RE: [Repeater-Builder] Re: Trojan Horse - Banner Ads

Mon, 12 Apr 2010 15:44:29 -0700 


Avira simply stripped the script and logged onto the page no problem 
 however there does appear to be some advertising based rubbish which needs 
removal 
To: [email protected]
From: [email protected]
Date: Mon, 12 Apr 2010 16:18:58 +0000
Subject: [Repeater-Builder] Re: Trojan Horse - Banner Ads


















 



  


    
      
      
      Re: Trojan Horse - Banner Ads 



One of the more creative invasions I've seen (and unfortunately) 

experienced as of late are related to banner ads on web sites. 



Site operators are sometimes compensated (paid) to place 

advertisement and information tracking script/code into web 

pages. The Ads are sourced from another web site/source and 

the ad web server is actually the hijacked site. Might not 

be in this specific case but I've seen a lot more recent 

remote web site compromises. 



Bad people embed code into the hijacked Ad web server and 

your computer (thinking it sees only an image) saves the entire 

code/script into your browsers cache, which can and often does 

get executed during a file cache recall. 



One of the most interesting sidebars to this latest round of 

trouble is the advertisements where I received the last two 

banner ad alert warnings... the displayed advertisement was 

for Kaspersky Anti Virus. 



So the bad people not only have malicious intent, they might  

have a sense of humor unless you speculate an Anti-virus 

company might be trying to self generate a little business? 



Nahhh.... 



cheers, 

s.  



> "Doug Bade" <k...@...> wrote:

>

> Avast went RED here too.. I have never seen it do that. Blocked a Trojan on

> connect.. dropped the site. not from google search.. direct from the

> hyperlink Jim posted.I would say it is real..

> 

>  

> 

> Doug

> 

>  

> 

>  

> 

>  

> 

> From: [email protected]

> [mailto:[email protected]] On Behalf Of James Cicirello

> Sent: Monday, April 12, 2010 11:52 AM

> To: [email protected]

> Subject: [Repeater-Builder] Trojan Horse

> 

>  

> 

>   

> 

> Kevin and moderators.

> I have been reading about problems getting onto repeater-builder.com. This

> morning my Avast flagged the site with the following.

> Malware, JS:llredir.AO tr   TROGAN HORSE VPS Verision 100412-0,  4/12/2010.

> You probably already have the info. but wanted to make sure.

> KA2AJH  

> 

> -- 

> Jim Cicirello

> 181 Stevens Street

> Wellsville, N.Y. 14895

> (585)593-4655

>






    
     

    
    






                                          
_________________________________________________________________
Browse profiles for FREE! Meet local singles online.
http://clk.atdmt.com/NMN/go/150855801/direct/01/

Reply via email to