Summer movies are highly anticipated by the moviegoers, because Hollywood traditionally releases its biggest blockbusters during this season. Fraudsters are relentless in creating fake streaming sites, not just on the screening date of these movies, but also before the release of movies in theaters.
The next two charts show which movies are most popular with attackers, as well as where these fake sites are hosted.
Figure 1. Commonly used summer movie titles
Figure 2. Popular hosts for fake streaming sites
How do these scams work? Cybercriminals want to lead users to download video players or sign up for streaming sites via affiliate links. Alternately, they may want to lead users to more traditional survey scams.
Figure 3. Fake streaming sites infection chain
The attackers use various social media sites like Facebook, Google+, Youtube, LinkedIn, and many others to drive users to the fake streaming pages. These are hosted on blogging services like Tumblr, WordPress, and Blogger.
Most pages on these blogs have shortened URLs that lead to the final sites we talked about earlier. Because they used the services of URL shorteners, we were able to view the number of visits per selected movie. It appears that Man of Steel, Fast and the Furious 6 and Iron Man 3 got the highest number of viewers. This data is for a two-month period from late April up to the end of June.
Figure 4. Total pageviews of fake streaming sites (per movie titles)
To lure in users, attackers use key phrases like “watch movie title online” or “download movie title free”. Using Blackhat Search Engine Optimization or BHSEO, users looking for the above pages are lured to visit the fake streaming sites. This is also known as one of the manipulation of search engine indexes in spamdexing.
Many of the common keywords used are what you’d expect: “watch”, “online”, “free”, etcetera. One of the more surprising keywords is “putlocker”, which refers to a UK-based file locker. In terms of countries involved, while the United States accounts for more than two-thirds of the traffic to these sites, other countries were also represented.
Users are advised to stream and subscribe to legitimate sites and not from these fake streaming sites. Be wary of sharing posts and clicking links that could propagate these scams. In addition, there might be no such thing as online streaming or movie download except for pirated copies, which in itself can be risky.
Trend Micro Smart Protection Network already blocks the related URLs.
Leave a reply
