Sunday, September 30, 2007

Don't Play Poker on an Infected Table

The scammy Euro VIP Casino is making another round this afternoon and trying to entice the spammed European users into downloading its software by promising $400 as a welcome bonus. Needless to say you ought to ignore it. Here's a full list of the typosquatted domains serving the scams.

Detection rate : Result: 11/32 (34.38%)
File size: 461341 bytes
MD5: e68763c16f31de340681b2c7c7eb6b0e
SHA1: 6174960cf5a6c503b97c9160f5e6a5babfef96e9

Online gambling is a buzz Internet activity allowing malicious parties to enjoy the "pull effect" by end users who themselves look for and download such applications. In this spamming campaign, however, we have a combination of a "push" approach, segmentation targeting European users, social engineering in the form of a promotion, and typosquatting. The first campaign (SetupCasino.exe) is currently hosted in China (116.199.136.29) on a host managing a second online gambling scam campaign impersonating Golden Gate Casino (SmartDownload.exe) under the following domains topgamecasino.net; superroyalcasino.com; nlymycasino.cn; lookforcasino.cn