Historical OSINT - Massive Blackhat SEO Campaign Spotted in the Wild Drops Scareware
It's 2010 and I've recently intercepted a currently active malicious and fraudulent blakchat SEO campaign successfully enticing users into interacting with rogue and fraudulent scareware-serving malicious and fraudulent campaigns.
In this post I'll profile the infrastructure behind the campaign and provide actionable intelligence on the infrastructure behind it.
Sample URL redirection chain:
hxxp://noticexsummary.com/re.php?lnk=1203597664 - 87.255.55.231
- hxxp://new-pdf-reader.com/1/promo/index.asp?aff=11677 - 66.207.172.196
= hxxps://secure-signupway.com/promo/join.aspx?siteid=3388
Related malicious domains known to have participated in the campaign:
hxxp://noticexsummary.com/
Related malicious domains known to have participated in the campaign:
hxxp://online-tv-on-your-pc.com/p2/index.asp?aff=11680&camp=unsub
We'll continue monitoring the campaign and post updates as soon as new developments take place.
In this post I'll profile the infrastructure behind the campaign and provide actionable intelligence on the infrastructure behind it.
Sample URL redirection chain:
hxxp://noticexsummary.com/re.php?lnk=1203597664 - 87.255.55.231
- hxxp://new-pdf-reader.com/1/promo/index.asp?aff=11677 - 66.207.172.196
= hxxps://secure-signupway.com/promo/join.aspx?siteid=3388
Related malicious domains known to have participated in the campaign:
hxxp://noticexsummary.com/
Related malicious domains known to have participated in the campaign:
hxxp://online-tv-on-your-pc.com/p2/index.asp?aff=11680&camp=unsub
We'll continue monitoring the campaign and post updates as soon as new developments take place.
About the author
Donec non enim in turpis pulvinar facilisis. Ut felis. Praesent dapibus, neque id cursus faucibus. Aenean fermentum, eget tincidunt.
