Pat, thanks for your comments. I do want to point out that this was a false alarm, triggered in one of my monitoring systems. The threat was analyzed and no real compromise was found. Please disregard my previous comment and accept my apologies.
But the scenario is , nonetheless, scary. BL On Mon, Mar 17, 2008 at 5:57 PM, Pat <[EMAIL PROTECTED]> wrote: > *.adrevolver.com is part of the BlueLithium network, which is "a premier > behavioral targeting ad network" which was acquired by Yahoo in mid-2007 - I > wouldn't say "malware" or use the word "attack" (especially considering it's > now a sister company), however unethical or intrusive this sort of thing may > be... > > This is almost like the Omniture debacle a couple of months ago > (http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-01/msg00202.html, > among many others dating back to 2002/03) which is used for user-tracking in > and around certain sites to check page hits, time spent between clicks, > referring servers, etc. > > If this is upsetting you on a personal level, maybe you should try some of > the workarounds, including the ad-blocking extensions in Firefox, or > host-file modifications on Windows systems...? > > > > On 18/03/2008, Blatant Lier <[EMAIL PROTECTED]> wrote: > > > > > > > > On Wed, Mar 12, 2008 at 7:51 AM, Dancho Danchev > > <[EMAIL PROTECTED]> wrote: > > > > > > lib.ncsu.edu; fulldownloads.us; cso.ie; dblife.cs.wisc.edu; > > > www-history.mcs.st-andrews.ac.uk; ehawaii.gov; timeanddate.com; > > > boisestate.edu; aoa.gov; gustavus.edu; archive.org; > > > gsbapps.stanford.edu; bushtorrent.com; ccie.com; uvm.edu; thehipp.org; > > > mnsu.edu; camajorityreport.com; medicare.gov; usamriid.army.mil > > > > > > > http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html > > > > > > > It would look as if yahoo.com is serving malware. I got this little > fellow: > > > > http://media.adrevolver.com/{---remove > > this---}adrevolver/trace?sip=103&cpy=1205797527644342&bt=AAAEEIGsMo0L > > [note that the link has been purposefully broken with "{---remove > this---}"] > > > > while hitting yahoo at 4:45pm EDT. As of this time it is still there. > > > > Considering that yahoo.com is one of the top destination these days, I > > believe we can expect this attack to be fairly successful. > > > > BL > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
