Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 11th, 2008

Malicious Advertisement On

Malicious flash animation advertisement has been detected on The malicious code was found on (do not click the following URLs)


An analysis of the infected SWF reveals a redirection to a known malware URL, The domain is currently active, and redirecting victims as follows: leads to URL in turn leads to

As a part of the hijacking process a cookie is set to expire after 24 hours. As a part of this process, there might also be an attempt to download a file from

The reverse IP for is Its name servers and mailbox are provided by estdomains. Its IP address is, hosted by LayeredTech ( Other sites/services hosted at are:,,,,,, and

The misdirection also appears to be triggered by clicking on Classmates confirmation e-mails. Clicking on the e-mail confirmation by Classmates will load a redirection to The Classmates page does not fully load before it is hijacked and there is no time to click anything else.

The issue was reported to RealMedia although it looks like the advertisement is self-hosted, therefore it might take time for the advertisement to be shut down.

Users are advised not to click on those URLs and use an advertisement blocking software/plugins.

Share this item with others:

More on CyberInsecure:
  • Hackers Broke Into New York Times Banner System, Pushing Fake Anti-virus Malvertisements
  • Fake iTunes Invoices Conceal Valentine’s Ads With Pharma Spam
  • Asprox Botnet Mass Attack Hits Governmental, Healthcare, and Top Business Websites
  • Bogus Twitter Profiles Are Being Used To Spread Malware
  • Malicious Advertisements Spotted On Yahoo! Philippines , Visitors Infected With Trojan

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Malicious Advertisement On

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word