Cybercriminals are currently spamvertising hundreds of thousands of emails enticing end and corporate users into clicking on links leading to bogus online casinos requiring the installation of an executable file.
This is the second bogus casino themed campaign I've intercepted in recent months, and the third time when I profile the distribution and infection vectors of W32/Casonline.
Just like in the previously profiled spamvertised campaign, the cybercriminals behind this campaign are monetizing the traffic by participating in a revenue sharing affiliate network called StarPartner. The affiliate network offers:
Go through related posts on previously spamvertised W32/Casonline campaigns:
URLs: hxxp://www.allslotscasino.com; hxxp://www.crazyvegas.com; hxxp://www.ceudicestar.net
AllSlots.exe – detected by 7 out of 41 antivirus scanners as GAME/Casino.Gen; W32/Casino.P.gen!Eldorado
CrazyVegas.exe – detected by 8 out of 41 antivirus scanners as GAME/Casino.Gen; TROJ_GEN.R3EH1FF
SilverOakCasinoInstaller.exe – detected by 3 out of 41 antivirus scanners as GAME/Casino.Gen2; Win32/RealTimeGaming_i
Webroot SecureAnywhere users are proactively protected from these 'potentially unwanted applications'.