Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

trojan warning re. Google ads  RSS feed

 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
don't click on the Google ads for "free" smileys from anything related to "smileycentral".
The downloads are infected with trojans (probably keyloggers, I didn't ask my AV for more information on them).
Download links deliberately maskerade an exe-downloader attempting to install a browser plugin as a simple zipfile in the status bar, making it deliberate hiding.
I have been suspicious about them for a long time and decided to give it the lithmus test with a freshly update AV scanner and it immediately sprang into action.

If you do download the only ones smiling will be them...

admins please try to stop this thing in ads (might mean going through Google).
 
paul wheaton
Trailboss
Posts: 22526
Firefox Browser IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Give me the nasty URL's and I'll block them.
 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
These are the ones (might be more, but certainly these 2).

http://pagead2.googlesyndication.com/pagead/iclk?sa=l&ai=ACNlNfb0fBtfps0r2JF4uZq_Ckv9sFYe1u-YAA34tB4TACrP9B AA8iSQACEA4TAAAzFGbv9mbuoWY2Fmch52Yo5yYv1GA0YDO4ZDMfF2cAAQAAgGd0BnOv8ychx2bv5mLqFmdhJXYuNGauM2bt9yYnlWLilmbvUnYi9SdsRXatFGdlJmYuM2Zp9TdiJWPyVGcslnJm1TMwYCd9ADMyAjM1YiahZXYAA&num=1&adurl=http://www.smileycentral.com/%3Fpartner%3DZNxdm917%26spu%3Dtrue&client=ca-pub-4768842087373098

http://pagead2.googlesyndication.com/pagead/iclk?adurl=http://www.good-offers.com/gr3DkHeiiCY&sa=l&ai=ARk7Ufb0fBtfps0r2JF4uZq_C _f-vHcav0eZAA34tB4jACrP9BAA0GOQACIA4T8_____DAMXYs92bu5iahZXYyFmbjhmLj9WbAQjN4gnNw8VYzBAABAAa0RHc68yLzFGbv9mbuoWY2Fmch52Yo5yYv12LjdWatIWau9SdiJ2L1xGdp1WY0VmYi5yYnl2P1JmY9IXZwxWemYWPxAjJ01DMwIDMyUjJqFmdhBA&num=2&client=ca-pub-4768842087373098

resolving to http://www.smileycentral.com and http://www.good-offers.com/
[ October 27, 2004: Message edited by: Jeroen Wenting ]
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you read the EULA, it tells you it downloads these things onto the computer. It is the cost of getting all of the smiles! That is why you do not get free stuff since it is packed with this stuff.

LOL
 
paul wheaton
Trailboss
Posts: 22526
Firefox Browser IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Adsense gives me the ability to block something like "www.smileycentral.com", so I fed in the two domains provided and they are now blocked.

Any others?
 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's not that the EULA doesn't tell you it will download something, I've nothing against that.

It's the fact that what it downloads contains a trojan and that they are hiding the fact that the download is an exe by masking the true URI in the browser status bar with a fake one (thus indicating that they're deliberately sending that trojan).

here's another one.

http://pagead2.googlesyndication.com/pagead/iclk?sa=l&ai=ACbTG0gKgBhL4DEMrCtN6E36DznJyIk4jqnZAA34tB4jACrP9BAA0GOQACIA4TAAAzFGbv9mbuoWY2Fmch52Yo5yYv1GA0YDO4ZDMfF2cAAQAAgGd0BnOv8ychx2bv5mLqFmdhJXYuNGauM2bt9yYnlWLilmbvUnYi9SdsRXatFGdlJmYuM2Zp9TdiJWPyVGcslnJm1TMwYCd9ADMyAjM1YiahZXYAA&num=2&adurl=http://www.msn-emotion.com&client=ca-pub-4768842087373098

http://www.msn-emotion.com also forwards to smileycentral.
 
paul wheaton
Trailboss
Posts: 22526
Firefox Browser IntelliJ IDE Java
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!