Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Historical OSINT - Malware Domains Impersonating Google

Published by Dancho Danchev under , , , , , , , on October 20, 2018
It''s 2008 and I've recently stumbled upon a currently active typosquatted portfolio of malware-serving domains successfully impersonating Google further spreading malicious software to hundreds of thousands of unsuspecting users.

In this post I'll provide actionable intelligence on the infrastructure behind the campaign.

Related malicious domains known to have participated in the campaign:
hxxp://google-analyse.com/in.cgi?default
hxxp://google-analystic.com/in.cgi
hxxp://google-analysis.com/cgi-bin/nsp15/in.cgi?p=in
hxxp://google-analystic.net
hxxp://google-counter.com/cgi-bin/nsp1?p=in
hxxp://googlerank.info/counter/
hxxp://googlehlp.com
hxxp://pagead2.googlesynidication.com
hxxp://service-google.cn
hxxp://1.ie-google.cn
hxxp://analystic.cn/in.cgi?default
hxxp://255-google-video.info

We'll continue monitoring the campaign and post updates as soon as new developments take place.