Security experts says that they recently intercepted an active malicious blackhat SEO campaign that is serving scareware to socially engineered users.
According to the report by Dancho Danchev, the actors behind this have been earning huge revenues by relying on its utilization by an affiliate-network based revenue-sharing scheme.
Here is one of the known malicious domains known to have participated in the campaign:
[code]hxxp://doremisan7.net?uid=213&pid=3&ttl=319455a3f86 with an IP address: 22.214.171.124[/code]
Here is a known malicious redirector known to have participated in the campaign:
[code]hxxp://marketcoms.cn/?pid=123&sid=8ec7ca&uid=213&isRedirected=1 with an IP address: 126.96.36.199 and Email: JeremyLRademacher[at]live.com[/code]
Here are related malicious domains known to have been parked within the same malicious IP (188.8.131.52):
And here are known malicious domains that participated in the campaign:
VilWWenGOIo6THodjXoGJdpqmikpVuaGVvZG1kbV%2FEkKE%3D: 184.108.40.206<[/code] [code]hxxp://yourspywarescan15.com/scan1/?pid=123&engine=pXT3wjTuNjYzLjE3Ny4xNTMmdGltZT0xMjUxMYkNPAFO: 220.127.116.11[/code]
Black hat SEO (see some of the list here) refers to a set of disapproved practices that are used to increases a site or page’s rank in search engines through means that violate the search engines’ terms of service.
Some of these includes:
- automatic blogging, autoblogging, splogging and scraping
- doorway page
- hidden text and links
- keyword stuffing
- reporting a competitor (or Negative SEO)
- sneaky redirects
- link schemes
- automatic rewriting
- link farm
- intentional duplicate content
- phishing, viruses, trojans, and other malware
Link you might find useful: