MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

24.5.10

BlackHat SEO Campaign for the thirtieth anniversary of PAC-MAN

Recently, the legendary video game PAC-MAN has completed 30 years of existence and Google has launched a campaign in his honor by placing a banner that allows even play.

However, Google not only benefits from this but also cyber-criminals, who saw in this campaign a new opportunity to attack and have launched another campaign, but the spread of malware through BlackHat SEO (also called SEO Poisoning).

Some other search parameters may include:


pac man 30th anniversary game
pac man 30th anniversary games
pac man 30th anniversary google
pac man 30th anniversary high score
pac man 30th anniversary play
pacman free online 3d
pacman free online addicting games
pacman free online download
pacman free online game for kids
pacman free online game
pacman free online no sound
pacman free online play
pacman free online with no sound
pacman game download
pacman game flash
pacman game for kids
pacman game for wii
pacman game free download
pacman game full screen

Traffic redirected to the download of scareware. In this case, a binary md5 4c9ac21a2730a5e6d8c8018afb517d5e which has a very low detection rate: 6/41 (14.63%).

Among the domains that involves the campaign are:

accu-riteaccounting.com
africanbynature.com
allisonleach.com
bobsclamhut.com
carolfleming.org
carolinasystemsinc.com
d3-store.com
delta-electronic.com
diningbythesea.com
drakeleisure.co.nz
fastripsnackatak.com
fbgartschool.com
gas-consult.com
generationbass.com
gjsdesigns.com
goedkopepc.net
hkiarchitects.com
houndshaveninc.com
hst1066.com
itech-on.pt
jaszmetal.hu
larsonguitar.com
nsc.eypgreece.org
okidouki.com
olivermurr.com
oneaccordclass.org
partrade.net
redhanded.ca
red-partner.com
regionalportauthorityofnwo.org
reillocile.com
reillychiro.com
reynared.com
roseguggenheimer.com
ruders.com
rufiocreative.com
runawaysnail.com
ryangruhn.com
ryanroghaar.com
sacredhaven.com
saevar.com
scxdigitalslots.com
seastromlaw.com
shop.infytel.com
sor-d2.com
s-teamexpert.com
tcgpage.com
tuneoutdropin.com
turtlesplayground.com
william-heise.com

To achieve massify the campaign and get a good PageRank in Google, criminals violated a server hosted on a list of web pages with the titles which make up words that are the subject of regular search. These files are located in a hidden folder, often called the ".files"


Under this scenario, taking into account that these strategies are widely used for the propagation of malware, a good practice is to verify at the root of posting the existence of hidden folders.

Related information
Estrategia BlackHat SEO propuesta por Waledac
Malware propagation through blogging sites format and BlackHat SEO
CampaƱa de propagaciĆ³n del scareware MalwareRemovalBot

0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)