May 22, 2012Dancho Danchev By Dancho Danchev

Spamvertised bogus online casino themed emails serving adware

Cybercriminals are currently spamvertising online casino themed emails, which ultimately redirect users to a bogus casino site offering an executable download. Upon deeper examination, it appears that the download is actually adware.

More details:

Spamvertised URL, including affiliate ID: hxxp:// – currently responding to;

Detection rate for GrandParker.exe: MD5: 7bec7eb7f891c1c894536c10fe53c34d, Detected by 6 out of 42 antivirus scanners as GAME/Casino.Gen2; W32/CasOnline; W32/Casino.HNY

Upon execution it  phones back to the following URL in order to download  the setup file:

Detection rate for Grand_Parket_Casino.msi: MD5: e5fa6bc94ee9a5becfd6d5d1cb8f1147, Detected by 1 out of 41 antivirus scanners as PUA.Packed.PECompact-1

The cybercriminals behind the spamvertised campaign are earning revenue through the Hastings International B.V. distributor of RealTime Gaming software.

Webroot SecureAnywhere customers are proactively protected from this threat.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

4 Responses to Spamvertised bogus online casino themed emails serving adware

  1. Pingback: Pop-ups at popular torrent trackers serving W32/Casonline adware « Webroot Threat Blog

  2. Pingback: Spamvertised ‘Your order confirmation’ emails serving client-side exploits and malware « Webroot Threat Blog

  3. Pingback: Millions of spamvertised emails lead to W32/Casonline « Webroot Threat Blog

Leave a Reply

Your email address will not be published. Required fields are marked *