This incident has been reported to livejournal, Atlas Solutions (aka adbureau.net) aquantive and Microsoft.
Here is a screenshot of the malvertizement:
The malvertizement is being displayed at community.livejournal.com. (Screenshot at end of article) Heck, the darn thing is popping up on every livejournal page that has an advert - don't they have *anything* else to display???
The malicious SWF is
http://sixapart-images.adbureau.net/sixapart/041808_728x90_765.swf
adbureau.net is associated with aquantive.com, who are in turn owned by... Microsoft.
The SWF dumps us at a MalwareAlarm site via the following route. The SWF redirects victims to this URL:
profitabill.com/?cmpid=andirector&adid=x (domain registered by Serg Moons)
When we hit that URL, we are redirected to prevedmarketing.com, which sets a cookie that lasts barely a day.
From there we hit scanner2.malware-scan.com.
statsgod.com also makes an appearance, which sets another shortlived cookie, as does bucksbill.com.
We also hit the following URL (URL incomplete for security reasons)
statgroup.net/c/index.php?
The coders of the SWF are lazy; if you click on it, nothing happens - because the click target is _blank.
And the SWF exposes us to another domain, being:
statgroup.net/crossdomain.xml (registered by Serg Moon)
I conducted a search for domains registered by Serg Moon back in March - back then, he had 20 unique domains, being the following - you will note that profitabill is not listed:
aboutstat.com
aboutstat.net
newstat.net
officialstat.com
officialstat.net
stat-diagnostic-imaging.net
statetstr.com
statgroup.net
stathisranch.com
stathisranch.net
stathome.net
staticglobalsources.com
staticglobalsources.net
station-appraisals.com
station-appraisals.net
statnation.net
statsite.net
statsla.net
statuas.net
statworld.net
profitabill was created on 25 March 2008 - my search was ordered on 10 March - enough said there.
At time of writing, profitabill.com was at IP 80.86.94.191. Other hostnames sharing that IP with a-records are:
manzano181.serv.lt, xen-su-01.serv.lt
Domains sharing nam serves are far more interesting - I'm sure you will recognize many infamous names:
advancedcleaner.com
alltiettantivirus.com
antispywaresuite.com
antivirusaskeladd.com
antiviruspcpakke.com
antiviruspcsuite.com
antiviruspertutti.com
antiworm2008.com
avsystemcare.com
bedreigingsmonitoor.com
beschermingstool.com
besutohogo.com
bugdokter.com
bugsdestroyer.com
diannaoqingjieji.com
discerrorfree.com
discosemerros.com
discosenzaerrori.com
discosinerrores.com
diskfejlfri.com
diskrensare.com
diskretter.com
doraibuhogo.com
drivecleaner.com
drivedefender.com
driveproteccion.com
einaprivadesapc.com
elmejorantivirus.com
erreurchasseur.com
errorfri.com
errorout.com
errorsafe.com
errorskydd.com
errorsoshi.com
exterminadordevirus.com
fiksdinpc.com
konsekieraser.com
libresystem.com
maximumantivirus.com
minnesparere.com
mistikotitatuipologisti.com
moncontenuassistant.com
munazifalhasob.com
nocompromaat.com
norwayvirus.com
oczyszczaczkomputerza.com
pc-prot.com
pcbeskyttelse.com
pcrengoringsmaskine.com
pcsegura.com
pcsikker.com
pcsikkerhed.com
pcsod.com
pcvirusless.com
pembersihkomputer.com
plattefehlerfrei.com
pp-total.com
privacidadeprotegida.com
privacyprotector.com
puliturasystem.com
regrensere.com
rejishufuku.com
reparateurdesysteme.com
sanitardiska.com
schijfbewaker.com
securepccleaner.com
senzaerrori.com
sichererantivirus.com
sistemaimune.com
solutionreg.com
spyguardpro.com
storageprotector.com
supashuri.com
suspenzorpc.com
sysdepannage.com
syskontroller.com
systemdoctor.com
systemordnare.com
toolsicuro.com
tryggdator.com
turvapc.com
vacinatotal.com
virenfrierpc.com
virusdeteccion.com
virusforsvar.com
virusfrittsystem.com
virusvanguard.com
winantispyware.com
winsecureav.com
winspycontrol.com
yourprivacyguard.com