Scareware Campaign Using Google Sponsored Links

Wednesday, November 18, 2009

Scareware Campaign Using Google Sponsored Links

A scareware campaign is currently using Google sponsored ads, and by hijacking a decent number of well positioned keywords, is attempting to trick visitors into installing scareware featuring several new templates. This is, of course, not the first and definitely not the last time scareware campaigners are using highly targeted legitimate networks in order to reach potential audience by making an investment into the traffic acquisition practice.

However, compared to the "long tail centered" blackhat SEO, the use of legitimate ad networks would never reach a positive ROI, like the one achieved by dynamic syndication of legitimate content and monetizing it through scareware.

Scareware domains seen in circulation:
adwarealert .com - 75.125.200.226
adware-pro-2009 .com - 209.216.193.113
adwareprosite .com - 188.121.46.1 - Email: pedrocanas75@gmail.com
adwarepro-site .com - 209.216.193.101 - Email: pedrocanas75@gmail.com
antimalwarenow .com - 173.201.0.128
anti-malware-pro .org - 209.216.193.103 - Email: pedrocanas75@gmail.com

antimalware-software .com - 209.216.193.11
antimalware-software .org - 209.216.193.106 - Email: pedrocanas75@gmail.com
get-spyware-destroyer .com - 63.243.188.37 - Email: admin@upclick.com
macrovirus .com - 75.125.152.58
malwareprofessional .com - 74.205.8.6

theantimalware .com - 173.201.0.12
adware-pro-live .com - 209.216.193.9
antivirus-live-pro .com - 209.216.193.9
antivirus-live-pro .org
antivirus-live-software .com
antivirus-pro-live .com
antiviruspro-live .com

Sample detection rates: anti-malware-application.exe; malware_professional.exe; macro_virus.exe; antimalware_pro.exe; spyware_destroyer.exe; AdwarePro_Setup.exe; AdwarePro_Setup06.exe; AdwarePro_Setup2305.exe.

Consider going through the The Ultimate Guide to Scareware Protection detailing alternative traffic acquisition approaches used by scareware campaigners, as well as the related posts dissecting recent blackhat SEO campaigns.

Related posts:
Massive Scareware Serving Blackhat SEO, the Koobface Gang Style
Dissecting the Ongoing U.S Federal Forms Themed Blackhat SEO Campaign
U.S Federal Forms Blackhat SEO Themed Scareware Campaign Expanding
Blackhat SEO Campaign Hijacks U.S Federal Form Keywords, Serves Scareware
A Peek Inside the Managed Blackhat SEO Ecosystem
Dissecting a Swine Flu Black SEO Campaign
Massive Blackhat SEO Campaign Serving Scareware
From Ukrainian Blackhat SEO Gang With Love
From Ukrainian Blackhat SEO Gang With Love - Part Two
From Ukraine with Scareware Serving Tweets, Bogus LinkedIn/Scribd Accounts, and Blackhat SEO Farms
Fake Web Hosting Provider - Front-end to Scareware Blackhat SEO Campaign at Blogspot

This post has been reproduced from Dancho Danchev's blog.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Wednesday, November 18, 2009

Scareware Campaign Using Google Sponsored Links

No comments:

Post a Comment