Malware propagation through blogging sites format and BlackHat SEO
We have seen and mentioned at one point that the strategies used during the processes of malicious code spread more and more involved BackHat SEO techniques to achieve different vectors for access to download the file you are looking to spread malicious.
Combined with Social Engineering and domain names with high demand keywords through search engines that refer to websites with a large and massive flow of use as Rapidshare, Megaupload and other related music, games, movies, etc., make as a whole, a very effective method of propagation.
Currently it's carrying out a major propaganda campaign through websites that simulate the whole structure of blogging and use words much sought after and combined together to form the domain name to download malware using flashy BlackHat SEO techniques to achieve good search engine positioning. Among the words used are: rapidshare, megaupload, free, games, soft, warez, ftp, music, full house, pub, movies, cat, catalog, download.
Among the domains created from the combination of these words are:
freesoftcat .com (78.109.22.131)
movie-rapidshare .com
music-rapidshare .com
warez-catalog .com
games-rapidshare .com
www.downloads-rapidshare .com
www.freesoftcat .com
www.movie-megaupload.com
www.movie-rapidshare .com
www.music-rapidshare .com
www.warez-catalog .com
free-full .com (213.155.3.240)
moviesrapidshare .org
musicrapidshare .org
softrapidshare .com
softrapidshare .org
www.free-full .com
www.musicrapidshare .org
www.softrapidshare .com
free-full-rapidshare .com (78.109.22.135)
www.free-full-rapidshare .com
cpmusicpub .com (213.155.3.250)
ftp-warez .org
soft-rapidshare .net
www.ftp-warez .org
www.soft-rapidshare .net
free-games-rapidshare .com (78.109.22.140)
tsautah .org
www.free-games-rapidshare .com
www.soft-warez .org
www.tsautah .org
The search engine words or subjects that are part of the pages have a very powerful position, appearing, as in the example in the top positions.
From the different places a battery is discharged malware important not only in quantity but in variety. Some of the malicious files are:
SoftwareAngular.Momentum.-.Chromium.45094.exe - 2/41 (4.88%)
Keygen.OJOsoft.Total.Video.Converter.v2.6.1.0106.-.For.MKV!.exe - 24/40 (60.00%)
Setup.exe - 26/40 (65.00%)
BackHat SEO techniques present a new approach to spreading malware that malware writers don't let the side, marking a trend and effective campaign and aggressive infection difficult to control through conventional mechanisms.
Related information this Blog
Estrategia BackHat SEO propuesta por Waledac
Jorge Mieres
0 comentarios:
Post a Comment