Blog for hpHosts, and whatever else I feel like writing about ....

Thursday 5 September 2013

Yet more fake codecs (softologicsa.com, smarterpcsolutions.net, content.yieldmanager.edgesuite.net)

This lovely bit of flashy badness came up whilst I was looking for the latest version of an Android VM. This time it's not an image ad, but a flash advert (I have Flash and ActiveX disabled in the shells I use for most things, only noticed this one because I loaded the site in Opera, which is the only one I allow flash to load on (and even then, it's restricted)).

This time, the advert was served from content.yieldmanager.edgesuite.net;

hxxp://content.yieldmanager.edgesuite.net/atoms/04/40/35/e5/044035e578f4dceae19d30deeeea02f8.swf?clickTag=http%3A%2F%2Fad%2Eadnetwork%2Enet%2Fclk%3F3%2CeJydTtFugjAU%2ERre1LQUoYbsAUTMNhgzwc3XWkqpFmqgivPrV4bZ4utObu49ae8550LkQ2oj2yvnyMaUwD31oQNKsPAYBosJ8H1%2EMV94LoIYT1B81UGSJGselcujEwYD0mX%2E0Qcj%2DNCeR%2E6Oh74O6r5%2Evf%2Dv2v5tZOGu%2DMTB%2ExGpbbi6c5Nn%2EHmEg2zKdngVhH9rm2t6k4csj6skX9lZxHWaxzL9Ak6WU5DkLyK9cZBFx%2Enbbeukm1%2El02RSaX2yUGDZsSlNpK2Vds6skQIXSJ6q%2EeHSttJGHi1ZNyXTTmgz1Yk1naKCyBlXikt27lhLVaNZo2dU1caLk4Iz3RkmytZC8bmVFooe4irVadHwGa9VcZasuysFf5CXQjIzIHDnGLqmuw4EAHoOgs7oTmo2u9bSst3hBCIaZgIjcwprT63ojNq9CNabN0qaCzGmriQN%2E9n5BusQpLk%3D%2C



Clicking this fake plugin missing ad, takes you to;

hxxp://www.smarterpcsolutions.net/lp/codecperformer/v7/?cid=3616&SourceId=355&CreativeId=21891807&LineItemId=7304535&PublisherId=417709&SectionId=7167196&tid=000069c0f030912714a309ee67e96a5f3f73f



Which takes you to the actual download at (and disappointingly, detection for this is woefully pathetic);

hxxp://www.softologicsa.com/download/$o88rXZlsZA4hsjMA?exename=BestCodecsPackSetup&cid=3616&SourceId=355&CreativeId=21891807&LineItemId=7304535&PublisherId=417709&SectionId=7167196&tid=000069c0f030912714a309ee67e96a5f3f73f
MD5: b8adf15ce4d38909cabd89f61d7e663e

Installing the crap that comes with the installer, gives your machine the rubbish that is, Performersoft LLC (performersoft.com, 184.173.139.224).

You'll not be surprised to hear, this one is owned by appround.biz. It's housed on;

216.146.46.10 (redirector1.dynect.net) (without www. prefix)
216.146.46.11 (redirector2.dynect.net) (without www. prefix)
50.97.57.33 (loadbalancer2.ibariocorp.com)
184.173.139.225 (loadbalancer2.ibariocorp.com)

www(.)softologicsa.com lives on 50.97.37.140 (ibbalancer.com) and without the www prefix, it resides on the same dynect.net IPs as the above.

ibariocorp.com are the ones responsible for InstallBrain, and I'd strongly recommend you blackhole their IPs.

Domain Name: IBARIOCORP.COM
Registrar: MONIKER

Registrant [594222]:
    Felix Leshno
    2271 Melrose Ave.
    Montreal
    Quebec
    H4A 2R7
    CA

Administrative Contact [594222]:
    Felix Leshno
    2271 Melrose Ave.
    Montreal
    Quebec
    H4A 2R7
    CA
    Phone: +1.15146645051
    Fax: +1.15144856533

Billing Contact [594222]:
    Felix Leshno
    2271 Melrose Ave.
    Montreal
    Quebec
    H4A 2R7
    CA
    Phone: +1.15146645051
    Fax: +1.15144856533

Technical Contact [594222]:
    Felix Leshno
    2271 Melrose Ave.
    Montreal
    Quebec
    H4A 2R7
    CA
    Phone: +1.15146645051
    Fax: +1.15144856533

Domain servers in listed order:

    NS1.P09.DYNECT.NET
    NS2.P09.DYNECT.NET
    NS3.P09.DYNECT.NET
    NS4.P09.DYNECT.NET

    Record created on:    2011-02-15 08:10:08.0
    Database last updated on: 2013-08-19 16:27:18.58
    Domain Expires on:    2014-02-15 08:10:08.0


The severely ethical lacking ad company responsible, is Israel based;

DSNR Media Group
http://www.dsnrmg.com

Feel free to shout at them.

No comments: