Tuesday, February 15, 2011

A Diverse Portfolio of Fake Security Software - Part Twenty Five


Scarewere continues occupying the top spots for malicious monetization tactics courtesy of the cybercrime ecosystem. Disruption of this monetization chain can take place through multiple processes. For instance:
  • Share data with the affected ISP whose customers participate in the black hat SEO campaign
  • Target the payment processing gateways, or inform the legitimate one
  • Target the the redirector URLs of the campaign
  • Target the affiliate network itself
  • Target the "final output" in the form of scareware domains
In this we'll expose a portfolio of scaware domains, and will target the "final output" of the campaign, in between sharing data with community members. As always, what originally looks like a low profile campaign, always turns into a piece of puzzle from the massive blackhat SEO "picture".

- Detecrion rate for systemwrecksavertingsystem.com /scan1/92/freesystemscan.exe
freesystemscan.exe - Trojan.Win32.FakeAV
Result: 17/ 43 (39.5%)
MD5   : a69a7f1992ed4607ac0a163d66984f56
SHA1  : ef089f92881ff6835b76562febdcbc3328340adb
SHA256: 993026853e2bbc8846dbda5a90c4f06a9a18b83c9f97fe7b1557b03975ebeaff

- Detection rate for pornhugevideo.com /video3/88/freevideoplugin.exe
freevideoplugin.exe -  Rogue:Win32/FakePAV
Result: 4/ 42 (9.5%)
MD5   : 8a688d6ebb838f66f16720f4066cf6c6
SHA1  : 845e43ad946048346b3d9150ae41fd8f7766ac53
SHA256: db6e3e7a72305d8b36861ed90753555d519bdca5a36aa0581ed363ac264cfbce

Responding to 94.23.105.248 (AS16276): One active ZeuS C&C within the AS monasteriodeboltana.es
accidentspreventingcenter.com - Email: contact@privacyprotect.org
antibreakingsystem.com - Email: contact@privacyprotect.org
antivirusesshield.com - Email: contact@privacyprotect.org
bigvideocams.com - Email: contact@privacyprotect.org
componentsprotector.com - Email: contact@privacyprotect.org
hugebigpornmovie.com - Email: contact@privacyprotect.org
hugebigred.com - Email: contact@privacyprotect.org
hugemoviecams.com - Email: contact@privacyprotect.org
pcactivitydebugger.com - Email: contact@privacyprotect.org
pcautomaticproblemssolver.com - Email: contact@privacyprotect.org
pccustodianutility.com - Email: contact@privacyprotect.org
pcinspectionutility.com - Email: contact@privacyprotect.org
pcprecautionscenter.com - Email: contact@privacyprotect.org
pcprotectionservant.com - Email: contact@privacyprotect.org
pcriskspreventionscenter.com - Email: contact@privacyprotect.org
pcstabilitymaximizer.com - Email: contact@privacyprotect.org
pctroublessolver.com - Email: contact@privacyprotect.org
pcwardingsystem.com - Email: contact@privacyprotect.org
pornhugevideo.com - Email: contact@privacyprotect.org
systemanticrashesutility.com - Email: contact@privacyprotect.org
systemattentionutility.com - Email: contact@privacyprotect.org
systemshieldingutility.com - Email: contact@privacyprotect.org
systemsupervisioncenter.com - Email: contact@privacyprotect.org
systemtasksoptimizer.com - Email: contact@privacyprotect.org
systemwrecksavertingsystem.com - Email: contact@privacyprotect.org
taskstweakingutility.com - Email: contact@privacyprotect.org
tubemovievideo.com - Email: contact@privacyprotect.org


Responding to 76.76.117.101 (AS21793); 78.46.105.205 (AS24940); 207.58.177.96 (AS25847) and 64.64.3.125 (AS25847)
212156dnfgdn.co.cc - Email: audiodius@hotmail.com
32fdsg3gsg.vv.cc
androlhala.cz.cc
bdfnfebne3nf.vv.cc
bfbf3bfb.vv.cc
cebandis.cz.cc
centrihelm.cz.cc
drelagda.vv.cc
f23f21fafae.vv.cc
fdf2fafaf.vv.cc
gdezdeskto.co.cc
gdsg342gsgs.vv.cc
gewheheh4.co.cc - Email: audiodius@hotmail.com
gfsdg4gs.co.cc - Email: audiodius@hotmail.com
graninis.cz.cc
gsdg24gshgr.vv.cc
gsdg43hsweh.co.cc - Email: audiodius@hotmail.com
gsegf3gstg3g.vv.cc
gsg3gsdgseg.co.cc - Email: audiodius@hotmail.com
gsgsv2vds.vv.cc
gsgwegweg23g.vv.cc
hdfg43hshf.co.cc - Email: audiodius@hotmail.com
hdfh34hdrfhf.co.cc - Email: audiodius@hotmail.com
hdhfdhdfhdfhdfh.vv.cc
hfehe3hdfhf.co.cc - Email: audiodius@hotmail.com
hh3hfdnfdh.co.cc - Email: audiodius@hotmail.com
hndfdfnfdnxdnf.vv.cc
ht4hdfgjcjgt.vv.cc
hu587tiugi.vv.cc
malakelv.cz.cc
maridora.vv.cc
morlunaya.vv.cc
nvmtymvm.vv.cc
oghmalak.vv.cc
oijqujnnnsu1.co.cc - Email: audiodius@hotmail.com
shalillador.cz.cc
vsegwgewg.vv.cc
wefge3g1tg1g.vv.cc
yeryeshsdhdhjfdhj.vv.cc

This post has been reproduced from Dancho Danchev's blog.

Related posts on scareware and blackhat SEO monetization:
A Diverse Portfolio of Scareware/Blackhat SEO Redirectors Courtesy of the Koobface Gang
Dissecting a Scareware-Serving Black Hat SEO Campaign Using Compromised .NL/.CH Sites
Dissecting the 100,000+ Scareware Serving Fake YouTube Pages Campaign
Dissecting the Ongoing U.S Federal Forms Themed Blackhat SEO Campaign - Part Two
Blackhat SEO Campaign Hijacks U.S Federal Form Keywords, Serves Scareware
U.S Federal Forms Blackhat SEO Themed Scareware Campaign Expanding
Dissecting the Ongoing U.S Federal Forms Themed Blackhat SEO Campaign
The ultimate guide to scareware protection
A Diverse Portfolio of Scareware/Blackhat SEO Redirectors Courtesy of the Koobface Gang
Massive Scareware Serving Blackhat SEO, the Koobface Gang Style
A Peek Inside the Managed Blackhat SEO Ecosystem
Dissecting a Swine Flu Black SEO Campaign
Massive Blackhat SEO Campaign Serving Scareware
From Ukrainian Blackhat SEO Gang With Love
From Ukrainian Blackhat SEO Gang With Love - Part Two
From Ukraine with Scareware Serving Tweets, Bogus LinkedIn/Scribd Accounts, and Blackhat SEO Farms
From Ukraine with Bogus Twitter, LinkedIn and Scribd Accounts
Fake Web Hosting Provider - Front-end to Scareware Blackhat SEO Campaign at Blogspot 

The Ultimate Guide to Scareware Protection
A Diverse Portfolio of Fake Security Software - Part Twenty Four
A Diverse Portfolio of Fake Security Software - Part Twenty Three
A Diverse Portfolio of Fake Security Software - Part Twenty Two
A Diverse Portfolio of Fake Security Software - Part Twenty One
A Diverse Portfolio of Fake Security Software - Part Twenty
A Diverse Portfolio of Fake Security Software - Part Nineteen
A Diverse Portfolio of Fake Security Software - Part Eighteen
A Diverse Portfolio of Fake Security Software - Part Seventeen
A Diverse Portfolio of Fake Security Software - Part Sixteen
A Diverse Portfolio of Fake Security Software - Part Fifteen
A Diverse Portfolio of Fake Security Software - Part Fourteen
A Diverse Portfolio of Fake Security Software - Part Thirteen
A Diverse Portfolio of Fake Security Software - Part Twelve
A Diverse Portfolio of Fake Security Software - Part Eleven
A Diverse Portfolio of Fake Security Software - Part Ten
A Diverse Portfolio of Fake Security Software - Part Nine
A Diverse Portfolio of Fake Security Software - Part Eight
A Diverse Portfolio of Fake Security Software - Part Seven
A Diverse Portfolio of Fake Security Software - Part Six
A Diverse Portfolio of Fake Security Software - Part Five
A Diverse Portfolio of Fake Security Software - Part Four
A Diverse Portfolio of Fake Security Software - Part Three
A Diverse Portfolio of Fake Security Software - Part Two
Diverse Portfolio of Fake Security Software
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)