In this post I'll profile a currently circulating circa 2008 malicious and fraudulent scareware-serving campaign successfully enticing users into interacting with rogue and fraudulent fake security software with the cybercriminals behind the campaign successfully earning fraudulent revenue in the process of monetizing access to malware-infected hosts largely relying on the utilization of an affiliate-network based type of revenue-sharing scheme.
Related malicious domains known to have participated in the campaign:
hxxp://globals-advers.com
hxxp://alldiskscheck300.com
hxxp://multisearch1.com
hxxp://myfreespace3.com
hxxp://hottystars.com
hxxp://multilang1.com
hxxp://3gigabytes.com
hxxp://drivemedirect.com
hxxp://globala2.com/soft.php
hxxp://teledisons.com
hxxp://theworldnews5.com
hxxp://virtualblog5.com
hxxp://grander5.com
hxxp://5starsblog.com
hxxp://globalreds.com
hxxp://global-advers.com
hxxp://ratemyblog1.com
hxxp://greatvideo3.com
hxxp://beginner2009.com
hxxp://fastwebway.com
hxxp://blazervips.com
hxxp://begin2009.com
hxxp://megatradetds0.com
hxxp://securedonlinewebspace.com
hxxp://proweb-info.com
hxxp://security-www-clicks.com
hxxp://updatedownloadlists.com
hxxp://styleonlyclicks.cn
hxxp://informationgohere.com
hxxp://world-click-service.com
hxxp://secutitypowerclicks.cn
hxxp://securedclickuser.cn
hxxp://slickoverview.com
hxxp://viewyourclicks.com
hxxp://clickwww2.com
hxxp://clickadsystem.com
hxxp://becomepoweruser.cn
hxxp://clickoverridesystem.cn
Related malicious domains known to have participated in the campaign:
hxxp://protecteduser.cn
hxxp://internetprotectedweb.com
hxxp://clicksadssystems.com
hxxp://whereismyclick.cn/
hxxp://trustourclicks.cn
hxxp://goldenstarclick.cn
hxxp://defendedsystemuser.cn
Related malicious domains known to have participated in the campaign:
hxxp://drivemedirect.com
hxxp://virtualblog5.com
hxxp://fastwebway.com
We'll continue monitoring the campaign and post updates as soon as new developments take place.