Ad Injectors courtesy of and VideoFileDownload

Posted by on May 29, 2012 in Ad Injectors, Malvertising

A binary signed by “TUGUU SL” is targeting the Browser vertical on popular search engines. Essentially, they are buying the top ad spots for queries the likes of “Google Chrome” in a bid to lure unsuspecting users to install what they have in store. This is a great example of using the online advertising ecosystem […]

Yontoo and PPI

Posted by on May 22, 2012 in Ad Injectors, Malvertising

PPI stands for Pay Per Install and involves an advertiser paying an affiliate (typically through a market or network) to install their software on an end user’s machine. For every unique install that an affiliate is able to generate, the advertiser will pay a small sum of money (anywhere from a few cents to a […]

MAD Monday

Posted by on Apr 23, 2012 in Mad Monday, Malvertising

Playpickle is still using Google’s ad network to target the games vertical with their polymorphic binaries deploying payloads that at least a dozen antivirus scanners have a problem with. The result of downloading their payload and having it scanned by virustotal:

MAD Monday

Posted by on Apr 16, 2012 in Mad Monday, Malvertising and Google continue to allow to target children in a bid to deploy the Babylon Toolbar: 1. Search for “free barbie games” on 2. Click through on the playpickle ad to redirect through to the landing page 3. Click on play now. This will download the playpickle installer (Signed by Play Turtle LLC). […]

MAD Monday

Posted by on Apr 9, 2012 in Mad Monday, Malvertising

When searching for download scrabble on, is one of the top advertisers presented in the results returned. Clicking through on their ad takes you through to a landing page which promises Scrabble as a download. This download is signed by “Play Turtle, LLC” and installs the Babylon Toolbar addon (signed by Babylon Ltd) into Internet Explorer. […]


Posted by on Mar 13, 2012 in Ad Injectors, Malvertising

I was contacted by a reader yesterday who noticed that I had Wikipedia as one of the pages in the little image that I drew up for the post. I didn’t go into any detail as to why it was there since I thought it would be obvious. Apologies folks, sometimes I forget that non-technical […]

MAD Monday

Posted by on Mar 12, 2012 in Ad Injectors, Mad Monday, Malvertising

Today we take a look at an ad injector. It is no different from any other, for it makes its money from inserting ads into very popular Web sites, i.e., it is adding foreign content (typically pay per click ads) into a site which it does not own. One of the last ad injectors we […]

MAD Monday

Posted by on Feb 13, 2012 in Mad Monday, Malvertising

It’s spectacular what ad networks are getting away with. Using the Google ad network, AOL is still sending their user’s to this page via this ad link when searching for “virtual dj”. The publisher behind this page is up to all sorts of tricks. Depending on your history, where you came from and a number of other attributes, […]

MAD Monday

Posted by on Jan 23, 2012 in Mad Monday, Malvertising

Google is responsible for distributing an ad (link) which takes you to  These folks are offerring a free download of the 7-zip tool (really available for free here). If you look around their site, you will find many other tools that are available for download. Of course, advertisers that feature on my Mad Mondays are […]