickid=&subid=&g=89302c777b1da7c5ca06e784d2d2c81a&
hxxp://www.webtrackerplus.com/?a_aid=4e7794ed28862&a_bid=d0b987a9
hxxps://hdattack.com/Registration?&theme=flowplayerregister_darkblue&a_aid=4e7794ed28862&a_bid=72491354&chan=&pubid=&sid=&clickid=&subid=&g=47e2c20850a2d37694681de58a4054d7&
hxxp://www.webtrackerplus.com/?page=flowplayer&a_aid=4e7794ed28862&a_bid=72491354
hxxp://www.webtrackerplus.com/?a_aid=4e7794ed28862&a_bid=d0b987a9
hxxp://ad.xtendmedia.com/clk?3,eJytTUFuwjAQfE1uUWV7U2pk9WDHSYUUQwMpCG6OIQ6BNBE1asvr6wDiBR2tRrOzsxoMjNBohKDaafTyTGBHGY4Q8l4JCIeIMYYRghEdAyFhsygvXMXbmeXZZ6IEH6CS-SLnN9iB1jf9TgeO07E7L-9nMscV.xcI29X3Hj659lpJeX0Sb3HCxSMml81GisN0lZBstb6o4sOpIj2qPa5nhUFZkYP3YNPkP0qa72n--HwNw9q5PgAekNRP3xt3Mocn07V-O.ae9LbqzPnLq1a7rv31IhrCkGodgLTlH1qSYkc=,
hxxp://www.ooopsvideo.com/ps/continue/?pub_id=2284&ce_cid=20ocal0oHo7oRJJQ3SXlqR1v1nCR000.
hxxp://www.ooopsvideo.com/ps/continue?pub_id=2284&ce_cid=20ocal0oHo7oRJJQ3SXlqR1v1nCR000.
hxxp://network.adsmarket.com/click/imNxmY2ff5a3ZG6VXpyplLdhmJWNm6mU?ctype=ctz&dp=RMX_A6233561_P5533403_V15935117_RSheffield_S0_C21208075_B0&dp2=jSbzAMCdOgALnEMBAAAAAMERSQAAAAAAAgAAAAYAAAAAAP8AAAACF9tuVAAAAAAA2R1fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgohYAAAAAAAIAAgAAgD8ALN1GCEABAAAAAAAAADYzYTBjNTA4LWYzMTUtMTFlMi05M2YyLTFjYzFkZTAzOTgyZQAAAAAAAAA=,eJxLjfIqKg1yzMqNCA1Lj0j0z.ZwqYqILPK0TEwuy6.wiDBJ19UFAPDEDJk=&dp3=Uhxxp://ppctrck.com/lp/adfocus/matomy/4/?aa=gb
hxxp://ad.yieldmanager.com/clk?3,eJytTUFuwjAQfE1uUWV7U2pk9WDHSYUUQwMpCG6OIQ6BNBE1asvr6wDiBR2tRrOzsxoMjNBohKDaafTyTGBHGY4Q8l4JCIeIMYYRghEdAyFhsygvXMXbmeXZZ6IEH6CS-SLnN9iB1jf9TgeO07E7L-9nMscV.xcI29X3Hj659lpJeX0Sb3HCxSMml81GisN0lZBstb6o4sOpIj2qPa5nhUFZkYP3YNPkP0qa72n--HwNw9q5PgAekNRP3xt3Mocn07V-O.ae9LbqzPnLq1a7rv31IhrCkGodgLTlH1qSYkc=,
hxxp://ad.xtendmedia.com/clk?3,eJytTUFuwjAQfE1uUWV7U2pk9WDHSYUUQwMpCG6OIQ6BNBE1asvr6wDiBR2tRrOzsxoMjNBohKDaafTyTGBHGY4Q8l4JCIeIMYYRghEdAyFhsygvXMXbmeXZZ6IEH6CS-SLnN9iB1jf9TgeO07E7L-9nMscV.xcI29X3Hj659lpJeX0Sb3HCxSMml81GisN0lZBstb6o4sOpIj2qPa5nhUFZkYP3YNPkP0qa72n--HwNw9q5PgAekNRP3xt3Mocn07V-O.ae9LbqzPnLq1a7rv31IhrCkGodgLTlH1qSYkc=,
hxxp://adfoc.us/679079050323
hxxp://www.ooopsvideo.com/ps/continue/gis.php?g=pub_id%3D2284%26ce_cid%3D20ocal0oHo7oRJJQ3SXlqR1v1nCR000.
hxxp://dlp.xvidupdate.com/p/151/Player_Setup/476/540/3ckfdWzZ
hxxp://ttb.ooopsvideo.com/download/request/51a9b6bf5f1c1ed61f000002/9jBdIk9u?ce_cid=20ocal0oHo7oRJJQ3SXlqR1v1nCR000.&pub_id=2284
hxxp://ad.yieldmanager.com/clk?3,eJytjc1ugzAQhJ-GG6qM7WIi1MMCISKK26RxSM0NTGJ-BUqpquTpa9Q0T9DRavTtaFbrEP9ET.T5TF3CMHEXauE7FCGPugUrPRv5vk-Q42ITeshu9sUNeFi-aUizOglg1pa1Au7SsPxD2HqzhzFL4eP7N8Kr9wb-RYEeKnnnJDF.QUceVCxbhUsIHrUobWWfIHk84M1R3rg4TFzEHa-dWgrpbMS6fm0U5mJ35VHXZrvH5YttV9M0WgQsHJsZRzVdVPukht5s3WgsL8-D-vo01OfT0F8N0LlM4jy3SKSLH8SeYr0=,
hxxp://network.adsmarket.com/click/i2lxnWPKfZmMaXLEXsp6w4lpbppjnH-Vt2hql2bKfZuLamrEZZuCnYti?dp=RMX_A6513880_P6242485_V15935117_RSheffield_S0_C19031573_B0&dp2=jSbzAMCdOgAVZiIBAAAAAP7kTAAAAAAAAgAEAAAAAAAAAP8AAAACF7VAXwAAAAAA2GRjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgohYAAAAAAAIIAgAAgD8A0rdICEABAAAAAAAAAGFjMGRjM2UwLWYzMTUtMTFlMi1iZmJjLTc4ZTNiNTExMzEzMAAAAAAAAAA=,eJxLjfIqKg1yzMqNCA1Lj0j0z.ZwqYqILPK0TEwuy6.wiDBJ19UFAPDEDJk=&dp3=Uhxxp://ppctrck.com/lp/adfocus/matomy/4/?aa=gb
hxxp://ad.yieldmanager.com/clk?3,eJytjc1ugzAQhJ-GG6qM7WIi1MMCISKK26RxSM0NTGJ-BUqpquTpa9Q0T9DRavTtaFbrEP9ET.T5TF3CMHEXauE7FCGPugUrPRv5vk-Q42ITeshu9sUNeFi-aUizOglg1pa1Au7SsPxD2HqzhzFL4eP7N8Kr9wb-RYEeKnnnJDF.QUceVCxbhUsIHrUobWWfIHk84M1R3rg4TFzEHa-dWgrpbMS6fm0U5mJ35VHXZrvH5YttV9M0WgQsHJsZRzVdVPukht5s3WgsL8-D-vo01OfT0F8N0LlM4jy3SKSLH8SeYr0=,
hxxp://content.yieldmanager.edgesuite.net/atoms/98/d0/b7/cf/98d0b7cf045bb33291bbd49d41f13782.gif
hxxp://www.ooopsvideo.com/ps/playerupdate/?pub_id=2284&ce_cid=20ocab3BxacpRaMX3SXlqR1v1nIk000.
hxxp://www.watchfreemovies.ch/images/english-green2-watch-download.png hxxp://a.adorika.net/c/banner_s?tenant=AD&selection=5280&size=120x600&skin=script hxxp://a.adorika.net/c/banner_s?tenant=AD&selection=5280&size=160x600&skin=script hxxp://suddennesses16.veritise.com/chan-9350279/all_p14.html hxxp://systweak.com/registrycleaner/dsnr/?utm_source=dsnr&utm_campaign=dsnr&SourceId=366&CreativeId=5651622&SectionId=411665
hxxp://www.webtrackerplus.com/?a_aid=4e7794ed28862&a_bid=d0b987a9
hxxps://cinaplay.com/Registration?&theme=flowplayerregister_darkblue&a_aid=4e7794ed28862&a_bid=d0b987a9&chan=&pubid=&sid=&clickid=&subid=&g=6bec347f256837d3539ad619bd489de7&
hxxps://vidzstar.com/Registration?&theme=flowplayerregister_darkblue&a_aid=4e7794ed28862&a_bid=d0b987a9&chan=&pubid=&sid=&clickid=&subid=&g=47e2c20850a2d37694681de58a4054d7&
hxxp://www.webtrackerplus.com/?a_aid=4e7794ed28862&a_bid=d0b987a9
hxxps://filmlair.com/Registration?&theme=flowplayerregister_darkblue&a_aid=4e7794ed28862&a_bid=d0b987a9&chan=&pubid=&sid=&clickid=&subid=&g=89302c777b1da7c5ca06e784d2d2c81a&
hxxp://www.webtrackerplus.com/?a_aid=4e7794ed28862&a_bid=d0b987a9
hxxps://hdattack.com/Registration?&theme=flowplayerregister_darkblue&a_aid=4e7794ed28862&a_bid=72491354&chan=&pubid=&sid=&clickid=&subid=&g=47e2c20850a2d37694681de58a4054d7&
hxxp://www.webtrackerplus.com/?page=flowplayer&a_aid=4e7794ed28862&a_bid=72491354
hxxp://www.webtrackerplus.com/?a_aid=4e7794ed28862&a_bid=d0b987a9
hxxp://ad.xtendmedia.com/clk?3,eJytTUFuwjAQfE1uUWV7U2pk9WDHSYUUQwMpCG6OIQ6BNBE1asvr6wDiBR2tRrOzsxoMjNBohKDaafTyTGBHGY4Q8l4JCIeIMYYRghEdAyFhsygvXMXbmeXZZ6IEH6CS-SLnN9iB1jf9TgeO07E7L-9nMscV.xcI29X3Hj659lpJeX0Sb3HCxSMml81GisN0lZBstb6o4sOpIj2qPa5nhUFZkYP3YNPkP0qa72n--HwNw9q5PgAekNRP3xt3Mocn07V-O.ae9LbqzPnLq1a7rv31IhrCkGodgLTlH1qSYkc=,
hxxp://www.ooopsvideo.com/ps/continue/?pub_id=2284&ce_cid=20ocal0oHo7oRJJQ3SXlqR1v1nCR000.
hxxp://www.ooopsvideo.com/ps/continue?pub_id=2284&ce_cid=20ocal0oHo7oRJJQ3SXlqR1v1nCR000.
hxxp://network.adsmarket.com/click/imNxmY2ff5a3ZG6VXpyplLdhmJWNm6mU?ctype=ctz&dp=RMX_A6233561_P5533403_V15935117_RSheffield_S0_C21208075_B0&dp2=jSbzAMCdOgALnEMBAAAAAMERSQAAAAAAAgAAAAYAAAAAAP8AAAACF9tuVAAAAAAA2R1fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgohYAAAAAAAIAAgAAgD8ALN1GCEABAAAAAAAAADYzYTBjNTA4LWYzMTUtMTFlMi05M2YyLTFjYzFkZTAzOTgyZQAAAAAAAAA=,eJxLjfIqKg1yzMqNCA1Lj0j0z.ZwqYqILPK0TEwuy6.wiDBJ19UFAPDEDJk=&dp3=Uhxxp://ppctrck.com/lp/adfocus/matomy/4/?aa=gb
hxxp://ad.yieldmanager.com/clk?3,eJytTUFuwjAQfE1uUWV7U2pk9WDHSYUUQwMpCG6OIQ6BNBE1asvr6wDiBR2tRrOzsxoMjNBohKDaafTyTGBHGY4Q8l4JCIeIMYYRghEdAyFhsygvXMXbmeXZZ6IEH6CS-SLnN9iB1jf9TgeO07E7L-9nMscV.xcI29X3Hj659lpJeX0Sb3HCxSMml81GisN0lZBstb6o4sOpIj2qPa5nhUFZkYP3YNPkP0qa72n--HwNw9q5PgAekNRP3xt3Mocn07V-O.ae9LbqzPnLq1a7rv31IhrCkGodgLTlH1qSYkc=,
hxxp://ad.xtendmedia.com/clk?3,eJytTUFuwjAQfE1uUWV7U2pk9WDHSYUUQwMpCG6OIQ6BNBE1asvr6wDiBR2tRrOzsxoMjNBohKDaafTyTGBHGY4Q8l4JCIeIMYYRghEdAyFhsygvXMXbmeXZZ6IEH6CS-SLnN9iB1jf9TgeO07E7L-9nMscV.xcI29X3Hj659lpJeX0Sb3HCxSMml81GisN0lZBstb6o4sOpIj2qPa5nhUFZkYP3YNPkP0qa72n--HwNw9q5PgAekNRP3xt3Mocn07V-O.ae9LbqzPnLq1a7rv31IhrCkGodgLTlH1qSYkc=,
hxxp://adfoc.us/679079050323
hxxp://www.ooopsvideo.com/ps/continue/gis.php?g=pub_id%3D2284%26ce_cid%3D20ocal0oHo7oRJJQ3SXlqR1v1nCR000.
hxxp://dlp.xvidupdate.com/p/151/Player_Setup/476/540/3ckfdWzZ
hxxp://ttb.ooopsvideo.com/download/request/51a9b6bf5f1c1ed61f000002/9jBdIk9u?ce_cid=20ocal0oHo7oRJJQ3SXlqR1v1nCR000.&pub_id=2284
hxxp://ad.yieldmanager.com/clk?3,eJytjc1ugzAQhJ-GG6qM7WIi1MMCISKK26RxSM0NTGJ-BUqpquTpa9Q0T9DRavTtaFbrEP9ET.T5TF3CMHEXauE7FCGPugUrPRv5vk-Q42ITeshu9sUNeFi-aUizOglg1pa1Au7SsPxD2HqzhzFL4eP7N8Kr9wb-RYEeKnnnJDF.QUceVCxbhUsIHrUobWWfIHk84M1R3rg4TFzEHa-dWgrpbMS6fm0U5mJ35VHXZrvH5YttV9M0WgQsHJsZRzVdVPukht5s3WgsL8-D-vo01OfT0F8N0LlM4jy3SKSLH8SeYr0=,
hxxp://network.adsmarket.com/click/i2lxnWPKfZmMaXLEXsp6w4lpbppjnH-Vt2hql2bKfZuLamrEZZuCnYti?dp=RMX_A6513880_P6242485_V15935117_RSheffield_S0_C19031573_B0&dp2=jSbzAMCdOgAVZiIBAAAAAP7kTAAAAAAAAgAEAAAAAAAAAP8AAAACF7VAXwAAAAAA2GRjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgohYAAAAAAAIIAgAAgD8A0rdICEABAAAAAAAAAGFjMGRjM2UwLWYzMTUtMTFlMi1iZmJjLTc4ZTNiNTExMzEzMAAAAAAAAAA=,eJxLjfIqKg1yzMqNCA1Lj0j0z.ZwqYqILPK0TEwuy6.wiDBJ19UFAPDEDJk=&dp3=Uhxxp://ppctrck.com/lp/adfocus/matomy/4/?aa=gb
hxxp://ad.yieldmanager.com/clk?3,eJytjc1ugzAQhJ-GG6qM7WIi1MMCISKK26RxSM0NTGJ-BUqpquTpa9Q0T9DRavTtaFbrEP9ET.T5TF3CMHEXauE7FCGPugUrPRv5vk-Q42ITeshu9sUNeFi-aUizOglg1pa1Au7SsPxD2HqzhzFL4eP7N8Kr9wb-RYEeKnnnJDF.QUceVCxbhUsIHrUobWWfIHk84M1R3rg4TFzEHa-dWgrpbMS6fm0U5mJ35VHXZrvH5YttV9M0WgQsHJsZRzVdVPukht5s3WgsL8-D-vo01OfT0F8N0LlM4jy3SKSLH8SeYr0=,
hxxp://content.yieldmanager.edgesuite.net/atoms/98/d0/b7/cf/98d0b7cf045bb33291bbd49d41f13782.gif
hxxp://www.ooopsvideo.com/ps/playerupdate/?pub_id=2284&ce_cid=20ocab3BxacpRaMX3SXlqR1v1nIk000.
hxxp://www.watchfreemovies.ch/images/english-green2-watch-download.png hxxp://a.adorika.net/c/banner_s?tenant=AD&selection=5280&size=120x600&skin=script hxxp://a.adorika.net/c/banner_s?tenant=AD&selection=5280&size=160x600&skin=script hxxp://suddennesses16.veritise.com/chan-9350279/all_p14.html hxxp://systweak.com/registrycleaner/dsnr/?utm_source=dsnr&utm_campaign=dsnr&SourceId=366&CreativeId=5651622&SectionId=411665
Friday, 12 July 2013
SysTweak: Misleading marketing via Speedtest.net
Had my lines upgraded to Fibre recently, and did a couple of speed tests on speedtest.net. Disappointingly, it seems speedtest.net are allowing misleading adverts such as the following;
These lead to;
hxxp://www.systweak.com/registryCleaner/newst/1/?xat=RC1;GB;L;1
Which leads to; hxxp://sr.systweak.com/speedtest/rcp/?x-at=RC1;GB;L;1 -> hxxp://sr.systweak.com/speedtest/rcp/rcpsetup/rcpsetupst_RC1_GB_L_1.exe
In this case, the advert is flash, and comes from;
hxxp://ads.ookla.com/www/delivery/ck.php?oaparams=2__bannerid=9314__zoneid=42__cb=26d3e6fd47__oadest=http%3A%2F%2Fwww.systweak.com%2FregistryCleaner%2Fnewst%2F1%2F%3Fxat%3DRC1%3BGB%3BL%3B1
hpHosts users won't see this advert as ads.ookla.com is already blocked by the hpHosts HOSTS file.
These lead to;
hxxp://www.systweak.com/registryCleaner/newst/1/?xat=RC1;GB;L;1
Which leads to; hxxp://sr.systweak.com/speedtest/rcp/?x-at=RC1;GB;L;1 -> hxxp://sr.systweak.com/speedtest/rcp/rcpsetup/rcpsetupst_RC1_GB_L_1.exe
In this case, the advert is flash, and comes from;
hxxp://ads.ookla.com/www/delivery/ck.php?oaparams=2__bannerid=9314__zoneid=42__cb=26d3e6fd47__oadest=http%3A%2F%2Fwww.systweak.com%2FregistryCleaner%2Fnewst%2F1%2F%3Fxat%3DRC1%3BGB%3BL%3B1
hpHosts users won't see this advert as ads.ookla.com is already blocked by the hpHosts HOSTS file.
Subscribe to:
Posts (Atom)
Posts
