The Latest in IT Security

Fake ‘Rihanna & Chris Brown S3X Video’ Spam Campaign Spreading Across Facebook, Monetized Through Adf Dot Ly PPC Links

22
Jun
2013

A currently ongoing, click-jacking driven spam campaign is circulating across Facebook, with the affected users further spreading the adf.ly links on the Walls of their friends, in between tagging them, with the cybercriminal/cybercriminals behind the campaign, earning revenue through the adf.ly pay-per-click (PPC) monetization scheme.

Redirection chain:
hxxp://adf.ly/Qrd2f?cid=51c3e798aff9a -> hxxp://rihannaofficialvideo.blogspot.de/?231514 -> hxxp://www.smilegags.com/watch/jack.php?action=connect&cid=51c3e798aff9a -> hxxp://lolzbestpic.com



MD5s for the Facebook spamming/click-jacking scripts:
MD5: fe97840bd2af654acdb63fd80b094531
MD5: f8a360728a896d40bbb0f190375fb6f6
MD5: bae32ffd43ac2f518dafeedb8901e2de
MD5: 90fa366b8affac24fe182b7b5de51b16

Domain name reconnaissance:
smilegags.com – 184.107.164.158
lolzbestpic.com – 64.79.76.226

Name servers used:
Name Server: NS1.PYARISHQ.INFO
Name Server: NS2.PYARISHQ.INFO
Name Server: NS1.HOSTING.XLHOST.COM
Name Server: NS2.HOSTING.XLHOST.COM

Responding to the same IP (184.107.164.158) are also the following domains:
amasave.com
wikilieaksvideo.com
ns1.pyarishq.info
ns2.pyarishq.info

Known to have responded to the same IP (184.107.164.158) in the past are also the following domains:
costcochristmas.com
costcogives.com
giftcardgratis.com
icagivings.com
lomanako.com
picknpaygives.com
remabilaget.com
rewegives.com
vodkaforyou.info
topvideosweden.com

Responding to (64.79.76.226) is also the following domain:
silali.info

Known to have responded to the same IP (64.79.76.226) is also the following domain:
promvideo.pw

Related posts:
Koobface Botnet Redirects Facebook’s IP Space to my Blog
Malware-Serving “Who’s Viewed Your Facebook Profile” Campaign Spreading Across Facebook
Fake ‘Facebook Profile Spy Application’ Campaign Spreading Across Facebook
Phishing Campaign Spreading Across Facebook
Facebook Malware Campaigns Rotating Tactics
MySpace Phishers Now Targeting Facebook
Facebook Photo Album Themed Malware Campaign, Mass SQL Injection Attacks Courtesy of AS42560
Facebook/AOL Update Tool Spam Campaign Serving Crimeware and Client-Side Exploits

This post has been reproduced from Dancho Danchev’s blog. Follow him on Twitter.

Leave a reply


Categories

SATURDAY, DECEMBER 07, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments