Malvertising clicksor toujours en ligne

…: https://www.malekal.com/2011/12/13/malvertising-asrvstatsmanager-com-droppe-malware-via-videobb-et-adserve-com/ Celle de clicksor après avoir été en sommeil fait son retour.   hxtp://serw.clicksor.com/newServing/showbanner.php?nid=1&xxxx hxtp://dueicow.info/43d7f87b86dfab98953c543c3a0e4e83 (184.107.189.53) hxtp://durkapoc.com/in.cgi?3 hxtp://mitchell-i-shop-nord-po-rated-blogg.com/com.class (109.236.81.247) hxtp://mitchell-i-shop-nord-po-rated-blogg.com/content/v1.jar hxtp://mitchell-i-shop-nord-po-rated-blogg.com/content/fdp1.php?f=105 hxtp://mitchell-i-shop-nord-po-rated-blogg.com/content/cph2.php?c=105 hxtp://mitchell-i-shop-nord-po-rated-blogg.com/content/fdp1.php?f=105 hxtp://mitchell-i-shop-nord-po-rated-blogg.com/pentalgin.php?page=637f131124c215e2 => http://www3.malekal.com/malwares/index.php?&domaine=109.236.81.247   La bannière…

Malvertising sur dl-protect.com via hooqy.com et clicksor

…conduit au BlackHole La bannière malicieuse : C’est en fait clicksor qui charge celle-ci : Les liens BlackHole : http://ads.hooqy.com/newServing/banner_frame.php?nid=1&pid=159185&sid=241812&zone=-1&image=3&adtype=1&key=8bea49e5152adb5a2d9dbd8496455335 (199.21.148.108) http://totyballl.info/43bf6353ecaa0e20c9631bcb680ea963 http://untidy.alnilin.info/main.php?page=a306572deb323e11 (84.19.161.156) http://untidy.alnilin.info/content/fdp1.php?f=27 http://untidy.alnilin.info/content/cph2.php?c=27 http://untidy.alnilin.info/content/v1.jar http://untidy.alnilin.info/content/fdp1.php?f=27 http://untidy.alnilin.info/com.class http://untidy.alnilin.info/content/fdp1.php?f=27…

[en] Some words about malvertisings in adult world

…about this links between mass malvertising and Fake Police Ransomwares. My first write about Fake Police Ransomware, and the malvertising was on…… Clicksor network ! https://www.malekal.com/2011/12/12/virus-police-virus-bundespolizei-malvertising-de-clicksor-com-sur-streaming/ The fake page was…

[en] Zbot/Dorkbot malvertising

…accross of this : Clicksor that redirect to goo.gl/jNQkjO that redirect to klixfeed.com reload directly to the goo.gl give malicious content : http://goo.gl/jNQkjO http://91.230.205.15/css/look7.php http://yqoky38q.bikegeneral.pw/cf_2-cB5Z09_f7afb_d4-7_8b1_8cRfd_6_8_ac_6_f6a3e.html The statistics for goo.gl is…

[en] Malvertising on tube8.com leads to Trojan.Zbot

…malvertising on Clicksor that leads to Zbot. (but clicksor leading to malware, this is « normal ») http://malwaredb.malekal.com/index.php?hash=ac1789b1b7d644338be6041b1fbd167d https://www.virustotal.com/fr/file/574180f75800d59d2bc57b3421944d668ee08e27ef0302f7264c85c60abc909a/analysis/ SHA256: 574180f75800d59d2bc57b3421944d668ee08e27ef0302f7264c85c60abc909a Nom du fichier : nature.exe Ratio de détection :…

[en] qweentits.org Malvertising and malicious SWF

…Just got a nice Malvertising from clicksor via plugcrush and adultadworld on a Warez website : http://serw.clicksor.com/newServing/links.php?zone=0&chad=1&adu=2&cs=&adtype=0&nid=1&sid=240866&pid=158704&spid=0&image=2&memkey=21ef288088acf517e987cc9c5dce85d9&durl=http%3A%2F%2Ftinyurl.com%2Fd5vnmq5&lq=0&lb=145&qp=YF4lKC_7JScg-Scy-yQqJPFjZU4wKSL7KDIg_GpVJSUzICctfX4lLnwjKiL9IzAiKnxiWy0tfCgsIPwnL_4r http://viegmobmi.com/?9d41c876af1aa135efa0cc288c49fe05 http://udkqwktff.ftp1.biz/vd/2;bbac9ceefad9d2cdeab12044a0bbe316 http://koralucpa.info/ http://viegmobmi.com/?9d41c876af1aa135efa0cc288c49fe05 http://ad.koraloguild.info/?529f79e9fe8613c45013718baab7d1a2 http://koraloguild.info/?track=072221289aea340cfe2daa2add5f15fc redirect to : http://pu.plugrush.com/1o1w.js http://pu.plugrush.com/t/1o1w/3305/302e834e1ebe560283f5496e31ab8659/aHR0cDovL2tvcmFsb2d1aWxkLmluZm8vP3RyYWNrPTA3MjIyMTI4OWFlYTM0MGNmZTJkYWEyYWRkNWYxNWZj that…

Spam Malicieux : Facebook Account Verification => Scarewares

…Security Shield. EDIT 21 Février Et aussi par malvertising, merci Clicksor : http://mytrafficexport01.info/?abd5a32e33fcb35015a8e02464e44c6a (91.232.29.78) http://cdn.mytrafficexport01.info/?089d85e824a444b9a35eff9966f524f6 http://cpafixadvertiser.info/ (5.9.172.73) http://mxvrqop.wikaba.com/vd/145;b34671c6d1aefd2caafdd02c621cc46c (46.166.169.238) http://ret.anygadget.info/ (redirecton par iframe vers klmcmgrig.it.cx/) http://klmcmgrig.it.cx/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liAaKtrMheVQzm+YhzfWz1MPnw1S6zBdyf5Hf5ejna4gUAHw4KuCyoM= (95.141.28.91) La fausse page…