Trojan Horse Warning for Ad Networks
A friend has informed me of a trojan horse making its rounds via ad networks currently. We've nicknamed it "Proffy" as the domain name that loads the ad is proffy209.com.
It's a very large buy that has been seen running on several mid-size ad network and through seedcorn. Loading the ad in a new window causes the browser to immediately close and windows registry becomes infected imediately with adware/spyware.
This tag http://c5.zedo.com/jsc/c5/ff2.html?n=377;c=81;s=36;d=22;w=800;h=600 has rotated out the following - http://proffy209.com/adv/096/new.php. DO NOT LOAD THIS LINK. Another link is http://redirect.msupdate.net/pops/seedcorn01xp.html. Again DO NOT LOAD THIS LINK.
The domain is registerd to:
Boris D Gorbunov boris@bo.ca +7.49800872092
Boris D Gorbunov
Proletarskaya 3-10
Nijnoy Novgorod,Nijniy Novgorod,RUSSIAN FEDERATION 180092
DNS is game4all.biz
Registrar is Onlinenic, so if you have contacts with them, let them know.
Ad networks and sites, be careful of this one; check your third-party hosted tags for new buys especially if you might be rotating in any of the above.
Right Media has built a tool that can virus check third-party creatives and look for ActiveX and other badness. We found this one pretty close to zero-hour, but it took us until around 5 PM to get to the right person at Zedo so they could have this shut down (we deactivated this tag on our network much earlier in the day). We'd love to get this tool used more broadly, and to form some kind of coalition to help get to the root of these problems.
Thoughts on what the process should be? Should there be a central web site that people can post issues to and have them investigated? We'd contribute a resource to help pursue the investigations.
Posted by: Brian O'Kelley | July 26, 2006 at 10:16 PM
we just heard about this yesterday and stopped all the campaigns.. We purchased AX traffic, for 3 different clients, we use the msupdate domain for our redirect because it is our soon to be music site that has the most bandwidth. We ourselves are brokers, and work with 3 different networks that has had this problem. My initial thought was stop wotking with companies that serve or sell ax...there are very few downloads, ax, bundles anything that are just pleasant little application that assist the user with their web searches, contextual searches...bottom line the download industry is crazy, filled with crazy people that are making a killing off of the ignorance of the typical internet user.
Even Warner Brothers, gives kids free downloads of Xango, which in the t's and c's says straight up we will serve adult advertisements. Anyone that knows downloads knows that you can get from .5 cents to a quarter for a xengo download (if you get more let me know...) none the less...there are a ton of programs that allow complete protection from these things, theree are tools you can use to stop things from happening from your computers...and truth is, um...we wouldn't be having any of these discussions if you weren't able to protect yourself.
Education is the best way to protect your visitors, your publishers visitors and yourself. It's marketing 101, if your business model is to be legit, then you will be...If you run email, 100% opt in, you will still be called a spammer... if you run a site that has pop up ads, people will still complain about them and continued...if you have downloads you are going to be considered spyware. Its funny that companies that claim to protect and assist in the fight against pops, spam and adware/spyware use programs that because they are used for the powers of good...they arent considered a threat. Please someone show me a contextual network where they just told the user.. not in the terms and conditions where we know they didnt read, but straight up...
PLEASE DOWNLOAD THIS PROGRAM, IT WILL SERVE YOU POP UP ADVERTISEMENTS WHEN YOU DO A SEARCH FOR CERTAIN KEYWORDS OR IT WILL REPLACE THE TYPICAL RESULTS YOU MIGHT GET FROM THE SEARCH ENGINE WITH THE RESULTS WE CHOOSE TO GIVE YOU BECAUSE WE GET PAID PER CLICK ON THOSE LINKS.
Not going to happen...there are already a ton of forums which act as a "central" location which tells about all the threats and what not., there are sites galore that even give you the sources and all about them, from as far back as 96. I love what you guys are doing, I have reccomended to a lot of people to check out Yield Manager its a great resource...you've got a great tool...but this is about communication..and as you said in your comment..you have to talk to the right person to stop the campaign..should have called us up, so we could stop it since it was our link being distributed.
Questions? Comments? the coffee's always on..let's talk.
Posted by: Robert Ser | July 27, 2006 at 02:10 PM
I've spoken with other ad networks and occasionally they will load up a new advertisers creative on a Friday (hosted by the advertiser), then come Saturday they switch the content to whatever they like. Hoping it won't be removed until the next Monday. It's really shady and unfortunate that this happens to some of the large display networks with huge distribution.
Posted by: AdVolcano | June 15, 2007 at 08:02 PM
Please can someone permanent ban(banned) this URL? ill think its the "trojandownloader.xs" file! I have "opt out" frp, zedos networks but it still poping up in my windowns :S plz help!
Posted by: Martin | December 17, 2008 at 02:17 AM