The monetization of phony online gambling networks -- clearly tolerating systematic violation of their TOS -- is continuing with the scammers behind last month's campaign (Don't Play Poker on an Infected Table - Part Two) spamvertising another portfolio of domains using new templates.
It's worth pointing out that the spammers don't just earn revenue every time someone installs the application, but also, every time the, now converted visitor, interacts financially with the service, a monetization approach you'll see in the attached screenshots.
Detection rates for the spamvertised binaries (downloaded from gamez-lux.com and we3tt.com) : StarsVIPCasino_Setup.exe - Result: 14/42 (33.33%); GoldenMummyEN.exe - Result: 9/42 (21.43%); RubyRoyaleEN.exe - Result: 11/42 (26.19%). Sample phone back locations: download.thepalacegroupgaming.com; pcm3.valueactive.eu; rubyfortune.mgsmup.com
Spamvertised domains include:
adrembovesttes.net - Email: pengjiajie222@163.com
bonuscasinoslux.net - Email: fgsdvbbvd@qq.com
bonusgameslux.net - Email: fgsdvbbvd@qq.com
bonusluxcasinos.net - Email: fgsdvbbvd@qq.com
bonusluxplays.net - Email: fgsdvbbvd@qq.com
bonusplayslux.net - Email: fgsdvbbvd@qq.com
casinosbonuslux.net - Email: fgsdvbbvd@qq.com
casinosluxclub.net - Email: fgsdvbbvd@qq.com
casinosluxstar.net - Email: fgsdvbbvd@qq.com
clopelinesutes.net - Email: fgsdvbbvd@qq.com
clubgameslux.net - Email: fgsdvbbvd@qq.com
clubluxgames.net - Email: fgsdvbbvd@qq.com
club-of-lux.net - Email: fgsdvbbvd@qq.com
clubs-play.net - Email: fgsdvbbvd@qq.com
clubvegas-games.net - Email: fgsdvbbvd@qq.com
gameclubviva.net - Email: fgsdvbbvd@qq.com
game-lux-club.net - Email: fgsdvbbvd@qq.com
gamesbonuslux.net - Email: fgsdvbbvd@qq.com
games-gold.net - Email: fgsdvbbvd@qq.com
gameslux.net - Email: fgsdvbbvd@qq.com
gamesstarlux.net - Email: fgsdvbbvd@qq.com
gamevivagold.net - Email: fgsdvbbvd@qq.com
gorxshop.net - Email: sdfxckj@msn.com
hannoweramtes.net - Email: ftyughsere@qq.com
lutiok.net - Email: ftgy23fge@126.com
luxbonusgames.net - Email: fgsdvbbvd@qq.com
luxbonusplays.net - Email: fgsdvbbvd@qq.com
luxcasinosbonus.net - Email: fgsdvbbvd@qq.com
luxclubcasinos.net - Email: fgsdvbbvd@qq.com
luxclubplays.net - Email: fgsdvbbvd@qq.com
luxgamesbonus.net - Email: fgsdvbbvd@qq.com
luxgamesstar.net - Email: fgsdvbbvd@qq.com
luxplaysclub.net - Email: fgsdvbbvd@qq.com
luxplaysstar.net - Email: fgsdvbbvd@qq.com
luxs-games.net - Email: fgsdvbbvd@qq.com
luxstarplays.net - Email: fgsdvbbvd@qq.com
mollehoukutes.net - Email: guoaiwense@163.com
murgadobarotes.net - Email: guoaiwense@163.com
namedosaras.net - Email: ftyughsere@qq.com
pay3500win.net - Email: dfgdvbcv@sina.com
playeuro777.net - Email: fghvvbcfgds@tom.com
playeuro888.net - Email: fghvvbcfgds@tom.com
playglobal777.net - Email: dfhhjg4ee@163.com
playsclublux.net - Email: fgsdvbbvd@qq.com
playsluxclub.net - Email: fgsdvbbvd@qq.com
realcash-mine.net - Email: dfgdvbcv@sina.com
realcash-offer.net - Email: dfgdvbcv@sina.com
realcash-wins.net - Email: dfgdvbcv@sina.com
regal-jackpot.net - Email: dfgdvbcv@sina.com
regalvegas-online.net - Email: dfgdvbcv@sina.com
royalcasino777.net - Email: edwfrsdf@126.com
royalcasino888.net - Email: edwfrsdf@126.com
royalvegas-play.net - Email: dfgdvbcv@sina.com
satregonovates.net - Email: pengjiajie222@163.com
softaserutes.net - Email: ftyughsere@qq.com
softoutnertes.net - Email: ftyughsere@qq.com
softuoplowtes.net - Email: ftyughsere@qq.com
stargameslux.net - Email: ftyughsere@qq.com
starluxcasinos.net - Email: ftyughsere@qq.com
sundowutortes.net - Email: guoaiwense@163.com
vegasclubsgame.net - Email: fgsdvbbvd@qq.com
vegasgamesclub.net - Email: fgsdvbbvd@qq.com
Sample monetization in action:
Phony affiliate networks are reserve the right to forward the responsibility for the malicious activity to participants violating their Terms or Service. A violation that earned both parties significant amounts of money, in between
The "don't play poker on an infected table" series are prone to expand.
Related posts:
Don't Play Poker on an Infected Table - Part Two
Don't Play Poker on an Infected Table
Malware Serving Online Casinos
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Tuesday, March 09, 2010
Don't Play Poker on an Infected Table - Part Three
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment