Spamvertised bogus online casino themed emails serving W32/Casonline

by

Share this news now.

Cybercriminals are currently spamvertising hundreds of thousands of emails enticing end and corporate users into clicking on links leading to bogus online casinos requiring the installation of an executable file.

This is the second bogus casino themed campaign I’ve intercepted in recent months, and the third time when I profile the distribution and infection vectors of W32/Casonline.

More details:

Screenshot of a spamvertised bogus online casino site:

Second screenshot of a spamvertised bogus online casino site:

Third screenshot of a spamvertised bogus online casino site:

Just like in the previously profiled spamvertised campaign, the cybercriminals behind this campaign are monetizing the traffic by participating in a revenue sharing affiliate network called StarPartner. The affiliate network offers:

  • Commission of up to 80% per month
  • Detailed and transparent reporting
  • Remain committed to offering the best banner and content design
  • Allowing up to 10 web sites per affiliate – with up to 1,000 unique tracking codes per casino, for each web site
  • No negative monthly carry-overs
  • Dedicated, multi-lingual Affiliate support

Screenshots of the affiliate network’s web site:

Second screenshot of the affiliate network’s web site:

Go through related posts on previously spamvertised W32/Casonline campaigns:

Spamvertised URLshxxp://www.allslotscasino.comhxxp://www.crazyvegas.comhxxp://www.ceudicestar.net

Sample detection rate for the advertised executables: 

AllSlots.exe – detected by  7 out of 41 antivirus scanners as GAME/Casino.Gen; W32/Casino.P.gen!Eldorado

MD5: 76585c23167e0dcf49d55dede37ab999

CrazyVegas.exe – detected by 8 out of 41 antivirus scanners as GAME/Casino.Gen; TROJ_GEN.R3EH1FF

MD5: 72fc925d80f31501130bb1642f6a8f68

SilverOakCasinoInstaller.exe – detected by 3 out of 41 antivirus scanners as GAME/Casino.Gen2; Win32/RealTimeGaming_i

MD5: 0084f53acd115c3c7b7917f34f1b3ddc

Webroot SecureAnywhere users are proactively protected from these ‘potentially unwanted applications’.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.

Trackbacks

  1. [...] to a mature monetization model introduced by vendors of bogus online gambling software, cybercriminals continue mass mailing millions of emails in an attempt to earn revenue for each and [...]

  2. [...] Agen Bola Is One In The Famous Online Casino Games Today With The Real Casino Atmosphere It May Give To Their Users!Spamvertised bogus online casino themed emails serving W32/Casonline [...]