It's 2010 and I've recently intercepted a currently active malicious and fraudulent blakchat SEO campaign successfully enticing users into interacting with rogue and fraudulent scareware-serving malicious and fraudulent campaigns.
In this post I'll profile the infrastructure behind the campaign and provide actionable intelligence on the infrastructure behind it.
Sample URL redirection chain:
hxxp://noticexsummary.com/re.php?lnk=1203597664 - 87.255.55.231
- hxxp://new-pdf-reader.com/1/promo/index.asp?aff=11677 - 66.207.172.196
= hxxps://secure-signupway.com/promo/join.aspx?siteid=3388
Related malicious domains known to have participated in the campaign:
hxxp://noticexsummary.com/
Related malicious domains known to have participated in the campaign:
hxxp://online-tv-on-your-pc.com/p2/index.asp?aff=11680&camp=unsub
We'll continue monitoring the campaign and post updates as soon as new developments take place.
Sunday, October 21, 2018
Historical OSINT - Massive Blackhat SEO Campaign Spotted in the Wild Drops Scareware
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com