[en] Another SEO poisoning lead to PUPs

Sometimes ago, i wrote an entry for a SEO poisoning campaign for the Browlock ransomware using hacked websites.
Another campaign leading to PUPs.
The links are similar to the Browlock Campaign, they are probably using the same tools.

 

 

Words Spam :

The redirections.

 

http://s0ftpedia.pw/files/t%C3%A9l%C3%A9charger%20latis%20bio%20gratuit&id=my - https://www.virustotal.com/fr/ip-address/5.199.171.242/information/
http://s0ftpedia.pw/files/t%C3%A9l%C3%A9charger%20latis%20bio%20gratuit&id=my
http://pushtraffic.net/TDS/?wmid=99939&uid=967&q=T%C3%A9l%C3%A9charger_Latis_Bio_Gratuit - https://www.virustotal.com/fr/ip-address/91.205.156.86/information/
http://pushtraffic.net/TDS/?wmid=99939&uid=967&q=T%C3%A9l%C3%A9charger_Latis_Bio_Gratuit
http://j.theadsnet.com/j5GR9KvcCpJl3KxNbd2jHELdoS5hn5sieZuaPXu8lDpq6pYiQLmNZh%2Ft1GwT%2FoUaXrnIQUPSxB%2F1TZGsk4tpEkyLYAUdnGgPL4dSHSOXTuQ8nWHyO3Q%2F%2FyU5LLtrOxOrazoVrg%3D%3D
http://j.theadsnet.com/static/jquery-1.11.3.min.js
http://lss799.filedatabase.biz/j5GREkGD7Ho/2Oh8OZ2Qem3UtDV1pasUWqWpJmmXozpxk6IlQ6ScMlLymSwX6cVSHe7NUgTQzk1FkZ8GXtU4SgffPFEykXsPKJF/ICOcLLBoiGfmNGZw6AlwZP8/NRm1PWBM9AktGL0ScF7AAndC11NoXcITRErFE1ATzBVFZ8caXxrU7UUnz/RNcPnYHiOm71AKpP4pOqDJKjLyqm4Vt+0TDKefaFr1l2VZ8ZJrX9KablOS0z8RisUMQNyLWOPB2liwxaZHvc3wQ7jJ/0H1Mv5KpjW35aA95eL4Ka/pnFWYqslw3/XHPZbmwnuf+8V8h/iIFdTS2EWSmYkWzJrnR8PF - https://www.virustotal.com/fr/ip-address/109.200.202.121/information/

 

As you can see they are using a TDS at pushtraffic.net :

The TDS rise at ~22k at Alexa

Example of the final installer with a lot of commons PUPs : Adanak (Adware.BrowseFox), Vuu PC, Webssearches (Hijacker), Boxore etc.

 

to be continued to : https://www.malekal.com/2015/03/27/en-pups-by-crackskeygen/

Vous avez trouvé cet article utile et interressant, n'hésitez pas à le partager...