1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MLB malware revisited

Discussion in 'Computer Security' started by zebulebu, Dec 28, 2007.

  1. zebulebu

    zebulebu Terabyte Poster

    Dear oh dear. Someone at mlb.com needs to be shot. Following the last debacle where ads paid for by the scum involved with the AdTraff network contained redirects to malware sites - the sort of tricks generally seen on hardcore pr0n sites - it seems that someone has gone one better. Since around xmas eve, almost every time I visit mlb.com I have been redirected to an extremely graphic hardcore pr0n site - hqtube.com (WARNING - NOT work safe, hence no direct link). This has been happening for other users (just google 'mlb.com porn' to see newsgroup positings on the subject) and investigations have led us to the conclusion that it is related to the same trick used to compromise their site before (malicious flash ads).

    You would think after the first time they would have learned their lesson and issued a serious reprimand to DoubleClick & ordered them to put their house in order by now. It would appear not and, since I have emailed them repeatedly about it without anything other than a cursory response I won't visit the site again. I'll just have to get my baseball fix from somewhere else - there are plenty of other sites out there.

    Surprise surprise this appears not to be happening to US users - would it be churlish of me to suggest that mlb is employing some filtering based on ARIN-assigned IP addresses? You can bet your bottom dollar that if it was being served up in the US and some politician got wind of it the damn ad would be pulled quicker than you can say 'lawsuit'
    Certifications: A few
    WIP: None - f*** 'em
  2. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    Zeb, put a listing for doubleclick.net to in your HOSTS file, run a nbtstat -R command to re-read the HOSTS file, and I'll bet it doesn't redirect you anymore. I've had them blocked for years.

    EDIT: Looks like it's caused by a fake Chanel watch advert using Flash, directed to people outside the US and Canada. So it's doubleclick doing it to you, and since MLB uses doubleclick for advertising, they're both essentially to blame.
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  3. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    I once clicked on another video on youtube but the add ons I have with firefox told me I was looking at a fake chanel so I didn't proceed incase I got infected
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?

Share This Page