B19 wrote:
A week or so back, after the Trojan attack was detected on my computer, (the attack was unsuccessful, identified and quarantined) I asked my anti-virus detection provider what that particular Trojan was, and they said that it looked like it could be related to Bitcoin attacks they had seen recently (could be, not was).
I don't know how it got access to attack my computer, so am not leaping to the conclusion that it was from here.
Probably. The server has a whole cornucopia of malware running in it's memory.
Here's a list of what is running. Most are serving dodgy ads but some
are a little more nefarious.
ags.us.onscroll.com
tags.expo9.onscroll.com
impl.us.onscroll.com
tags.bluekai.com
pixel.advertising.com
d.agkn.com
aa.agkn.com
dsum-sec.casalemedia.com
ssum-sec.casalemedia.com
simage2.pubmatic.com
image.pubmatic.com
image6.pubmatic.com
ads.stickyadstv.com
sync.adaptv.advertising.com
dpm.demdex.net
aa.agkn.com
ib.adnxs.com
secure-us.imrworldwide.com
pixel.rubiconproject.com
ads.yahoo.com
us-u.openx.net
beacon.krxd.Net
a.tribalfusion.com
cdnx.tribalfusion.com
Quote:
ads.stickyadstv.com redirect is usually caused by adware installed on your computer. These adware programs are bundled with other free software that you download off of the Internet. Unfortunately, some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed adware without your knowledge.
Once this malicious program is installed, whenever you will browse the Internet, an ad from ads.stickyadstv.com will randomly pop-up.
These ads are aimed to promote the installation of additional questionable content including web browser toolbars, optimization utilities and other products, all so the adware publisher can generate pay-per-click revenue.
When infected with this adware program, other common symptoms include:
Advertising banners are injected with the web pages that you are visiting.
Random web page text is turned into hyperlinks.
Browser popups appear which recommend fake updates or other software.
Other unwanted adware programs might get installed without the user’s knowledge
Quote:
dsum-sec.casalemedia.com is a malicious browser hijacker infection. Where It was created with the main intention of manipulating Internet users to obtain their confidential data. In order to collect information, this will keep promoting phishing pop-ups in front of users and convince them to click on it.
In additional hackers programmed this illegal website to make profits from the execution of malicious functions. Further, this nasty threat will also inject pay-per-click based download links as well as sponsor links inside the currently visited page which causes the unexpected redirection and which helps cybercriminals in online earnings from these redirects.
Actions Performed By dsum-sec.casalemedia.com:
As soon dsum-sec.casalemedia.com manages to settle, it will start to execute malicious functions inside the computer. After that, this terrible browser hijacker will apply some malicious modifications to the system as well as their installed programs and cause their performance sluggish.
Moreover, this threat also messes with the browser and inject the JavaScript code inside of them to take control over them and frequently changes web browser search engine by default as a homepage with the unknown domain.
Quote:
Once AA.AGKN.COM redirection happens to be on your PC, it will be skilled to display various sorts from claiming utilized browsers, including Microsoft Edge, Google Chrome, web Explorer, Mozilla Firefox and even safari. It will rob your enrollment of data and the security ID so that it can get free access to any of your bank accounts. also, the dazzling links attached on the ads will bring you more freeware or any other adware which will waste your resource. As a result, you lose both the money and PC.
Quote:
TribalFusion is a spyware tracking cookie that installs on your computer and tracks your browsing habits; it sends the information to its main server and other third-party advertisers. It gathers potentially sensitive information such as email addresses, usernames, where you shop and how many times you shop, and it exposes this information to others. TribalFusion tracking cookies can be removed manually or using a power anti-virus program with spyware removal. This ensures that vital information remains protected.
Quote:
The simple explanation of what is ib.adnxs.com – it’s a potentially unwanted program (PUP) which is used for shady advertising. On the affected machine, adware might display misleading pop-ups, banners, ads, in-text ads and similar commercial content which diminishes browsing experience.
Ib.adnxs.com virus is associated with a couple of domains that display ads or trigger redirects to third-party websites:
nym1.ib.adnxs.com;
lax1.ib.adnxs.com;
m.adnxs.com;
adnxs.com.
The main purpose of the Ib.adnxs.com redirect virus is to drive traffic to specific websites. Website owners might want to increase their sales, promote products or services, or install malware or spyware on your computer.
Quote:
D.agkn.com redirect is usually caused by adware installed on your computer. These adware programs are bundled with other free software that you download off of the Internet. Unfortunately, some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed adware without your knowledge.
Once this malicious program is installed, whenever you will browse the Internet, unwanted advertisements will pop-up on web pages that you visit. These ads are aimed to promote the installation of additional questionable content including web browser toolbars, optimization utilities and other products, all so the adware publisher can generate pay-per-click revenue.
You may also see in the browser status bar the following messages: “Waiting for D.agkn.com”, “Transferring data from D.agkn.com”, “Looking up D.agkn.com”, “Read D.agkn.com”, “Connected to D.agkn.com”.
When infected with this adware program, other common symptoms include:
Advertising banners are injected with the web pages that you are visiting.
Random web page text is turned into hyperlinks.
Browser popups appear which recommend fake updates or other software.
Other unwanted adware programs might get installed without the user’s knowledge.
Quote:
Tags.bluekai.com has been assigned to the potentially unwanted program (PUP) and “adware” after computer users have started complaining about its performance. According to them, ads and drop-down boxes, which are related to this service, continue appearing on certain domains and block the entrance to them.
Quote:
beacon.krxd.net - A hostname is an indicator of compromise commonly used as a target for communicating with malware, hosting malware, or serving as a vector for attacking targets in watering hole attacks. Malicious hostnames may exist within non-malicious domains
03 Apr 2018, 8:16 am
