Uncategorised

Semalt.com referrer spam and botnet infections

The other day I was notified by one of my clients that they were receiving a lot of random hits to their server. The odd thing about these hits was that the referrer was the same throughout.

I noticed 2 different referrer urls which to be honest I kinda assumed were the same bad actor (I replaced http with hxxp so they don’t get any traffic haha):

hxxp://keywords-monitoring-your-success.com/try.php?u=hxxp://some-website-here.com

hxxp://buttons-for-website.com

Here are some of the IP’s which hit the server with the corresponding user-agents:

I wont go too far into describing what semalt.com is and what they are doing that is bad, as there are plenty of other articles describing this anyway:

https://www.incapsula.com/blog/semalt-botnet-spam.html

http://www.infosecurity-magazine.com/news/semalt-hijacks-hundreds-of/

http://blog.nabble.nl/post/93306955157/semalt-infecting-computers-to-spam-the-web

But basically they are a SEO company that offer help with getting your website indexed better in search engines, by abusing http referrers and tricking google into thinking your site is more popular than it is. (Which can have a negative effect on SEO and analytics, BTW.)

To generate the traffic, this company abuse common software like youtube downloaders and music players to trick innocent people into installing it without realizing they are going to be apart of a botnet. Unfortunately it says in the terms and conditions exactly what these bits of software do, but who the fuck reads that shit anyway, huh?!

OK lets have a look to see what they are hosting (on the same server or a similar IP):

And here are some URL’s that VirusTotal picked up as suspicious or malicious:

Now if that is not suspicious I do not know what is.

More to follow.

___________________________________________________________

217.23.15.146
SoundFrost.exe

_____________________________

 

Uncategorised

My never ending battle with a Russian-Canadian scam pharmacy

https://www.scambook.com/company/view/1166/Canadian-Health-And-Care-Mall

I hate scammers; especially if they are to do with peoples health. Just like in this case with the fake Canadian pharmacy. This is a very old and famous scam, in which I remember reading at one point a botnet was sending out millions of spam emails a day to generate traffic to their websites. This could have a huge impact on vulnerable people who order medication for health reasons, and for druggos too I suppose. I do not know whether or not you get the products or not, and I do not know whether the products are legit.

Continue reading “My never ending battle with a Russian-Canadian scam pharmacy” »