Distribution of trojans via flash banners
Attention: be careful when placing flash banners!
Background.
I am the owner of a fairly popular resource. Some time ago, there were several requests to place "do no harm iframe". They refused these offers, because karma is more important.)
Yesterday, a person came up with a proposal to place a small flash banner with an advertisement for a BMW club. The code turned out to have an unpleasant Trojan “bonus”.
UPD !: Unsubscribed in support of Yandex . They answered. They thanked and notified that the code was sent for analysis to the appropriate department. ? mini victory)
remaining UPD s under cut
the code in full:
Pay attention to the bottom of the code, more precisely to the banner function , which caused suspicion. But it was not immediately clear who should call this function. It turned out that the flash banner itself called this function and created a hidden iframe on the page through which users were planning to load the trojan.
Here is a story.
Watch out!
Upon request, I can provide the contacts of the “hero” who suggested placing a similar banner.
UPD: I ask experts to give advice, where can I get the distributor of trojans?
UPD2: I give the address of the club advertised by him BMW. www.bmwclub.ua. We go to his li.ru statistics and look at traffic sources (http://www.liveinternet.ru/stat/bmw.kiev.ua/sources.html). We find, for example, the site www.tosti.ru (traffic over 100k) and see a banner with a flash trojan placed on it. I will unsubscribe to the administration of the toasts, if anyone has the opportunity, comb and mail out the administration of other portals ( if there is no volunteer, I'll do it myself in the evening ).
PS: according to the trojan distributor, it has nothing to do with the BMW club. quote: “our agency is an intermediary between the site and the advertiser.”
Background.
I am the owner of a fairly popular resource. Some time ago, there were several requests to place "do no harm iframe". They refused these offers, because karma is more important.)
Yesterday, a person came up with a proposal to place a small flash banner with an advertisement for a BMW club. The code turned out to have an unpleasant Trojan “bonus”.
UPD !: Unsubscribed in support of Yandex . They answered. They thanked and notified that the code was sent for analysis to the appropriate department. ? mini victory)
remaining UPD s under cut
the code in full:
Всё о BMW
function banner (str){document.getElementById('res').innerHTML = str;return(str)};
* This source code was highlighted with Source Code Highlighter.Pay attention to the bottom of the code, more precisely to the banner function , which caused suspicion. But it was not immediately clear who should call this function. It turned out that the flash banner itself called this function and created a hidden iframe on the page through which users were planning to load the trojan.
Here is a story.
Watch out!
Upon request, I can provide the contacts of the “hero” who suggested placing a similar banner.
UPD: I ask experts to give advice, where can I get the distributor of trojans?
UPD2: I give the address of the club advertised by him BMW. www.bmwclub.ua. We go to his li.ru statistics and look at traffic sources (http://www.liveinternet.ru/stat/bmw.kiev.ua/sources.html). We find, for example, the site www.tosti.ru (traffic over 100k) and see a banner with a flash trojan placed on it. I will unsubscribe to the administration of the toasts, if anyone has the opportunity, comb and mail out the administration of other portals ( if there is no volunteer, I'll do it myself in the evening ).
PS: according to the trojan distributor, it has nothing to do with the BMW club. quote: “our agency is an intermediary between the site and the advertiser.”