[en] How ads can sucks…

Today, i see this advertising on my website – opened in a new tab :

 

yeah a fake plugin error at http://pageerror-download.com/error.php?campaignid=7557476&czid=YXZhenU3NTU3NDc2MQ==&subid=ams1CMTN39Cmv7yfUBACGOvk97W0lJDcCyIOODIuMTIzLjIyNC4yMjcoAQ..&pubid=146151 that piss me off !

With it, a flvmplayer.exe to download :

yeah an other PUPs with probably Babylon, Claro, SweetIM, Wajam or anothers parasite program, i didnt check it.

https://www.virustotal.com/file/41d16c39c715a29f31f353c5f73ef69b1b8ded8c87f356b48b066ed5309646ce/analysis/

SHA256: 41d16c39c715a29f31f353c5f73ef69b1b8ded8c87f356b48b066ed5309646ce
File name: flvmplayer.exe
Detection ratio: 16 / 45
Analysis date: 2012-12-10 16:07:30 UTC ( 34 minutes ago )

AhnLab-V3 ASD.Prevention 20121210
AntiVir APPL/Solimba.Gen 20121210
Avast NSIS:Solimba-B [PUP] 20121210
BitDefender Gen:Variant.Adware.Solimba.1 20121210
DrWeb Tool.DownLoader.46 20121210
ESET-NOD32 MSIL/Solimba 20121210
Fortinet Adware/Fam.NB 20121210
GData Gen:Variant.Adware.Solimba.1 20121210
Kingsoft Win32.Troj.Generic.a.(kcloud) 20121210
Malwarebytes PUP.BundleInstaller.SOL 20121210
McAfee Artemis!C8DB175248F4 20121210
McAfee-GW-Edition Artemis!C8DB175248F4 20121210
SUPERAntiSpyware Trojan.Agent/Gen-Solimba 20121210
Symantec Trojan.ADH.2 20121210
TrendMicro-HouseCall TROJ_GEN.F47V1129 20121210

 

When i see this fake plugins error, that reminds me of the fake scanning page for scarewares, we got in the past, between 2006/2010 : http://forum.malekal.com/rogues-alertes-securite-t7139.html

Fake scanning page

What is the difference ? for me, none.
But now, thoses social engineering attacks are permanent because thoses ads are in the legitim ads network.
Ha yes maybe a difference, at the end, in a side, we have a fake antivirus and in other side, we got a « legitim » company that take the works of others people (i think of free software) or dev a shitty programs to have a pretext to bundle PUPs.
Most of them change web Browser settings and do Web tracking. In 2000, the programs doing Web Tracking, we called them spywares, now it’s normal (thanks to Google and others).

Some other examples – Fake VLC Plugins : http://forum.malekal.com/vlc-plugin-offerbox-hotbar-shopperreports-clickpotato-t29633.html

fake VLC Plugins

Fake Download button (with a countdown or « Premiums Download » – yeah ads attempts to impersonate One-click hosting) :
NB : Télécharger means download in french.

without advertising we got this, the real button is in the red circle :

Other with fake Captcha :

 

 

I don’t speak about the search results on some internet search, for example, Bing that advert for free program… but you have to send a SMS to finish the installation.
Or Big Download website like 01net/telecharger.com or Softonic that bundle every programs with Babylon or other Toolbar.
Search for a programs or the name of a filename in Google, you can’t miss thoses shits.

Those who were seen as abusing in the past will be the normal in the futur.
In the french malwares removal forums, now, 40/50% of the topics are for PUPs shits.

 

 

Having a computer website with ads and no ads for PUPs is nearly mission impossible.
When i see all these shits, my question is how i can’t advise people to install Adblock ?

In the end, it’s the advertising ecosystem that you kill slowly…

EDIT

Two others advertisings with a fake update messages.

Pub_fake_Flash_update Pub_fake_Flash_update2

Thoses advertising leads to softingo.com.
VLC Media Player is offering, but of course, with many PUPs (Somoto Repack).

Pub_fake_Flash_update4

Pub_fake_Flash_update3 Two others ones :

Ads_Fake_Codec Ads_Fake_Codec2

EDIT January 6

yeah and today a fake detection to offert to install AVG with a phone scam.
old malicious trick, now in ads !

adf_Fake_detection adf_Fake_detection2 adf_Fake_detection3When you click on the form, you can a new popup for iminent shit :

adf_Fake_detection4

EDIT Mars 1

From a Warez WebSite, an Ads popup from www.adcash.com :

allmplayerupdates_fakeflashplayer allmplayerupdates_fakeflashplayer2

allmplayerupdates_fakeflashplayer3
At the end, multi-bunddled programs and NO Flash update – What a scam!

allmplayerupdates_fakeflashplayer4 allmplayerupdates_fakeflashplayer5 allmplayerupdates_fakeflashplayer6 allmplayerupdates_fakeflashplayer7

http://www.adcash.com/script/pop_packcpm.php?k=513068404ce46183842.837536&h=7ca45f71a7cf77a7d277502e5e2d899313825263&m=1&id=0&ban=183842&r=29405&ref=h&data=&subid=
http://www.allmplayerudpates.com/flashplayer/update/?ClickID=13838517451362127786&PubID=29405
http://www.allmplayerudpates.com/flashplayer/update/style.css
http://www.allmplayerudpates.com/flashplayer/update/gis.php?g=ClickID%3D13838517451362127786%26PubID%3D29405
http://cp.tuguu.com/pasarela/affp/879/ClickID=13838517451362127786&PubID=29405&__tc=1362127787.17
http://cp.tuguu.com/pasarela/download.php?p=879&_so=1&_bw=2&_sv=6.1&_bv=3.6&_ip=1383851745&_cc=FR&asdd=1&_qs=ClickID%3D13838517451362127786%26PubID%3D29405%26__tc%3D1362127787.17
http://cp.allmplayerudpates.com/pasarela/doma/dls.nicdls.com/p/151/FlashPlayer/329/439/879.42.117.00bf330c
http://dls.nicdls.com/p/151/FlashPlayer/329/439/V.12530444b

allmplayerupdates_fakeflashplayer8

The detection : https://www.virustotal.com/fr/file/19e3e5319e65ef5aeb97fadfe079edaa3533db4ca051f5e11b5bbbf9ea7990a6/analysis/

SHA256: 19e3e5319e65ef5aeb97fadfe079edaa3533db4ca051f5e11b5bbbf9ea7990a6
Nom du fichier : fc00ca4bdd7028a7d289e362b7b63545
Ratio de détection : 5 / 46
Date d’analyse : 2013-03-01 08:54:01 UTC (il y a 12 minutes)

Avast MSIL:DomaIQ-C [PUP] 20130301
AVG Suspicion: unknown virus 20130301
DrWeb Adware.Downware.928 20130301
ESET-NOD32 a variant of Win32/DomaIQ.A 20130301
Ikarus Win32.DomaIQ 20130226

allmplayerupdates_fakeflashplayer9

Adcash removed the ads :

allmplayerupdates_fakeflashplayer_adcash

EDIT – April 11

The first fake alert.
The advertising say  » A Spyware has been found in your system – repair now »

Fake_alert_systweak

and then Windows Registry Scanner from Systweak. Fake_alert_systweak2

EDIT – May 28

Java impersonate

http://ad.zanox.com/ppc/?22458556C164779945T
http://install.software-updates.co/get/click/3d9427df/?filename=Setup&sid=g-1-fr&uid=976ddd6a3054bf12d386c8bcf0a1459c

or

http://ad.directrev.com/RealMedia/ads/adstream_sx.ads/S0000823/155446802245616424@x10
http://206trk.info/mouse/jj1sjw5p/?c1=S0000823&c2=g-1-fr
http://t01.192trk.info/redirect?link_id=128&c1=S0000823&creative=g-1-fr
http://install.software-updates.co/

Java_Impersonate Java_Impersonate2 Java_Impersonate3

EDIT September 5

http://clikv.com/go.php?c=71&l=126&subid=273575399&o=1
http://jvupgrade.com/fr/java.php?dv1=4273859488 ( 8.36.41.104)
http://flv.hs4dmr.com/aff_c?offer_id=44&aff_id=1002&url_id=76&aff_sub=2036011889
http://flv.hs1dmr.com/aff_c?offer_id=44&aff_id=1002&url_id=76&aff_sub=2036011889
http://dl.down324.com/n/8326f16e-dd66-11e2-a752-00259033c1da/Setup.exe?tid=1027e296d4b85e5d2822866db2c951 (95.211.134.97)
http://dl.down324.com/n/3.0.19.2/9107993/Setup.exe?tid=1027e296d4b85e5d2822866db2c951

  Domain Name: JVUPGRADE.COM
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com
   Name Server: DNS1.REGISTRAR-SERVERS.COM
   Name Server: DNS2.REGISTRAR-SERVERS.COM
   Name Server: DNS3.REGISTRAR-SERVERS.COM
   Name Server: DNS4.REGISTRAR-SERVERS.COM
   Name Server: DNS5.REGISTRAR-SERVERS.COM
   Status: clientTransferProhibited
   Updated Date: 23-aug-2013
   Creation Date: 23-aug-2013
   Expiration Date: 23-aug-2014

jvupgrade_fake_java_update

jvupgrade_fake_java_update2

EDIT – Janvier 4

Fake alert ADS on mobile : http://www.malekal.com/2014/01/04/publicites-pourries-sur-tablettesmobile/

Screenshot_2013-12-24-16-06-32

Comment lire d'autres tutoriels de malekal.com ?

Si le site vous a aidé, svp, débloquez les bloqueurs de publicités, n'hésitez pas non plus à partager l'article ou le site sur les réseaux sociaux.

Pour pouvoir lire plus d'articles et tutoriels, utilisez le menu en haut du site. Plein d'articles et tutos utiles vous attendent !

Besoin d'aide ?

Posez votre question ou soumettez votre problème sur le forum malekal.com pour obtenir une aide efficace : Aller sur le forum malekal.com
(Visited 200 times, 1 visits today)

One thought on “[en] How ads can sucks…

  1. Tina ne soglasen s Vami i v toje vrmeia soglasen s Vami, skorogo sverjenia Putina ne budet no on uje proshloe i lish tormozit razvitie Rossii, on dumau sam uidet kogda poimet eto, nadeus GOSPOD otkroet emu glaza chto on uje stal zalojnikom im je sozdannoi sistemi, s drugoi storoni oppozicia toje ne mojet predlojit nichego realnogo a imenno xotia bi obiedinitsia i togda deistotelno prixodiat radikali a eto uje opasno… no eto ekzamen GOSPOD smotrit na nas i jdet nashix reshenii, nashix shagov… Ia gluboko veru v to chto pridet VOZROJDENIE nashix dush i nashix stran, nachnem s samix sebia v pervuu ochered…

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *