Mephistos

Latest incarnation is Bizotto Agency.  Beware!

I was also targeted with this banner ad scam. I sent an email to Lacoste and am awaiting their reply.

Just had the same thing happen to me, really really smart way to scam people I guess many fell for this. The second I was told that I need to install a whole plugin for a freaking banner, the alarm went off and I sent them an email back. Should have had some fun with them and wasted their time a little, well... next time I guess :) (hope they contact me for some of my other blogs) :)

I had the same emails as Todd above purporting to be from Simon at the Mana Agency representing Lacoste. Again I raised the same questions that many others have. I run a moderately successful football blog and initially thought it was random why they'd wish to advertise on my relatively specialised website. His response was that they found my site on Google and that was it. All of the questions I asked were never really answered. He asked my price for two ads and I asked a relatively high amount and they agreed without issue. Then comes the plug-in download and all that jazz. I haven't downloaded anything and don't intend too. Looking around a number of these websites have the exact same design and it just seems as if they go through different domain names. As many have said if there are alarm bells and it seems to good to be true then do some research. Thanks to everyone who posted their experiences to warn others. Much appreciated.

same thing happened to me, I was contacted by Killian Blanchard from Jino Agency those scammers are getting really sophisticated it seems

I just recently had the same offer from "Simon Leclercq" at www.mana-agency.com Once we got to the point where he wanted me to login to some site and install and activate a plugin is when I got really suspicious.

I got an email from the latest scam name in use: Martin Lefevre at the fake Rita Agency, www.ritaagency.com. Same website in "Paris" as the previous company, Izida. Searched domains on Whois and they all are registered to the following: PrivacyProtect.org Domain Admin (contact@privacyprotect.org) ID#10760, PO Box 16 Note - All Postal Mails Rejected, visit Privacyprotect.org Nobby Beach null,QLD 4218 AU Tel. +45.36946676 @Dave, not in Russia either!

Posted my own account here at my blog : http://www.atpeaz.com/index.php/2011/wordpress-blogs-targeted-scam-beware-of-the-adv-zip-plugin/ Did a little poking into the plugin codes. Seems innocent but heck you'd never know!

I too just had the same thing but a new 'ad agency' name now. Bevesto Agency that's supposedly from France. The this is... when I tried to google search the agency, there's no result at all. And that's when it got all suspicious. I think Wordpress should has a 'filter' on the plugin module to block this plugin from installing at all!

I also getting email from Mathis Gaillard . I represent Izida Agency. At the moment we are preparing an advertising campaign for Lacoste Company (it is a French company producing clothes, footwear, perfumery etc.) We already have designed banners for the campaign, they are the following sizes: 160x600, 240x400, 300x250, 336x280, 468x60, 728x90. Will 468*60 banner appear on all pages of your site? Thanks for reply to our proposal! We like your price. To pass to the banner control system follow the link http://webmaster.izidaagency.com To enter use the following data: login: www.xxx.com password: xxxxxxx You should install and activate the plugin in order to display advertisement. Before making payment, advertiser must approve location of the banner. The banner will be shown on your site when you add special code to your web- address (for example: http://www.xxx.com/?adv_test=1). It means, that visitors will see the banner only if it is approved and payment made. To get installation instruction for your site type pass to: http://docs.izidaagency.com/wp_install To activate your site you have to enter the code: xxx-xxx-xxx During email exchange, it goes back and forth quite fast. He didn't seem bother about the high advertising price, i guess. Whatever you quote them, they will accept it. Then the suspicious, comes with the installation of ADV.ZIP plugin. I am not sure if during the download of ADV.ZIP into my local harddrive pose potential malware threat or not. It is really scarry.

Just got the same email from Kevin Meunier at Emma Agency. We have gone back and forth for 9 days. I've been trying to flush him out but apparently this guy has got a little tighter in his responses. I don't know why I didn't check domain tools right off the bat because the site was registered on 10/31. I was lured in because a Lacoste store just opened in the mall right by the hiking spot my blog is focused on. Now I am in the marketing game and register and launch new sites all the time but poor writing, new domain and this thread just solidify that this deal is totally phony. I was going to have a programmer look at the code but apparently now I don't need to. I think I'll try pushing back on installing the plugin and see what he says. I'll report back what happens.

Got the same e-mail, this time from "Emma Agency" at www.emmaagency.biz (there's a legit advertising company by the name of Emma, but their URL is myemma.com). Anyone ever find out what the plugin does?

I sent off the code to a couple of folks and never heard back from them. I looked through and never found anything in the plugin itself. However, a lot folks think it was like things in the pictures or the links that it would have taken folks to if they clicked on the ads. Bottom line, I still think the lack of coherent responses when I asked legitimate questions spoke volumes, but to each there own. I do feel pretty sure simple installation of the plugin likely did not cause harm to your installation though.

Unfortunately I found your post a little too late. I did fall for their scam. The moment I contacted them back that the plugin is installed they said all the spots in the program are already filled with other websites but hey they might contact me back. Once the plugin was installed, a very decent banner showed up. Stating "lacoste, the inventer of the polo. Click to shop online." It's been a month later and there hasn't been anything suspicious on my website, I've deleted the plugin. But however what do you think it might be doing, did somebody take a look into the code?

I was also contacted by Evan Hubert from Gelbert Agency. As soon as he told me that I had to install a plugin I suspected something and googled him. Came up with your site. Glad I did (not that I would have ever installed his plugin anyway).

Hi Ray. Someone tried to pull the same scam on me yesterday, this time someone named "Evan Hubert" from the "Gelbert Agency", also purporting to represent Lacoste. After asking for my pricing (and no other details, pageviews, demographic etc.), they directed me to a site to download the adv.zip Wordpress plugin. www.gelbertagency.com is their site (and where their email appears to originate) webmaster.gelbertagency.com is their "admin panel" for webmasters / suckers (requires a username and password, which they provided by email) docs.gelbertagency.com/wp_install is where you can find the "helpful installation instructions" I Googled the name of the guy and the agency, and all I found were copies of the same email he'd sent to me, posted as comments on other Wordpress blogs.

So sorry, I permantly killed the email with the link in it to get the file and the file I downloaded is corrupted. Not sure if the download screwed up or if the system I did that on is being screwy (it is old and the drive is probably questionable). I am looking to see if I can get my hands on it and if I do I will send it out to all that have requested, especially the WP security folks. Wish I had thought of that before.

Can you please send the code to security at wordpress dot org so we can take a look?

Yea please post the source... might give clues to where in Russia they are.

If you post the plugin, I'd like to take a look at the source.