For more detailed reports for googleadserver dot com and its malicious payload, see:
File name: smss.exeGoogle Safe Browsing (built into Firefox 3 and Safari 3.2) blocks googleadserver dot com, and most major antivirus products (except Antiy, Authentium, ClamAV, eTrust, F-Prot, PCTools, and TheHacker) detect its payload as malware. I submitted a sample to several vendors and haven't heard back from any of them yet.
File size: 73728 bytes
Variously identified as: Win-Trojan/Vaultac.73728, TR/PSW.Wow.fxc, PSW.OnlineGames.BRKZ, Trojan-GameThief.Win32.WOW.fyk, Trojan-Dropper.Win32.Vaultac, Trojan-PWS/W32.WebGame.73728.BD, Trj/Lineage.BZE, Mal/GameDll-A, etc.
The second site I researched yesterday was interinetskim dot com. For more detailed reports for this domain and its malicious payload, see:
File name: install.exeAs of yesterday, only 12 major antivirus products (Avira AntiVir, Authentium, Avast!, AVG, F-Prot, GData, McAfee-GW-Edition [which is not the same as the current commercial versions of McAfee VirusScan], Microsoft, NOD32, Prevx1, Sophos, and Sunbelt) detected the payload as malware.
File size: 101410 bytes
Variously identified as: ADSPY/AdSpy.Gen, Win32:FakeAlert-BD, Program:Win32/Winwebsec, a variant of Win32/Kryptik.MR, Mal/FakeAV-AK, etc.
I submitted a sample to several vendors and so far I have only heard back from two of them. McAfee merely sent an autoreply saying that their scan was inconclusive and that my submission would be forwarded to an Avert Labs Researcher for further analysis (which is typical), and I haven't gotten a follow-up from them since then. A Virus Analyst from Kaspersky got back to me within a couple hours and said that it would be included in the next update as "Trojan-Downloader.Win32.FraudLoad.edu".