Friday, October 03, 2008

Syndicating Google Trends Keywords for Blackhat SEO

Several hundred Windows Live Spaces and AOL Journals, are currently syndicating the most popular keywords provided by Google Trends, and are consequently hijacking the top search queries exposing users to Zlob codecs.

Here are some same bogus blogs used in the campaign, naturally pre-registered long before they executed it :

vinniedigg18 .com/iolatour16
monikavideo11 .com/shelvakill27
ivahnet19 .com/louisathere13
valericatch03 .com/iolatour16
hadleycue01 .com/staceyliving01
collettebreak17 .com/nataliablog16

A comprehensive listing of the blogs involved can be downloaded here.

What do all of these bogus blogs have in common? The fact that they are all being abused by a single malware campaign, and the Keep it Simple Stupid mentality only a lazy malware campaigner can take advantage of. All of the blogs as using a central redirection domain, shutting it down or blocking it renders the number of bogus blogs is circulation irrelevant. In this case, the domain in question is (

Here are the the rest of the domains participating in the campaign, as well as the parked ones at the corresponding IPs :

video.xmancer .org (
buynowbe .com
loveniche .com
antivirus-freecheck .com
jetelephone .cn
reducki .cn
woteenhas .cn
lilaloft .cn

clipztimes .com (
imagelized .com
vidzdaily .com

gotmovz .com (
dwnld-clips .com

movwmstream .com (
newwmpupdate .com
zaeplugin .com
movaccelerator .com
optimwares .com
piterserv .com

moviesportal2008p .com (
movieportal2008a .com
funnyportal2008l .com
starsportal2008p .com
softportal2008p .com
movieportal2008q .com

In short, despite that the campaign is poised to attract generic search traffic, it's a self-exposing blackhat SEO campaign since each and every blog participating is also linking to the rest of the ones within the ecosystem.

Related posts:
Blackhat SEO Redirects to Malware and Rogue Software
Blackhat SEO Campaign at The Millennium Challenge Corporation
Massive IFRAME SEO Poisoning Attack Continuing
Massive Blackhat SEO Targeting Blogspot
The Invisible Blackhat SEO Campaign
Attack of the SEO Bots on the .EDU Domain - The Ongoing Blackhat SEO Operation
The Continuing .Gov Blackat SEO Campaign
The Continuing .Gov Blackhat SEO Campaign - Part Two
Compromised Sites Serving Malware and Spam