It's 2010 and I've recently stumbled upon yet another diverse portfolio of blackhat SEO domains this time serving rogue security software also known as scareware to unsuspecting users with the cybercriminals behind the campaign successfully earning fraudulent revenue in the process of monetizing access to malware-infected hosts largely relying on the utilization of an affiliate-network based type of revenue sharing scheme.
In this post I'll profile the infrastructure behind the campaign and provide actionable intelligence on the infrastructure behind it.
Related malicious domains known to have participated in the campaign:
hxxp://arnalduatis.com
hxxp://batistaluciano.com
hxxp://bethemedia.net
hxxp://bride-beautiful.com
hxxp://burgessandsons.com
hxxp://carolinacane.com
hxxp://caulfieldband.com
hxxp://improvenewark.com
hxxp://marsmellow.info
hxxp://noodlesonline.com
hxxp://queenslumber.com
hxxp://thesolidwoodflooringcompany.com
hxxp://wirelessexpertise.com
hxxp://bigbangexpress.com
hxxp://bioresonantie.net
hxxp://clubipg.com
hxxp://djdior.com
hxxp://djektoyz.com
hxxp://getraenkepool.com
hxxp://hartmanpescar.com
hxxp://hetkaashuis.com
hxxp://menno.info
hxxp://pianoaccompanistcompetition.com
hxxp://soundwitness.org
hxxp:/strijkvrij.com
Sunday, October 21, 2018
Historical OSINT - Yet Another Massive Blackhat SEO Campaign Spotted in the Wild
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com