Tag: Technical Support Scam
Tech Support Scams Using Numeric Domains
According to Microsoft, tech support scams (TSS) are a growing problem with 2 out of 3 consumers reporting that they’ve encountered them in recent years. As somebody who often captures malvertising chains I can tell you that I too have seen a big uptick in redirects leading to tech support scam pages. A lot of the times ...
Tech Support Scams
Below is a link to an article from Malwarebytes Lab explaining tech support scams: https://blog.malwarebytes.com/tech-support-scams/ Some recent examples that I collected on 05/02/17 are shown below. Network Activity: 174.137.155.139 – xml.pdn-1.com – 302 redirect to tech support scam 107.180.1.35 – binmsisooso.life – Tech support scam landing page 46.30.213.100 – bunt.truncomp.com – Tech support scam server Network ...
Hacked Sites Redirecting Users to Various Malvertising Campaigns
I had somebody contact me via my Contact page saying that they found my post on the Seamless campaign leading to RIG exploit kit. They had told me that they had received an email with the following link multitaskcleaners[.]co[.]uk/giftwrap.php?1702. He went on to say that going directly to multitaskcleaners[.]co[.]uk redirected him to 194.58.42.227/flow339[.]php. 194.58.42.227 is the same gate from my ...
TDS Redirecting Users to RIG Exploit Kit and Other Stuff
I’ve been tracking numerous external TDSs being used in exploit kit infection chains over the last couple of months. This post will focus on one TDS in particular, specifically a Keitaro TDS. During my investigation I was able to track down 12 domains that had been compromised and were redirecting users to this TDS. In the ...
Malware breakdown 