Malware-Scan.Com, DotTunes.Net’s Flash Ad and Computer Virus

anti spam






TOKYO (MacHouse) – We first reported the danger of dottunes.net‘s orange Flash ad brought by AdECN several days ago. A situation involving this Flash ad and malware-scan.com has changed dramatically. We now strongly advise that you avoid any website displaying this Flash ad because none of the ad companies involved with this Flash ad has done anything decisive to eliminate imminent danger.

Some 26 hours ago, we reported that youhide.com, which offers a free online anonymous proxy server service, displays dottunes.net’s orange Flash ad just as our websites did several days ago. I went back to this website 24 hours after I was first redirected to malware-scan.com’s deceitful website. malware-scan.com’s exploitation system is such that you might be redirected to their website only once every 24 hours or longer.

Several seconds after I used youhide.com’s provy server function to access our own website, I was redirected to malware-scan.com. This time, I observed a couple of new friends brought by malware-scan.com on the status menu shown at the bottom of the browser window. malware-scan.com’s friends now include





  • newbieadguide.com
  • blessedads.com
  • bucksbill.com
  • statsgod.com





  • Okay. So malware-scan.com has brought two new friends. What else is new? While this malicious website was displaying a scrap video showing that our computer contains viruses, Norton AntiVirus kicked in, indicating the file that malware-scan.com uploaded to my local terminal regardless of my will contains a computer virus. It’s shown as Downloader.MisleadApp.

    So why do we still get redirected to malware-scan.com? We reported several days ago the redirection problem to our ad company Canep Media, which is one of the 3 dozen seat holders at AdECN. They wrote back instantly and said that they would investigate our claim. However, we haven’t heard anything new from them beyond our initial claim. And we were obliged to remove all our ad codes from AdECN/Canep Media. We also tried to contact dottunes.net by e-mail about 80 hours ago. However, we haven’t heard from them yet. In addition, in reference to their domain registration, we attempted to contact the site administrator of youhide.com about 19 hours ago. But we did not receive a reply by the time we posted this article.

    For me, it’s just the matter of not hosting the ill Flash ad. However, ad companies, dottunes.net and youhide.com don’t seem to act any time soon. While those parties hesitate to act, innocent Internet users are still victimized by malware-scan.com’s malicious redirection scheme.


    malware-scan.com youhide.com dottunes.net Downloader.MisleadApp
    Screenshot from youhide.com
      malware-scan.com youhide.com dottunes.net Downloader.MisleadApp   malware-scan.com youhide.com dottunes.net Downloader.MisleadApp






    Click on the button to watch a documentation video. VTC
    Click on the button to watch more documentation videos. VTC






    References:

    More Evidence for Dot.Tunes Flash Banner As Source of Ill Redirection to Malware-Scan.Com
    Destroying Malwarealarm.com
    Flash-Based Ad and Involuntary Redirection to Malware-Scan.com

    This entry was posted in Internet security. Bookmark the permalink.

    9 Responses to Malware-Scan.Com, DotTunes.Net’s Flash Ad and Computer Virus

    1. admin says:

      To victims of bucksbill.com’ Malware Alarm

      bucksbill.com’s website is hosted by Secure Hosting (securehost.com). According to its Use Policy #14, it says

      Distribution of Internet Viruses, Worms, Trojan Horses, or Other Destructive Activities — Distributing information regarding the creation of and sending Internet viruses, worms, Trojan horses, pinging, flooding, mail bombing, or denial of service attacks. Also, activities that disrupt the use of or interfere with the ability of others to effectively use the network or any connected network, system, service, or equipment.

      Bucksbill Inc. is also suspected of involvement with distribution of a computer virus known as Downloader.MisleadApp. It appears that selling their malware itself violates hosting company’s fair use policy. Therefore, I suggest that you file a complaint and have this website dismissed.

    2. Stephen Chukumba says:

      I am the Director of Business Development with DOT.TUNES. Please note that we unequivocally deny any participation in malware schemes or anything of the sort. If you click our link from any other site containing a DOT.TUNES link, it redirects you to our site. If anything else occurs, it is not by our design. It is obviously is not in our best interests to have a hosted link or ad on a third party site that does not re-direct visitors to our website.

      With respect to this statement, “We now strongly advise that you avoid any website displaying this Flash ad because none of the ad companies involved with this Flash ad has done anything decisive to eliminate imminent danger.” what do you recommend we do? When I went to the youhide.com site, ours was not the ad displayed on the site. Other sites displaying our ads, are not affected by this problem, so I assume that this re-direction to the malware-scan site, application or page is caused by something occurring on the site itself, and is not at all related to our ad.

      We want your users to know that we at DOT.TUNES are strongly against spam, spyware, malware, viruses, worms or any other activity that interferes with an individual’s free and unfettered use of the internet, our website or application. We are deeply offended by any suggestion to the contrary. We urge you to amend this post to reflect our cooperation and remedy the negative impression of DOT.TUNES which you may have caused by this article.

      Please feel free to contact me to discuss this matter further.

    3. admin says:

      To Mr. Chukumba:

      You can be redirected to malware-scan.com’s website, depending on your geographical location and web browser. We have two videos showing that one is redirected to malware-scan.com. On both sites, your Flash is displayed. On our website, we only had your Flash ad, and I was redirected. If you still have doubts, I would suggest that you use Camino (Mac) or Safari to go to youhide.com. (You may have to wait for 24 hours or long since your last visit.) Or you may want to see what happens if you stop airing this Flash. In any case, we never wrote an article to suggest that you are affiliated with this malware scheme.

      I’m sorry to hear that you are offended. It’s not just you who get a negative message. We also have got a negative message because I suspect many of our visitors were redirected involuntarily. youhide.com gets the same bad image. We didn’t appreciate our ad company bringing this Flash ad. You aren’t the only victim here. It’s just that they use your Flash ad as a medium to redirect Internet users to a malicious website.

      We can alter the article to intentionally make it look like that you are willing to combat this malware scheme. However, that won’t change the circumstances surrounding this Flash ad. We still advise that Internet users avoid any website displaying the orange Flash ad.

      I would find out how people are redirected. One common way of redirection is iframe injection. I would also go after the Russian criminal group hosting malware-scan.com.

      MacHouse does not target individuals or corporate entities just for the purpose of defaming them. If there is anything that is stated in this article that is not correct, we are obligated to amend it. If there is, please specify which part is wrong and indicate the source of an alternative theory.

    4. Phil Graci says:

      Greetings I am the main web developer, and creator of the Flash ad in question. I can and am willing to send an UNEDITED FLA file to your company, or anyone else who has the question, that there is NO MALWARE or BAD SCRIPTS anywhere in our code.

      I think that due dilligence would be best for you to retract this article, and reissue it, placing blame squarely where it is due, on the Ad Network that is resubmitting our ads or the website running the tainted ad. I will make sure that Mr Chukumba and I follow up and make sure the ad is removed from the offending website or ad network, but it is only fair that the article reflect the fact that it is the WEBSITE and/or AD NETWORK that is the problem.

      Maybe even a better spin to put, is that there are malware people that are creating these ads, and hijacking other people’s ads. That I would guess would bring you more traffic. Currently the article definitely implies that we were ‘brought on’ as accomplices in this scam, and is definitely in my opinion offensive and puts a bad spin on our business. Imagine how you would feel if someone accused Machouse of being a partner in a malware scam that you knew for certain you were not! Please do us the same justice you would like done to yourself in the same situation, blame the offending site or ad network, not us!

    5. admin says:

      To Mr. Graci,

      We have no plans of resubmitting, retracing retracting, rewriting this article. This article only implies what it says. So you can take it in any way you want.

      The two videos we have posted indicate that the orange Flash ad is used as a medium to redirect Internet users to malware-scan.com. If not, please tell me what they imply. We have mentioned ‘dottunes.net’ because the orange Flash ad says ‘DOT.TUNES’ and also because one will be redirected to dottunes.net’s website upon clicking on the banner.

      I have no idea who made that orange Flash, you or whoever. It’s just that a person who claims works at dottunes.net sent me an e-mail message saying

      “We have never seen that ad before – nor have we ever produced or commissioned a flash advert.

      It’s most certainly a scam and I assue you that we have absolutely nothing to do with that ad or the site which it links to.”

      Perhaps, they should find out what “Q76123″ means for them.

    6. admin says:

      We have nothing to do with the development of the article found here in any way as we were never contacted beforehand. But it seems that there are other people who claim that dottunes.net’s orange Flash ad is used as a medium for mass involuntary redirection to malware-scan.com’s Malware Alarm website.

      I’m sure Bank of America is not happy about their name being used for phishing. But their approach is commendable to some export because they have an abuse report form. We have checked dottunes.net’s website and also their blog repeatedly. But we haven’t see any warning comments and, of course, no abuse report form. All they care about is themselves and their name.

    7. Phil Graci says:

      Once again, it is clear via the msmvps article, that the problem is soley with the ad network. We created a SWF flash ad for an promotional campaign that the ad was hardcoded into another site. We did not place the ad with any ad networks. At no time was any malware added to the file. Someone has stolen our ad, and is using it in some sort of scam!

      I am not threatening or telling you what to do. You have every right to tell people whatever you want. However I am stating as a DOT.TUNES developer and partner that we have not created or taken part in this malware ad in any way. In fact we are considering that whoever has inserted the code has STOLEN our ad, and is using it in this scam.

      As I stated, it does seem to me that the real story is that this ad network or whoever has created this scam and placed the ad, is the real culprit. Until you brought this to our attention, (via your blog I might add, as far as I know, you or no one else took the time to email us what was happening) we never even knew this was possible. To this moment, I am not even sure where to start to eliminate the ad! It is not showing at all in the link that you gave. You mentioned that 26 hours ago (as of writing this article) no one had done anything about it. When did you contact us? The first mention I heard of it, was via your blog, and only that because I have a Google alert to notify me of news about DOT.TUNES.

      My initial gut response was in response to our name, yes! Because at first read it seems like you are implying that we knew about this and did nothing. Or that we did know about it and were involved. Yes I initially thought that this was offensive and needed to be clarified! Probably the first sentence got me, that it was “dottunes.net’s flash ad” which it is our logo, and it links to our site, BUT IT IS NOT OUR AD! We didnt pay for it, know about it, or have any clue about it until you wrote your article!

      So I thank you immensely for your detective work, and bringing it to our attention. I would have appreciated an email first (we do have multiple emails as well as live tech support chat on our site).

      Take it or leave it, I would still love for the article itself, if not edited, to include an updated statement that would allow people to realize that there is a scam going on that steals ads just to insert virus code! (What has this world come to?!?!?)

      We are going after ADECN to find out what is going on. Do you have any other advice?

      Thanks

      Phil
      TriAgency / DOT.TUNES

    8. Phil Graci says:

      I just read the main article u had first posted at http://seo.mhvt.net/blog/?p=180 and it is much more clear that you are not saying that our ad was the problem. But believe me when I say that we never knew anything about this until this follow up blog! Please contact me personally if you have any advice or ideas of how we can deal with this and get our ad out of there!

    9. Phil Graci says:

      Once again, apologies! I didn’t realize that you HAD emailed jeff, so to all readers I take back my comment. I personally was not alerted until I read this blog post, but I do see you attempted to make contact.

    Leave a Reply

    Your email address will not be published.

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    Comment spam protected by SpamBam

    Notify me of followup comments via e-mail. You can also subscribe without commenting.