Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones — think traffic acquisition through illegally embedded iFrames — has been contributing to the growing market segment where traffic is bought, sold and re-sold, for the sole purpose of monetizing it through illegal means. The ultimately objective? Expose users visiting compromised, or blackhat SEO-friendly automatically generated sites with bogus content, to fraudulent or malicious content in the form of impersonations of legitimate Web sites seeking accounting data, or client-side exploits silently served in an attempt to have an […]
Posts Categorized: Blackhat SEO
It’s that time of the year! The moment when we look back, and reflect on Webroot’s Threat Blog most popular content for 2012. Which are this year’s most popular posts? What distinguished them from the rest of the analyses published on a daily basis, throughout the entire year? Let’s find out.
In 2012 it’s becoming increasingly common for cybercriminals to apply basic quality assurance (QA) tactics to their campaigns. Next to QA, they also emphasize on campaign optimization strategies allowing them to harness the full potential of the malicious campaign. Recently, I came across to an underground forum advertisement selling access to 117,000 unique U.S visitors — stats gathered over a period of 8 hours — for the purpose of redirecting them to a Black Hole web malware exploitation kit landing URL. The traffic aggregation taking place through black hat SEO (search engine optimization), is aiming to exploit a group of […]
On their way to convert legitimate traffic into malware-infected hosts using web malware exploitation kits, cybercriminals have been actively experimenting with multiple traffic acquisition techniques over the past couple of years. From malvertising (the process of displaying malicious ads), to compromised high-trafficked web sites, to blackhat SEO (search engine optimization), the tools in their arsenal have been systematically maturing to become today’s sophisticated traffic acquisition platforms delivering millions of unique visits from across the world, to the cybercriminals behind the campaigns. What are some of the latest campaigns currently circulating in the wild? How are cybercriminals monetizing the hijacked traffic? Are […]
Next to commodity underground goods and services such as managed spam, harvested email databases, boutique cybercrime-friendly services, services offering access to hacked PCs, managed malware crypting on demand, and managed email hacking as a service, the cybercrime ecosystem is also a thriving marketplace for stolen intellectual property, such as music releases. In this post I’ll profile a recently launched affiliate network for pirated music, offering up to 35% revenue sharing schemes with the cybercriminals that start reselling the stolen releases which undercut the official music marketplaces prices in an attempt to increase their profits. More details:
Hundreds of thousands of legitimate web sites are currently affected in a a mass SQL injection attack that has been ongoing for the past several months. The ongoing mass SQL injection attacks, are directly related to last year’s scareware-serving Lizamoon mass SQL injection attacks. The cybercriminals behind it, are automatically exploiting the legitimate web sites, and embedding a tiny script on the affected pages, abusing an input validation flaw, or exploiting vulnerable and outdated versions of the web application software running on them. More details:
What are pharmaceutical scammers up to? From active participation in black hat search engine optimization campaigns, to spamvertising of bogus links – including QR Codes – and compromising of web sites with high page rank in order to redirect to pharmaceutical scams, scammers are keeping themselves pretty busy in order to monetize as much web traffic as possible. Recently, one of the most popular affiliate network for selling counterfeit pharmaceutical items launched its own Web contest. Let’s take a look.
It’s been said that sunlight sanitizes almost everything it shines on. Beginning this week, and every week from now on, we’ll focus a concentrated beam on the rogue antivirus programs our support staff and Threat Research team have been working to remediate. Rogues have a tendency to switch up their names, user interface, and other outward characteristics, while retaining most of the same internal functionality — and by functionality I mean the fraudulent tricks these forms of malware use to make it difficult for someone to identify them as malicious or remove them from an infected computer. It’s not as […]
(Update, July 11, 2011: On May 25, 2011, we were contacted by representatives of Future Ads, LLC, the parent company of both Playsushi and Gamevance. Future Ads informed us that they, too, had been victims of a scam perpetrated by rogue affiliates who seemed to be involved with the malicious campaigns we described in this post. Future Ads claims that it has taken action to prevent this type of abuse from happening in the future.) A worm that has been circulating on Facebook in the form of a Facebook application appears to have been engineered to drive traffic to a […]
(Update, July 11, 2011: On May 25, 2011, we were contacted by representatives of Future Ads, LLC, the parent company of both Playsushi and Gamevance. Future Ads informed us that they, too, had been victims of a scam perpetrated by rogue affiliates who seemed to be involved with the malicious campaigns we described in this post. Future Ads claims that it has taken action to prevent this type of abuse from happening in the future.) By Curtis Fechner and Andrew Brandt I was poking around at the end of the work day last week, checking out the newly-released trailer for […]