A campaign for Browlock but not using malvertising this time.
I want to mention that Malwarebytes has already blog something in May 2014, but im not 100% sure it’s the same thing (or it evolve) – difficult to know because there is no much information in the article : https://blog.malwarebytes.org/fraud-scam/2014/05/browlock-redirects-via-google-image-search/
Here some examples of hacked websites.
The hackers create a lot of web pages in the hacked websites to be indexed by Google – then users click on it to be finally redirected to Browlock Ransomware.
SEO poisoning is an old technics, very used in the past (2008/2009/2010) to push scarewares (in french : https://forum.malekal.com/seo-empoisonnement-redirections-recherches-google-t21270.html).
some hacked domains :
There are not so much hacked websites, so i dont think this campaign give them much traffics, but that will be good if Google can do something 🙂
EDIT – 22.214.171.124 – Android Locker SEO Poisonning
Some example :
Lead to URL with keywordXXX.html URLs
First redirection is Android Locker Malvertising.
All domains are at : 126.96.36.199 – a well know IP related to Android Locker Malvertising