Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude

Sunday, October 21, 2018

Historical OSINT - Massive Blackhat SEO Campaign Spotted in the Wild Drops Scareware

It's 2010 and I've recently intercepted a currently active malicious and fraudulent blakchat SEO campaign successfully enticing users into interacting with rogue and fraudulent scareware-serving malicious and fraudulent campaigns.

In this post I'll profile the infrastructure behind the campaign and provide actionable intelligence on the infrastructure behind it.

Sample URL redirection chain:
hxxp://noticexsummary.com/re.php?lnk=1203597664 - 87.255.55.231
- hxxp://new-pdf-reader.com/1/promo/index.asp?aff=11677 - 66.207.172.196
= hxxps://secure-signupway.com/promo/join.aspx?siteid=3388

Related malicious domains known to have participated in the campaign:
hxxp://noticexsummary.com/

Related malicious domains known to have participated in the campaign:
hxxp://online-tv-on-your-pc.com/p2/index.asp?aff=11680&camp=unsub

We'll continue monitoring the campaign and post updates as soon as new developments take place.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com