Sometimes ago, i wrote an entry for a SEO poisoning campaign for the Browlock ransomware using hacked websites.
Another campaign leading to PUPs.
The links are similar to the Browlock Campaign, they are probably using the same tools.
Words Spam :
The redirections.
http://s0ftpedia.pw/files/t%C3%A9l%C3%A9charger%20latis%20bio%20gratuit&id=my – https://www.virustotal.com/fr/ip-address/5.199.171.242/information/
http://s0ftpedia.pw/files/t%C3%A9l%C3%A9charger%20latis%20bio%20gratuit&id=my
http://pushtraffic.net/TDS/?wmid=99939&uid=967&q=T%C3%A9l%C3%A9charger_Latis_Bio_Gratuit – https://www.virustotal.com/fr/ip-address/91.205.156.86/information/
http://pushtraffic.net/TDS/?wmid=99939&uid=967&q=T%C3%A9l%C3%A9charger_Latis_Bio_Gratuit
http://j.theadsnet.com/j5GR9KvcCpJl3KxNbd2jHELdoS5hn5sieZuaPXu8lDpq6pYiQLmNZh%2Ft1GwT%2FoUaXrnIQUPSxB%2F1TZGsk4tpEkyLYAUdnGgPL4dSHSOXTuQ8nWHyO3Q%2F%2FyU5LLtrOxOrazoVrg%3D%3D
http://j.theadsnet.com/static/jquery-1.11.3.min.js
http://lss799.filedatabase.biz/j5GREkGD7Ho/2Oh8OZ2Qem3UtDV1pasUWqWpJmmXozpxk6IlQ6ScMlLymSwX6cVSHe7NUgTQzk1FkZ8GXtU4SgffPFEykXsPKJF/ICOcLLBoiGfmNGZw6AlwZP8/NRm1PWBM9AktGL0ScF7AAndC11NoXcITRErFE1ATzBVFZ8caXxrU7UUnz/RNcPnYHiOm71AKpP4pOqDJKjLyqm4Vt+0TDKefaFr1l2VZ8ZJrX9KablOS0z8RisUMQNyLWOPB2liwxaZHvc3wQ7jJ/0H1Mv5KpjW35aA95eL4Ka/pnFWYqslw3/XHPZbmwnuf+8V8h/iIFdTS2EWSmYkWzJrnR8PF – https://www.virustotal.com/fr/ip-address/109.200.202.121/information/
As you can see they are using a TDS at pushtraffic.net :
The TDS rise at ~22k at Alexa
Example of the final installer with a lot of commons PUPs : Adanak (Adware.BrowseFox), Vuu PC, Webssearches (Hijacker), Boxore etc.
to be continued to : https://www.malekal.com/2015/03/27/en-pups-by-crackskeygen/
(Visité 66 fois, 1 visites ce jour)
An exe file will probably be an exe file you could copy that cd into each other copretums can run this file which you can click twice on to make it so other computer and run to make it so other copretums can click twice on to run the.