RE: *SPAM* More info on malware-scan.com ads on newspaper Web sites

[rms () computerbytesman com]

Yep, looks like the same sleazebags.  Any idea what the ad networks are
doing about this problem?

Richard

> I reported on something similar at Ynetnews (see
> http://blogs.pcmag.com/securitywatch/2007/11/and_suddenly_some_strange_site.php)
> about a week ago. I wonder if it's the same ad network.
>
> The Ynet attacks persist. They knew about it probably at least 10 days ago
> and I saw it again yesterday, this time in Firefox.
>
> Larry Seltzer
> eWEEK.com Security Center Editor
> http://security.eweek.com/
> http://blogs.pcmag.com/securitywatch/
> Contributing Editor, PC Magazine
> larry.seltzer () ziffdavisenterprise com
>
> --------------------------------------------------------------------------------
> From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
> Behalf Of rms () computerbytesman com
> Sent: Saturday, November 10, 2007 6:38 PM
> To: funsec () linuxbox org
> Subject: *SPAM* [funsec] More info on malware-scan.com ads on newspaper
> Web sites
>
>
> Holy sh**.
>
> Richard
>
>
> http://www.azstarnet.com/business/209714
>
> Maliciously coded online ad caused Star's Web site problems
>
> By Jack Gillum
>
> ARIZONA DAILY STAR
>
> Tucson, Arizona | Published: 11.03.2007
>
> advertisement
>
>
>
> A maliciously coded online advertisement was responsible for causing
> problems for Tucson Newspapers' Web sites this week, the company said
> Friday.
>
>
>
> The ads, which the company said were purchased with a fraudulent
> credit-card number, directed some Web visitors to sites that could have
> installed harmful software, or "malware."
>
>
>
> The problem was reported Wednesday by the Pima County Department of
> Environmental Quality, which advised its employees not to visit the
> Arizona Daily Star Web site over computer-safety concerns. When their
> employees visited the Star's site, anti-virus software alerted them of
> trouble.
>
>
>
> The fraudulent ad purchase was discovered Wednesday and the ad was removed
> Thursday, said Susan Hardin, director of online for Tucson Newspapers,
> which is jointly owned by the Arizona Daily Star and Tucson Citizen
> newspapers.
>
>
>
> Hardin said the ads in question were bought by a company called ForceUp,
> which could not be reached for comment because a phone number for the
> company at an Idaho area code was disconnected, and an e-mail contact form
> was inaccessible.
>
>
>
> Affected users were redirected to a different site and then presented with
> fake virus-scanning software that was itself malicious software.
>
>
>
> Hardin recommends that users block access to malwarealarm.com,
> newbieadguide.com, and malware-scan.com, and delete infected files from a
> computer's PC and Windows registry.
>
>
>
> Tucson Newspapers previously said that some video advertisements may have
> been the problem. But as of Friday, the company narrowed down the problem
> to the suspect ads, which Hardin said were up in the morning hours for the
> last 10 to 18 days.
>
>
>
> "This hasn't happened before, and our people reacted very quickly," said
> Tucson Newspapers President and CEO Mike Jameson. "We'll just have to be
> more vigilant in the future about these things."
>
>
>
> The ad, Tucson Newspapers said, circulated to other newspaper sites across
> the country.
>
>
>
> ● Contact reporter Jack Gillum at 573-4178 or at jgillum () azstarnet com.
>
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.