[en] Browlock also by hacked websites

A campaign for Browlock but not using malvertising this time.
I want to mention that Malwarebytes has already blog something in May 2014, but im not 100% sure it’s the same thing (or it evolve) – difficult to know because there is no much information in the article : https://blog.malwarebytes.org/fraud-scam/2014/05/browlock-redirects-via-google-image-search/

Here some examples of hacked websites.
The hackers create a lot of web pages in the hacked websites to be indexed by Google – then users click on it to be finally redirected to Browlock Ransomware.
SEO poisoning is an old technics, very used in the past (2008/2009/2010) to push scarewares (in french : https://forum.malekal.com/seo-empoisonnement-redirections-recherches-google-t21270.html).

Browlock_google_image_redirections5   Browlock_google_image_redirections2 Browlock_google_image_redirectionsBelow two fiddler screenshots showing the redirection to Browlock webpages from an hacked website :

Browlock_google_image_redirections3Browlock_google_image_redirections4

some hacked domains :
hetkoznapimennyorszag.hu
hydehistoric.com
futureboy.com
madinamasjidnorthampton.org.uk
mybogeywear.com
ntbgames.com
pokojekarwia.pl
royalbalitours.com
sficoop.com
shefieldtechnoplast.com
skupzlota247.pl
sofochurch.com
sovelle.fi
vins-du-coin.fr
www.multisportsolutions.com
www.rogeringlesexecutivo.com.br
www.philsfoodsense.org

There are not so much hacked websites, so i dont think this campaign give them much traffics, but that will be good if Google can do something 🙂

EDIT – 109.206.177.36 – Android Locker SEO Poisonning

Some example :

seo_poisoning_Android_4 seo_poisoning_Android_3 seo_poisoning_Android_2 seo_poisoning_Android

Lead to URL with keywordXXX.html URLs
First redirection is Android Locker Malvertising.

All domains are at : 109.206.177.36 – a well know IP related to Android Locker Malvertising
https://www.virustotal.com/fr/ip-address/109.206.177.36/information/
http://malwaredb.malekal.com/url.php?ip=109.206.177.36
seo_poisoning_Android_5

(Visité 61 fois, 1 visites ce jour)

Vous pouvez aussi lire...

Les Tags : #Windows10 - #Windows - #Tutoriel - #Virus - #Antivirus - #navigateurs WEB - #Securité - #Réseau - #Internet