Perhaps I should say an example of a 50/50 black hat SEO, as Google's not listing the first, but has already crawled the second -cashhomes.info/content ; mydream-condos.info/content. While assesing the first link farm I found out that on average, 263 pages have exactly 6411 outside links in them, 24.3 links per page. Pretty much the same case with the second one. Owning hundreds of domains like these and feeding them with garbage content in between syndicating ads can undermine a search engine's credibility if the black hat SEO operation starts appearing at the top results, and as we've already seen, both black hat SEO and paid keywords advertising can lead to malware embedded sites.
Wednesday, September 05, 2007
Examples of Search Engine Spam
Perhaps I should say an example of a 50/50 black hat SEO, as Google's not listing the first, but has already crawled the second -cashhomes.info/content ; mydream-condos.info/content. While assesing the first link farm I found out that on average, 263 pages have exactly 6411 outside links in them, 24.3 links per page. Pretty much the same case with the second one. Owning hundreds of domains like these and feeding them with garbage content in between syndicating ads can undermine a search engine's credibility if the black hat SEO operation starts appearing at the top results, and as we've already seen, both black hat SEO and paid keywords advertising can lead to malware embedded sites.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Storm Worm's Fast Flux Networks
Following my previous posts on "Storm Worm Malware Back in the Game" and "Storm Worm's use of Dropped Domains", here are some handy graphs of Storm Worm's use of fast-flux networks generated during the last several hours, acting as great examples of how diverse malware C&C has become.- bnably.com
Domain servers in listed order:
ns13.bnably.com
ns12.bnably.com
ns11.bnably.com
ns10.bnably.com
ns9.bnably.com
ns11.bnably.com
ns10.bnably.com
ns9.bnably.com
ns8.bnably.com
ns7.bnably.com
ns6.bnably.com
ns5.bnably.com
ns5.bnably.com
ns4.bnably.com
ns3.bnably.com
ns2.bnably.com
- wxtaste.comDomain servers in listed order:
ns13.wxtaste.com
ns12.wxtaste.com
ns11.wxtaste.com
ns10.wxtaste.com
ns9.wxtaste.com
ns8.wxtaste.com
ns8.wxtaste.com
ns7.wxtaste.com
ns6.wxtaste.com
ns5.wxtaste.com
ns4.wxtaste.com
ns4.wxtaste.com
ns3.wxtaste.com
ns2.wxtaste.com
- snbane.comDomain servers in listed order:
ns13.snbane.com
ns12.snbane.com
ns11.snbane.com
ns10.snbane.com
ns9.snbane.com
ns8.snbane.com
ns7.snbane.com
ns6.snbane.com
ns5.snbane.com
ns4.snbane.com
ns3.snbane.com
ns2.snbane.com
ns2.snbane.com
- tibeam.comDomain servers in listed order:
ns13.tibeam.com
ns12.tibeam.com
ns11.tibeam.com
ns10.tibeam.com
ns9.tibeam.com
ns8.tibeam.com
ns7.tibeam.com
ns6.tibeam.com
ns5.tibeam.com
ns4.tibeam.com
ns4.tibeam.com
ns3.tibeam.com
ns2.tibeam.com
- eqcorn.comDomain servers in listed order:
ns10.eqcorn.com
ns11.eqcorn.com
ns12.eqcorn.com
ns13.eqcorn.com
ns2.eqcorn.com
ns3.eqcorn.com
ns4.eqcorn.com
ns5.eqcorn.com
ns6.eqcorn.com
ns7.eqcorn.com
ns8.eqcorn.com
ns9.eqcorn.com
The Honeynet Project & Research Alliance defines a fast-flux network as :
"Fast-flux service networks are a network of compromised computer systems with public DNS records that are constantly changing, in some cases every few minutes. These constantly changing architectures make it much more difficult to track down criminal activities and shut down their operations."
In Storm Worm's case, we have an example of fast-fluxing dropped domains, and if you research a little further, you'll see that newly infected Storm Worm hosts shown in this particular moment of the fast-flux are already sending out spam.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Posts (Atom)