[en] Possible Malvertising at Google Doubleclick

Got a ping from ESET for a malvertising in the wild.
Found this in tubecup.org :

doubleclick doubleclick2 doubleclick3

Domain Name:ADVERSTINGSHARE.ORG
Domain ID: D171684869-LROR
Creation Date: 2014-03-29T17:42:40Z
Updated Date: 2014-03-31T08:21:18Z
Registry Expiry Date: 2015-03-29T17:42:40Z
Sponsoring Registrar:PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
Sponsoring Registrar IANA ID: 303

The malicious redirection lead to an Angler EK, so it can be Reveton behind this : http://malvertising.stopmalwares.com/2014/03/reveton-malvertising/3/
The strange thing is that porn websites are probably forbidden by Doublelick policy.

I also notice some users that claim to get infected from youtube thoses last days, so maybe related :

https://www.malekal.com/2013/07/21/virus-gendarmerie-dlcc-extension-malicieuse/#comment-16302
https://www.malekal.com/2013/07/21/virus-gendarmerie-dlcc-extension-malicieuse/#comment-16250

EDIT – April 2

Better DNS 😉

Domain Name:ADVERSTINGSHARE.ORG
Domain ID: D171684869-LROR
Creation Date: 2014-03-29T17:42:40Z
Updated Date: 2014-04-02T14:08:19Z
Registry Expiry Date: 2015-03-29T17:42:40Z
Sponsoring Registrar:PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
Sponsoring Registrar IANA ID: 303

Name Server:NS1.SUSPENDED-DOMAIN.COM
Name Server:NS2.SUSPENDED-DOMAIN.COM

EDIT – April 3

back  on doubeclick :

adsstorge.biz has address 209.188.21.206 
promochanter.biz has address 209.188.21.206
creativeweb-ads.com
creativeweb-ads.com has address 141.101.116.14
creativeweb-ads.com has address 141.101.117.14

 

Print Friendly, PDF & Email
(Visité 78 fois, 1 visites ce jour)

Vous pouvez aussi lire...

Les Tags : #Windows10 - #Windows - #Tutoriel - #Virus - #Antivirus - #navigateurs WEB - #Securité - #Réseau - #Internet