Thursday, May 14, 2009

A Diverse Portfolio of Fake Security Software - Part Twenty

Has the cloudy economic climate hit the scareware business model, the single most efficient and high-liquidity monetization practice that's driving the majority of blackhat SEO and malware attacks?  The affiliate networks are either experiencing a slow Q2, or are basically experimenting with profit optimization strategies.

Following the "aggressive" piece of scareware with elements of ransomware discovered in March, a new version of the rogue security software is once again holding an infected system's assets hostage until a license is purchased.

This tactic is however a great example of the dynamics of underground ecosystem (The Dynamics of the Malware Industry - Proprietary Malware Tools; The Underground Economy's Supply of Goods; 76Service - Cybercrime as a Service Going Mainstream; Zeus Crimeware as a Service Going Mainstream; Will Code Malware for Financial Incentives; The Cost of Anonymizing a Cybercriminal's Internet Activities - Part Two; Using Market Forces to Disrupt Botnets; E-crime and Socioeconomic Factors; Price Discrimination in the Market for Stolen Credit Cards; Are Stolen Credit Card Details Getting Cheaper?).

Despite the fact that it's the network of cybercriminals that pays and motivates other cybercriminals to SQL inject legitimate sites, send spam, embedd malicious code through compromised accounts and launch blackhat SEO campaigns, it cannot exist without the traffic that they provide, and is therefore competing with other affiliate networks for it.

For your blacklisting, case-building and cross-checking pleasure, currently active blackhat SEO and Koobface campaigns monetize the traffic through the following rogue domains:

yourpcshield .com (209.44.126.14) - AS10929 NETELLIGENT Hosting Services Inc. Email: bershkapull@gmail.com
virustopshield .com
totalvirushield .com
pcguardscan .com
topwinsystemscan .com
basevirusscan .com
systemvirusscan .com
bastvirusscan .com
myfirstsecurityscan .com
fastviruscleaner .com
allvirusscannow .com


freeforscanpc .com (209.44.126.241) - AS10929 NETELLIGENT Hosting Services Inc.
truevirusshield .com
totalvirusshield .com
hypersecurityshield .com
scanyourpconline .com
allowedwebsurfing .com
xvirusdescan .com
securitytrustscan .com
fullsecurityaction .com
fullvirusprotection .com
fullsecuritydefender .com
hupersecuritydot .com
trustedwebsecurity .com
greatscansecurity .com
updateyoursecurity .com
 

antimalware-scannerv2 .com (78.46.88.202) - AS16265 LeaseWeb AS Amsterdam, Netherlands Email: basni@lewispr.com
onlinevirusbusterv2 .com
xpvirusprotection2009 .com
total-malwareprotection .com
total-virusprotection .com
xpvirusprotection .com
bestbillingpro .com
truconv .com


safeinternettoolv1 .com (212.117.165.126; 38.99.170.9; 69.4.230.204; 78.47.91.153) - AS36351 SOFTLAYER Technologies Inc; AS24940 HETZNER-AS Hetzner Online AG RZ-Nuernberg; AS44042 ROOT-AS root eSolutions; AS174 COGENT /PSI Email: info@dmf.com.tr
antivirusquickscanv1 .com
computerscanv1 .com
antivirusbestscannerv1 .com
antiviruslivescanv3 .com
proantivirusscanv3 .com
fullantispywarescan .com
webscannertools .com
approved-payments .com


ms-scan .org (84.19.184.160) - AS31103 KEYWEB-AS Keyweb AG, Email: strider.glider@gmail.com
system-protector .org
system-protector .net
av-lookup .com
ms-scan .info
srv-scan .us
ms-scan .net
ms-scan .biz
srv-scan .biz


bitcoreguard .net (72.232.187.197) AS22576 LAYEREDTECH Layered Technologies, Email: cbristed1996@gmail.com
bitcoreguard .com

coreguard2009 .com (78.46.151.181) - AS24940 HETZNER-AS Hetzner Online AG RZ-Nuernberg Email: iversbradly72@gmail.com
coreguard2009 .biz
coreguard2009 .net


coreguardlab2009 .biz (95.211.14.161) - AS16265 LeaseWeb AS Amsterdam, Netherlands, Email: stivpanama@gmail.com
coreguardlab2009 .net
coreguardlab2009 .com


guardlab .com (72.232.187.198) - AS22576 LAYEREDTECH Layered Technologies Email: alexvasiliev1987@cocainmail.com
guardav .com

guardlab2009 .biz (76.76.103.164) - AS21548 MTO Telecom Inc. Email: stivpanama@gmail.com
guardlab2009 .net
guardlab2009 .com


Related posts:
Dissecting a Swine Flu Black SEO Campaign
Massive Blackhat SEO Campaign Serving Scareware
A Diverse Portfolio of Fake Security Software - Part Nineteen
A Diverse Portfolio of Fake Security Software - Part Eighteen
A Diverse Portfolio of Fake Security Software - Part Seventeen
A Diverse Portfolio of Fake Security Software - Part Sixteen
A Diverse Portfolio of Fake Security Software - Part Fifteen
A Diverse Portfolio of Fake Security Software - Part Fourteen
A Diverse Portfolio of Fake Security Software - Part Thirteen
A Diverse Portfolio of Fake Security Software - Part Twelve
A Diverse Portfolio of Fake Security Software - Part Eleven
A Diverse Portfolio of Fake Security Software - Part Ten
A Diverse Portfolio of Fake Security Software - Part Nine
A Diverse Portfolio of Fake Security Software - Part Eight
A Diverse Portfolio of Fake Security Software - Part Seven
A Diverse Portfolio of Fake Security Software - Part Six
A Diverse Portfolio of Fake Security Software - Part Five
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Diverse Portfolio of Fake Security Software

No comments:

Post a Comment