Looks like this SCAM has been published from at least the following domains:
bevestoagency.com (the potential domain which almost got me)
kervelagency .com (Martin Dumont)
gelbertagency.com (Suspicious adv.zip WordPress Plugin)
markaagency.biz (Markaagency.biz/adv.zip plugin is a wordpress scam)
After some research it seems quite possible this is a scam, but what I cant figure is what exactly is the scam, is it a social engineering attack (where they use might site to post spam), is the plan to use my hosting account for a zombie attack on other systems on the net, or is it just a method to attempt to gain access to my bank info (when they ask for payment method info).
What I do know is that this same email marketing approach seems all to well known by many skeptical webmasters around the net. Each having a similar story about an advertising agency contacting them to run an ad campaign for Lacrosse.
This version almost got me: adv.zip (FOR RESEARCH ONLY. DO NOT INSTALL AND USE THIS PLUGIN!)
Version 2.6.1 obtained from source at http://webmaster.bevestoagency.com/ on Dec 1, 2011
SCAM – adv.zip WordPress Plugin – plugin source
Version 2.6.2 posted Aug 11, 2011
Suspicious adv.zip WordPress Plugin – plugin source
When Diffed I found the following results:
from that and the info from atpeaz.com. I looks like the different versions are being used by different company names.
More Info for your convincing
This guy has spotted many suspicious parts of the code and explains them well.
WordPress blogs targeted scam