If you don’t know what Errorsafe is, read this page first.

I’d like to start this post with the definition of irony. I have a tendency to not use the term correctly and I wanted to make sure I got it exactly right. Ok, so citing the ‘American Heritage Dictionary’

i·ro·ny (ī’rə-nē, ī’ər-)
1.d. Incongruity between what might be expected and what actually occurs:“Hyde noted the irony of Ireland’s copying the nation she most hated” (Richard Kain).

Ok, so why would I start with this? Well, today I found out that Errorsafe/Winfixer is now advertising for getsafeonline.org. So at first I thought that this was another fake website, but just a little bit of research online pointed to the fact that this is actually an organization sponsored by the UK government to promote end users to “Be Safe Online” — which includes multiple links to Anti-Spyware applications. Well, isn’t that ironic? Rather… isn’t there an incongruity between what might be expected when ad networks run this ad and what would actually happen?

So here’s the ad: (here’s a link to the Get Safe Online SWF)

Get Safe Online

As you can see a lot of the same patterns are there — pixelated image, unprofessional appearance, etc… And of course — here’s the actionscript, which if you compare it to the other actionscripts you’ll see some similar patterns. Highly obfuscated/encrypted with SWFEncrypt, all the fun stuff.

So, as you can see these guys are just getting trickier and tricker — please let all the salespeople you know to be careful with any campaign that looks sketch. I’ll also update my ErrorSafe page with this new deal.

Update: Realized I embedded the actual flash file on the page, which of course will trigger active-x installs in certain cases… removed it and replaced with a screenshot =).

Related Posts:



  • jschreiber

    Thanks for that ActionScript snippet, we were able to use it as a template to check our own SWFs for that known encrypted AS.

  • Mike

    Just a word of warning — there’s a new set floating around, will see if I have some time tonight to post.