RE: *SPAM* More info on malware-scan.com ads on newspaper Web sites

["Larry Seltzer" <Larry () larryseltzer com>]

I reported on something similar at Ynetnews (see 
http://blogs.pcmag.com/securitywatch/2007/11/and_suddenly_some_strange_site.php) about a week ago. I wonder if it's the 
same ad network.

The Ynet attacks persist. They knew about it probably at least 10 days ago and I saw it again yesterday, this time in 
Firefox. 
 
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com

--------------------------------------------------------------------------------
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of rms () computerbytesman com
Sent: Saturday, November 10, 2007 6:38 PM
To: funsec () linuxbox org
Subject: *SPAM* [funsec] More info on malware-scan.com ads on newspaper Web sites


Holy sh**.

Richard


http://www.azstarnet.com/business/209714

Maliciously coded online ad caused Star's Web site problems

By Jack Gillum

ARIZONA DAILY STAR

Tucson, Arizona | Published: 11.03.2007

advertisement



A maliciously coded online advertisement was responsible for causing problems for Tucson Newspapers' Web sites this 
week, the company said Friday.

 

The ads, which the company said were purchased with a fraudulent credit-card number, directed some Web visitors to 
sites that could have installed harmful software, or "malware."

 

The problem was reported Wednesday by the Pima County Department of Environmental Quality, which advised its employees 
not to visit the Arizona Daily Star Web site over computer-safety concerns. When their employees visited the Star's 
site, anti-virus software alerted them of trouble.

 

The fraudulent ad purchase was discovered Wednesday and the ad was removed Thursday, said Susan Hardin, director of 
online for Tucson Newspapers, which is jointly owned by the Arizona Daily Star and Tucson Citizen newspapers.

 

Hardin said the ads in question were bought by a company called ForceUp, which could not be reached for comment because 
a phone number for the company at an Idaho area code was disconnected, and an e-mail contact form was inaccessible.

 

Affected users were redirected to a different site and then presented with fake virus-scanning software that was itself 
malicious software.

 

Hardin recommends that users block access to malwarealarm.com, newbieadguide.com, and malware-scan.com, and delete 
infected files from a computer's PC and Windows registry.

 

Tucson Newspapers previously said that some video advertisements may have been the problem. But as of Friday, the 
company narrowed down the problem to the suspect ads, which Hardin said were up in the morning hours for the last 10 to 
18 days.

 

"This hasn't happened before, and our people reacted very quickly," said Tucson Newspapers President and CEO Mike 
Jameson. "We'll just have to be more vigilant in the future about these things."

 

The ad, Tucson Newspapers said, circulated to other newspaper sites across the country.

 

● Contact reporter Jack Gillum at 573-4178 or at jgillum () azstarnet com.

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.