• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

trojan warning re. Google ads

 
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
don't click on the Google ads for "free" smileys from anything related to "smileycentral".
The downloads are infected with trojans (probably keyloggers, I didn't ask my AV for more information on them).
Download links deliberately maskerade an exe-downloader attempting to install a browser plugin as a simple zipfile in the status bar, making it deliberate hiding.
I have been suspicious about them for a long time and decided to give it the lithmus test with a freshly update AV scanner and it immediately sprang into action.

If you do download the only ones smiling will be them...

admins please try to stop this thing in ads (might mean going through Google).
 
Trailboss
Posts: 23778
IntelliJ IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Give me the nasty URL's and I'll block them.
 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
These are the ones (might be more, but certainly these 2).

http://pagead2.googlesyndication.com/pagead/iclk?sa=l&ai=ACNlNfb0fBtfps0r2JF4uZq_Ckv9sFYe1u-YAA34tB4TACrP9B AA8iSQACEA4TAAAzFGbv9mbuoWY2Fmch52Yo5yYv1GA0YDO4ZDMfF2cAAQAAgGd0BnOv8ychx2bv5mLqFmdhJXYuNGauM2bt9yYnlWLilmbvUnYi9SdsRXatFGdlJmYuM2Zp9TdiJWPyVGcslnJm1TMwYCd9ADMyAjM1YiahZXYAA&num=1&adurl=http://www.smileycentral.com/%3Fpartner%3DZNxdm917%26spu%3Dtrue&client=ca-pub-4768842087373098

http://pagead2.googlesyndication.com/pagead/iclk?adurl=http://www.good-offers.com/gr3DkHeiiCY&sa=l&ai=ARk7Ufb0fBtfps0r2JF4uZq_C _f-vHcav0eZAA34tB4jACrP9BAA0GOQACIA4T8_____DAMXYs92bu5iahZXYyFmbjhmLj9WbAQjN4gnNw8VYzBAABAAa0RHc68yLzFGbv9mbuoWY2Fmch52Yo5yYv12LjdWatIWau9SdiJ2L1xGdp1WY0VmYi5yYnl2P1JmY9IXZwxWemYWPxAjJ01DMwIDMyUjJqFmdhBA&num=2&client=ca-pub-4768842087373098

resolving to http://www.smileycentral.com and http://www.good-offers.com/
[ October 27, 2004: Message edited by: Jeroen Wenting ]
 
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you read the EULA, it tells you it downloads these things onto the computer. It is the cost of getting all of the smiles! That is why you do not get free stuff since it is packed with this stuff.

LOL
 
paul wheaton
Trailboss
Posts: 23778
IntelliJ IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Adsense gives me the ability to block something like "www.smileycentral.com", so I fed in the two domains provided and they are now blocked.

Any others?
 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It's not that the EULA doesn't tell you it will download something, I've nothing against that.

It's the fact that what it downloads contains a trojan and that they are hiding the fact that the download is an exe by masking the true URI in the browser status bar with a fake one (thus indicating that they're deliberately sending that trojan).

here's another one.

http://pagead2.googlesyndication.com/pagead/iclk?sa=l&ai=ACbTG0gKgBhL4DEMrCtN6E36DznJyIk4jqnZAA34tB4jACrP9BAA0GOQACIA4TAAAzFGbv9mbuoWY2Fmch52Yo5yYv1GA0YDO4ZDMfF2cAAQAAgGd0BnOv8ychx2bv5mLqFmdhJXYuNGauM2bt9yYnlWLilmbvUnYi9SdsRXatFGdlJmYuM2Zp9TdiJWPyVGcslnJm1TMwYCd9ADMyAjM1YiahZXYAA&num=2&adurl=http://www.msn-emotion.com&client=ca-pub-4768842087373098

http://www.msn-emotion.com also forwards to smileycentral.
 
paul wheaton
Trailboss
Posts: 23778
IntelliJ IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
got it. any others?
reply
    Bookmark Topic Watch Topic
  • New Topic