*.adrevolver.com is part of the BlueLithium network, which is "a premier behavioral targeting ad network" which was acquired by Yahoo in mid-2007 - I wouldn't say "malware" or use the word "attack" (especially considering it's now a sister company), however unethical or intrusive this sort of thing may be...<br>
<br>This is almost like the Omniture debacle a couple of months ago (<a href="http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-01/msg00202.html">http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2008-01/msg00202.html</a>, among many others dating back to 2002/03) which is used for user-tracking in and around certain sites to check page hits, time spent between clicks, referring servers, etc.<br>
<br>If this is upsetting you on a personal level, maybe you should try some of the workarounds, including the ad-blocking extensions in Firefox, or host-file modifications on Windows systems...?<br><br><div><span class="gmail_quote">On 18/03/2008, <b class="gmail_sendername">Blatant Lier</b> <<a href="mailto:blatantlier@gmail.com">blatantlier@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Wed, Mar 12, 2008 at 7:51 AM, Dancho Danchev<br> <<a href="mailto:dancho.danchev@gmail.com">dancho.danchev@gmail.com</a>> wrote:<br> ><br> > <a href="http://lib.ncsu.edu">lib.ncsu.edu</a>; <a href="http://fulldownloads.us">fulldownloads.us</a>; <a href="http://cso.ie">cso.ie</a>; <a href="http://dblife.cs.wisc.edu">dblife.cs.wisc.edu</a>;<br>
> <a href="http://www-history.mcs.st-andrews.ac.uk">www-history.mcs.st-andrews.ac.uk</a>; <a href="http://ehawaii.gov">ehawaii.gov</a>; <a href="http://timeanddate.com">timeanddate.com</a>;<br> > <a href="http://boisestate.edu">boisestate.edu</a>; <a href="http://aoa.gov">aoa.gov</a>; <a href="http://gustavus.edu">gustavus.edu</a>; <a href="http://archive.org">archive.org</a>;<br>
> <a href="http://gsbapps.stanford.edu">gsbapps.stanford.edu</a>; <a href="http://bushtorrent.com">bushtorrent.com</a>; <a href="http://ccie.com">ccie.com</a>; <a href="http://uvm.edu">uvm.edu</a>; <a href="http://thehipp.org">thehipp.org</a>;<br>
> <a href="http://mnsu.edu">mnsu.edu</a>; <a href="http://camajorityreport.com">camajorityreport.com</a>; <a href="http://medicare.gov">medicare.gov</a>; <a href="http://usamriid.army.mil">usamriid.army.mil</a><br> ><br>
> <a href="http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html">http://ddanchev.blogspot.com/2008/03/more-high-profile-sites-iframe-injected.html</a><br> ><br> <br> It would look as if <a href="http://yahoo.com">yahoo.com</a> is serving malware. I got this little fellow:<br>
<br> <a href="http://media.adrevolver.com/{---remove">http://media.adrevolver.com/{---remove</a><br> this---}adrevolver/trace?sip=103&cpy=1205797527644342&bt=AAAEEIGsMo0L<br> [note that the link has been purposefully broken with "{---remove this---}"]<br>
<br> while hitting yahoo at 4:45pm EDT. As of this time it is still there.<br> <br> Considering that <a href="http://yahoo.com">yahoo.com</a> is one of the top destination these days, I<br> believe we can expect this attack to be fairly successful.<br>
<br> BL<br> <br> _______________________________________________<br> Full-Disclosure - We believe in it.<br> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br> </blockquote></div><br>