[en] Possible Malvertising at Google Doubleclick

Got a ping from ESET for a malvertising in the wild.
Found this in tubecup.org :

doubleclick doubleclick2 doubleclick3

Domain Name:ADVERSTINGSHARE.ORG
Domain ID: D171684869-LROR
Creation Date: 2014-03-29T17:42:40Z
Updated Date: 2014-03-31T08:21:18Z
Registry Expiry Date: 2015-03-29T17:42:40Z
Sponsoring Registrar:PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
Sponsoring Registrar IANA ID: 303

The malicious redirection lead to an Angler EK, so it can be Reveton behind this : http://malvertising.stopmalwares.com/2014/03/reveton-malvertising/3/
The strange thing is that porn websites are probably forbidden by Doublelick policy.

I also notice some users that claim to get infected from youtube thoses last days, so maybe related :

http://www.malekal.com/2013/07/21/virus-gendarmerie-dlcc-extension-malicieuse/#comment-16302
http://www.malekal.com/2013/07/21/virus-gendarmerie-dlcc-extension-malicieuse/#comment-16250

EDIT – April 2

Better DNS 😉

Domain Name:ADVERSTINGSHARE.ORG
Domain ID: D171684869-LROR
Creation Date: 2014-03-29T17:42:40Z
Updated Date: 2014-04-02T14:08:19Z
Registry Expiry Date: 2015-03-29T17:42:40Z
Sponsoring Registrar:PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
Sponsoring Registrar IANA ID: 303

Name Server:NS1.SUSPENDED-DOMAIN.COM
Name Server:NS2.SUSPENDED-DOMAIN.COM

EDIT – April 3

back  on doubeclick :

adsstorge.biz has address 209.188.21.206 
promochanter.biz has address 209.188.21.206
creativeweb-ads.com
creativeweb-ads.com has address 141.101.116.14
creativeweb-ads.com has address 141.101.117.14

 

(Visité 59 fois, 1 visites ce jour)

Vous pouvez aussi lire...

Vous pouvez lire les articles et tutoriels suivants en rapport avec cette page :
Tutoriel glasswireTutoriel : mettre à jour ses pilotes

Besoin d'aide ?

Posez votre question ou soumettez votre problème sur le forum malekal.com pour obtenir une aide efficace : Aller sur le forum malekal.com