(resending without the "*SPAM*" that I think my spamassassin put into the subject line.)
Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] -----Original Message----- From: Larry Seltzer Sent: Sunday, November 11, 2007 7:59 AM To: '[EMAIL PROTECTED]'; [email protected] Subject: RE: *SPAM* [funsec] More info on malware-scan.com ads on newspaper Web sites You mentioned the Herald. There was a malware ad on them? I don't see a reference Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, November 10, 2007 8:44 PM To: [email protected] Subject: RE: *SPAM* [funsec] More info on malware-scan.com ads on newspaper Web sites At the Boston Herald, the Russian malware ad seemed to come from a Flash ad which was originated from advertising.com, an ad network, and not the Herald themselves. I will be checking with advertising.com to see what they know. Richard > I'm not sure why the ad networks would need to do anything. You'd > think, OTOH, that publishers like YNet would drop ads that included > the redirects, especially since they're taking the user away from the > publication. At this point I blame Ynet more than the ad network. It's > sort of like the womany who refuses to leave the husband who's beating > her. > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > [EMAIL PROTECTED] > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of [EMAIL PROTECTED] > Sent: Saturday, November 10, 2007 8:09 PM > To: [email protected] > Subject: RE: *SPAM* [funsec] More info on malware-scan.com ads on > newspaper Web sites > > Yep, looks like the same sleazebags. Any idea what the ad networks > are doing about this problem? > > Richard > >> I reported on something similar at Ynetnews (see >> http://blogs.pcmag.com/securitywatch/2007/11/and_suddenly_some_strang >> e >> _site.php) about a week ago. I wonder if it's the same ad network. >> >> The Ynet attacks persist. They knew about it probably at least 10 >> days ago and I saw it again yesterday, this time in Firefox. >> >> Larry Seltzer >> eWEEK.com Security Center Editor >> http://security.eweek.com/ >> http://blogs.pcmag.com/securitywatch/ >> Contributing Editor, PC Magazine >> [EMAIL PROTECTED] >> >> --------------------------------------------------------------------- >> - >> ---------- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] >> On Behalf Of [EMAIL PROTECTED] >> Sent: Saturday, November 10, 2007 6:38 PM >> To: [email protected] >> Subject: *SPAM* [funsec] More info on malware-scan.com ads on >> newspaper Web sites >> >> >> Holy sh**. >> >> Richard >> >> >> http://www.azstarnet.com/business/209714 >> >> Maliciously coded online ad caused Star's Web site problems >> >> By Jack Gillum >> >> ARIZONA DAILY STAR >> >> Tucson, Arizona | Published: 11.03.2007 >> >> advertisement >> >> >> >> A maliciously coded online advertisement was responsible for causing >> problems for Tucson Newspapers' Web sites this week, the company said >> Friday. >> >> >> >> The ads, which the company said were purchased with a fraudulent >> credit-card number, directed some Web visitors to sites that could >> have installed harmful software, or "malware." >> >> >> >> The problem was reported Wednesday by the Pima County Department of >> Environmental Quality, which advised its employees not to visit the >> Arizona Daily Star Web site over computer-safety concerns. When their >> employees visited the Star's site, anti-virus software alerted them >> of trouble. >> >> >> >> The fraudulent ad purchase was discovered Wednesday and the ad was >> removed Thursday, said Susan Hardin, director of online for Tucson >> Newspapers, which is jointly owned by the Arizona Daily Star and >> Tucson Citizen newspapers. >> >> >> >> Hardin said the ads in question were bought by a company called >> ForceUp, which could not be reached for comment because a phone >> number for the company at an Idaho area code was disconnected, and an >> e-mail contact form was inaccessible. >> >> >> >> Affected users were redirected to a different site and then presented >> with fake virus-scanning software that was itself malicious software. >> >> >> >> Hardin recommends that users block access to malwarealarm.com, >> newbieadguide.com, and malware-scan.com, and delete infected files >> from a computer's PC and Windows registry. >> >> >> >> Tucson Newspapers previously said that some video advertisements may >> have been the problem. But as of Friday, the company narrowed down >> the problem to the suspect ads, which Hardin said were up in the >> morning hours for the last 10 to 18 days. >> >> >> >> "This hasn't happened before, and our people reacted very quickly," >> said Tucson Newspapers President and CEO Mike Jameson. "We'll just >> have to be more vigilant in the future about these things." >> >> >> >> The ad, Tucson Newspapers said, circulated to other newspaper sites >> across the country. >> >> >> >> â- Contact reporter Jack Gillum at 573-4178 or at >> [EMAIL PROTECTED] >> >> >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. >> > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
