[en] PUPs by Cracks/Keygen

Sometimes ago, i notice some SEO poisonning leading to Cracks/Keygen websites created to offer PUPs installer.
All theses fake crack/keygen website lead to differents PUPs affiliate programs :

PUPs_by_crack_download3 PUPs_by_crack_download2

PUPs_by_crack_download
at the end two differents installers :

malekalmorte@Mak-tux:/tmp/mal$ ls -l|sort -k +5
total 10792
-rw-r--r-- 1 malekalmorte malekalmorte 1510928 mars 27 16:58 norton trial reset_10924_i47381854_il345.exe
-rw-r--r-- 1 malekalmorte malekalmorte 1510928 mars 27 17:00 Crack norton 2008 cn_10924_i47382273_il345.exe
-rw-r--r-- 1 malekalmorte malekalmorte 1537040 mars 27 17:02 Keygen norton exe_10924_i47382972_il345.exe
-rw-r--r-- 1 malekalmorte malekalmorte 1537040 mars 27 17:12 Singer number fa featherweight serial_10924_i47385459_il345.exe
-rw-r--r-- 1 malekalmorte malekalmorte 1592848 mars 27 17:44 Adobe Flash CS3 Portable EN_10924_i47393017_il345.exe
-rw-r--r-- 1 malekalmorte malekalmorte 477696 mars 27 16:56 Hack Tool 2015 Downloader.exe
-rw-r--r-- 1 malekalmorte malekalmorte 477696 mars 27 16:57 NORTON INTERNET SECURITY HACK Downloader.exe
-rw-r--r-- 1 malekalmorte malekalmorte 477696 mars 27 17:01 Norton Internet Security 2015 Downloader.exe
-rw-r--r-- 1 malekalmorte malekalmorte 477696 mars 27 17:13 G Data Antivirus 2015 Crack With Key Updated.exe
-rw-r--r-- 1 malekalmorte malekalmorte 477696 mars 27 17:53 G Data Antivirus 2015 Crack With Key Updated (1).exe
-rw-r--r-- 1 malekalmorte malekalmorte 478208 mars 27 17:03 FL Studio Mobile 2.0.1 Apk Data For Android download.exe
-rw-r--r-- 1 malekalmorte malekalmorte 478208 mars 27 17:03 Spybot search and Destroy 2.4 Key Crack Download Full.exe

ADWARE/MultiPlug :

https://www.virustotal.com/fr/file/992007bdce345a2fe692ad1d1120fb79793167051d49b8c4c3b3c6349c26b627/analysis/
https://www.virustotal.com/fr/file/36921c7953f71f44527cfd13e5a9472d6d5264e20fd5d150627b61ebf4fc0ebd/analysis/1427476495/

and Adware.Mikey / Trojan.Amonetize :

https://www.virustotal.com/fr/file/966754b49121fb7338da1122f69f1e12ad827e2c96d641d67c4e3fbbf2ea7ef4/analysis/1427476595/
https://www.virustotal.com/fr/file/992007bdce345a2fe692ad1d1120fb79793167051d49b8c4c3b3c6349c26b627/analysis/1427476593/

Installer example :

PUPs_by_crack_hack_installer2 PUPs_by_crack_hack_installer

Some campaigns….

Fake Crack/keygen Websites

A lot of fake crack/keygen websites created to make SEO Poisonning.
Some :

cracksfull.com -- 104.24.100.63 104.24.101.63
www.software-free.net -- software-free.net. 104.27.189.195 104.27.188.195
softwarespatch.com -- 142.4.217.51
www.savvyeat.com -- 208.97.174.235
cracksnew.com -- 104.24.114.101 104.24.115.101
pcsoftwarespro.com -- 104.18.46.134 104.18.47.134
apkappspro.co -- 104.27.146.245 104.27.147.245
onhax.net -- 104.28.14.60 104.28.15.60
softwaresnew.org -- 31.22.4.60
crackserialpro.com -- 216.245.193.82
realcracked.com -- 64.37.59.147
crackserialpro.com -- 216.245.193.82
mhktricks.net -- 104.28.6.43 104.28.7.43
allactivators.com -- 142.4.217.51

PUPs_by_crack4 PUPs_by_crack3 PUPs_by_crack2 PUPs_by_crack

they are able to reach around ~40k at Alexa :
http://www.alexa.com/siteinfo/cracksfull.com
http://www.alexa.com/siteinfo/freecrackfilesdownload.blogspot.com
http://www.alexa.com/siteinfo/www.software-free.net

and sometimes a lot :
PUPs_by_crack_VT
some of theses IPs are also used for Phishing and others malicious activities :
PUPs_by_crack_VT2

All the redirector and PUP Afffiliate programs websites are hosted on Amazon & they like .xyz TLD.

PUPs_by_crack_hack_URLs3

 

Hacked websites

As usual, some hacked websites are hacked to host malicious contents.
The goal is to use the ranking of the website to be on the top of the research engine.

I notice differents campaigns that target WordPress websites.
An old one, with a specific pattern, already use to push PUPs & Browlock Ransomware – see :
http://www.malekal.com/2014/10/14/en-another-seo-poisoning-lead-to-pups/
http://www.malekal.com/2014/09/12/en-browlock-also-by-hacked-websites/

PUPs_by_crack_hack_SEO_Poisonning2 PUPs_by_crack_hack_SEO_Poisonning

 

another one, seems the hackers upload a copy of a warez website in the wp-info directory.

PUPs_by_crack_hack_SEO_Poisonning3PUPs_by_crack_hack_SEO_Poisonning4_1 the original warez website :

PUPs_by_crack_hack_SEO_Poisonning4
Some examples of « wp-info » hacked website hosting warez :PUPs_by_crack_hack_SEO_Poisonning6
PUPs_by_crack_hack_SEO_Poisonning5

Below the API that redirect (/lp1/query.php URLs) to the PUP Affiliate website.PUPs_by_crack_hack_URLs2

i update my malicious URL database with theses : http://malwaredb.malekal.com/url.php
We can notice that the redirect are linked to UA/RU.

PUPs_by_crack_hack_URLs

Comment lire d'autres tutoriels de malekal.com ?

Si le site vous a aidé, svp, débloquez les bloqueurs de publicités, n'hésitez pas non plus à partager l'article ou le site sur les réseaux sociaux.

Pour pouvoir lire plus d'articles et tutoriels, utilisez le menu en haut du site. Plein d'articles et tutos utiles vous attendent !

Besoin d'aide ?

Posez votre question ou soumettez votre problème sur le forum malekal.com pour obtenir une aide efficace : Aller sur le forum malekal.com
(Visited 167 times, 2 visits today)

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *