Notice: This blog is no longer updated. You may find a broken link or two

You can follow my new adventures @mikeonwine


If you don’t know what Errorsafe is, read this page first.

I’d like to start this post with the definition of irony. I have a tendency to not use the term correctly and I wanted to make sure I got it exactly right. Ok, so citing the ‘American Heritage Dictionary’

i·ro·ny (ī’rə-nē, ī’ər-)
1.d. Incongruity between what might be expected and what actually occurs:“Hyde noted the irony of Ireland’s copying the nation she most hated” (Richard Kain).

Ok, so why would I start with this? Well, today I found out that Errorsafe/Winfixer is now advertising for getsafeonline.org. So at first I thought that this was another fake website, but just a little bit of research online pointed to the fact that this is actually an organization sponsored by the UK government to promote end users to “Be Safe Online” — which includes multiple links to Anti-Spyware applications. Well, isn’t that ironic? Rather… isn’t there an incongruity between what might be expected when ad networks run this ad and what would actually happen?

So here’s the ad: (here’s a link to the Get Safe Online SWF)

Get Safe Online

As you can see a lot of the same patterns are there — pixelated image, unprofessional appearance, etc… And of course — here’s the actionscript, which if you compare it to the other actionscripts you’ll see some similar patterns. Highly obfuscated/encrypted with SWFEncrypt, all the fun stuff.

So, as you can see these guys are just getting trickier and tricker — please let all the salespeople you know to be careful with any campaign that looks sketch. I’ll also update my ErrorSafe page with this new deal.

Update: Realized I embedded the actual flash file on the page, which of course will trigger active-x installs in certain cases… removed it and replaced with a screenshot =).

Lawyer sleuths out mystery around ‘Winfixer’

Video of “end user experience” posted on Youtube: Fraudware Special Report:

Proving the link to the alleged perpetrators, their connections to Winfixer all the way through to the effects on Ochoa’s computer will be very difficult, she said.

“Forensics is everything,” she said.

This is very very true. If you look at my ‘Errorsafe‘ page, you see that the whois registration for each domain varies widely. This is a great step and I wish them the best of luck in tracking down the responsible parties and shutting down their operations.

I’ve created a page on errorsafe: Read it here.

This is a page that anyone involved with online advertising should read — including ad networks, site owners, portals and anybody else who is interested.

-Mike

UPDATE: Seems wordpress doesn’t put ‘pages’ in the feed, so I will track updates both on the page and here. If you are interested in errorsafe updates simply subscribe to the feed and watch this post.

Updates to Errorsafe Page

2007-03-24: Page Created
2007-03-25: Added cannis.org “Work and live in Canada” ads, with creative that has unobfuscated actionscript.
2007-03-27: Added actionscript for Matchservice creative
2007-04-05: Get Safe Online scam
2007-04-06: Added sports betting tips fake ad
2007-04-18: Added traveltray.com, xing.com and thinkindie.com
2007-04-23: Added getfreecar.com, and web.com

Sandi Hardmeier, author of ‘Spyware Sucks‘, has caught AOL not properly auditing their ads and running Banner Pop and Active-X ads. Click for article. What’s interesting is that she caught MSN running Errorsafe just a month ago, which she detailed here.

I’ve spent a lot of time tracking down this scam and I think it’s time to share that knowledge. Shortly I will post all my knowledge of this scam — what to look out for and how I think as an industry we can stop it. Stay tuned.

-Mike