Malicious Blackhat SEO Campaign Serving Scareware To Socially Engineered Users Discovered

Security experts says that they recently intercepted an active malicious blackhat SEO campaign that is serving scareware to socially engineered users.

According to the report by Dancho Danchev, the actors behind this have been earning huge revenues by relying on its utilization by an affiliate-network based revenue-sharing scheme.

Here is one of the known malicious domains known to have participated in the campaign:
[code]hxxp://doremisan7.net?uid=213&pid=3&ttl=319455a3f86 with an IP address: 67.215.238.189[/code]

Here is a known malicious redirector known to have participated in the campaign:

[code]hxxp://marketcoms.cn/?pid=123&sid=8ec7ca&uid=213&isRedirected=1 with an IP address: 91.205.40.5 and Email: JeremyLRademacher[at]live.com[/code]

Here are related malicious domains known to have been parked within the same malicious IP (91.205.40.5):

And here are known malicious domains that participated in the campaign:

[code]hxxp://guard-syszone.net/?p=WKmimHVmaWyHjsbIo22EeXZe0KCfZlbVoKDb2YmHWJjOxaCbkX1%2Bal6orKWeYJWfZW
VilWWenGOIo6THodjXoGJdpqmikpVuaGVvZG1kbV%2FEkKE%3D: 206.53.61.73<[/code] [code]hxxp://yourspywarescan15.com/scan1/?pid=123&engine=pXT3wjTuNjYzLjE3Ny4xNTMmdGltZT0xMjUxMYkNPAFO: 85.12.24.12[/code]

Black hat SEO (see some of the list here) refers to a set of disapproved practices that are used to increases a site or page’s rank in search engines through means that violate the search engines’ terms of service.

Some of these includes:

Link you might find useful:

  1. Phishing | What Is Phishing?
  2. How to Protect Your Website from Negative SEO
  3. How To Detect (And Deflect) Negative SEO
  4. Operation: Finding & Removing Unnatural Links After Google Site Penalty or Manual Action

Leave a Reply