Wordpress.Tweetmeme.com infected with spyware

I stumbled on this site a few weeks back after it picked up http://wordpress.tweetmeme.com which basically collates all the tweets related to wordpress… a great resource for sure.  I had this sitting on my IE window today and suddenly it redirected to another location… see the screenshots below.  I believe that the advertising network they use for their banner ads is infected with a malicious ad that redirects you to the site shown.  I’ve no way to contact these people direct so I’m blogging this so that others will know.

Going to the site can produce the following redirect

clip_image001

Regardless if you press OK or Cancel you get the following which looks real but is in fact inside your web browser

 

clip_image001[4]

 

Again regardless of what you press you get the following screen – notice it’s a Windows XP dialog box… I’m running Windows 7 ;-)

clip_image001[6]

Again regardless of what you press it will try to install what is sure to be spyware… and the loop goes on.

clip_image001[8]

Tags:

This entry was posted on Monday, December 28th, 2009 at 11:14 pm and is filed under Blog. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “Wordpress.Tweetmeme.com infected with spyware”

  1. Randy Says:

    December 29th, 2009 at 12:18 am

    I have seen several of these lately with the same original screen. I have been able to extricate myself, but not sure if average client would even know to do so.

  2. Wayne Small Says:

    December 29th, 2009 at 7:44 am

    Thanks Randy – yes I agree the average client will have no idea how to get out of it. Hopefully it can be shutdown quickly.

  3. Sandi Hardmeier Says:

    December 29th, 2009 at 12:29 pm

    Wayne, I see that the web site is using openx. There is a known vulnerability in older versions of openx that the bad guys behind malvertizing have been using to inject malicious code into otherwise safe advertising. You can see more details here:

    It may be that this is the cause of the problem that you saw; they are using advertising hosted by Doubleclick so I would be surprised if the ad itself was bad.

    I’ll keep an eye on things; see if I can reproduce the problem.

  4. Joly MacFie Says:

    December 30th, 2009 at 8:53 am

    tweetmeme.com is blocked by google right now, presumably via astopbadware.org alert – according to them the problem is from embedded elements (ads?) linking to statsistats.com.

    See here

  5. Cara mengatasi ejakulasi dini Says:

    December 15th, 2013 at 1:06 am

    Thanks a bunch for sharing this with all people you really understand what you’re speaking about! Bookmarked. Kindly also consult with my website =). We could have a link change agreement among us

  6. NIKE AIR MAX LIGHT BREEZE Says:

    July 8th, 2014 at 7:39 am

    This now estranged couple showing Fowler their daughter needed jaw surgery and a heart transplant.

  7. cheap ray bans Says:

    August 23rd, 2014 at 10:29 pm

    Wordpress.Tweetmeme.com infected with spyware
    cheap ray bans http://www.northtynesideebp.co.uk/

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>