Mike On Ads

Thanks to intervention by the FTC, a US district court has issued a temporary order banning the products we have struggled with for so long in the ad-industry: WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus (and more). Although primarily aimed at defending consumers, the court injection expressly bars them from performing the scam we have seen so often — “placing advertisements purportedly on behalf of a third party without that party’s consent, or otherwise attempting to conceal their own identities”.

Several networks are named directly in the suit — you probably want to make sure you aren’t working with these:

1. Burn Ads
2. Net Media Group
3. AdTraff
4. Preved Marketing
5. Uniqads

According to the suit, the companies behind the scam are: Innovative Marketing (based primarily out of the Ukraine) and IMI Enterprise — and James Reno, Sam Jain, Daniel Sundin, Marc D’Souza, Kristy Ross and Maurice D’Souza named individually.

Thanks FTC!

Full FTC Press Release
The full gory details

Apologies for the delay in updating my errorsafe page. Will try to do it more often — found a whopping 5 new scams this past month! Check out the page here. Added details for five ads with sketchy code embedded in them: Flycell.com, How2Vacation.com, nCyber iPod, Speedbit.com & eDiets.com. Some screencaps of the creatives below… check the page for actionscript and full flash files:

If you don’t know what Errorsafe is, read this page first.

I’d like to start this post with the definition of irony. I have a tendency to not use the term correctly and I wanted to make sure I got it exactly right. Ok, so citing the ‘American Heritage Dictionary’

i·ro·ny (ī’rə-nē, ī’ər-)
1.d. Incongruity between what might be expected and what actually occurs:“Hyde noted the irony of Ireland’s copying the nation she most hated” (Richard Kain).

Ok, so why would I start with this? Well, today I found out that Errorsafe/Winfixer is now advertising for getsafeonline.org. So at first I thought that this was another fake website, but just a little bit of research online pointed to the fact that this is actually an organization sponsored by the UK government to promote end users to “Be Safe Online” — which includes multiple links to Anti-Spyware applications. Well, isn’t that ironic? Rather… isn’t there an incongruity between what might be expected when ad networks run this ad and what would actually happen?

So here’s the ad: (here’s a link to the Get Safe Online SWF)

As you can see a lot of the same patterns are there — pixelated image, unprofessional appearance, etc… And of course — here’s the actionscript, which if you compare it to the other actionscripts you’ll see some similar patterns. Highly obfuscated/encrypted with SWFEncrypt, all the fun stuff.

So, as you can see these guys are just getting trickier and tricker — please let all the salespeople you know to be careful with any campaign that looks sketch. I’ll also update my ErrorSafe page with this new deal.

Update: Realized I embedded the actual flash file on the page, which of course will trigger active-x installs in certain cases… removed it and replaced with a screenshot =).

Lawyer sleuths out mystery around ‘Winfixer’

Video of “end user experience” posted on Youtube: Fraudware Special Report:

Proving the link to the alleged perpetrators, their connections to Winfixer all the way through to the effects on Ochoa’s computer will be very difficult, she said.

“Forensics is everything,” she said.

This is very very true. If you look at my ‘Errorsafe‘ page, you see that the whois registration for each domain varies widely. This is a great step and I wish them the best of luck in tracking down the responsible parties and shutting down their operations.