A number of inactive websites have been compromised and are redirecting visitors to unwanted URLs, many of which are malicious. This is according to a new study by Kaspersky, which uncovered over 1000 inactive domains that send users to second-hand pages as a way for fraudsters to make money or even infect their device.
Inactive domains are sometimes purchased by a service before being put up for sale on an auction site. Visitors to the inactive website should then be redirected to the auction stub; however, fraudsters are often substituting these stubs for malicious links.
Kaspersky researchers discovered that there were about 1000 websites for sale on one of the world’s biggest auction platforms, and these redirected visitors to over 2500 unwanted URLs. Many of these download the Shlayer Trojan, which installs adware on infected devices and is distributed by webpages with malicious content.
Of these websites, 89% were redirects to ad-related pages while 11% were to malicious sites, which either contained a malicious code or prompted users to install malware or download infected MS Office or PDF documents.
It is believed fraudsters are being paid to drive traffic to both the legitimate advertising pages and malicious sites, which is the motivation for the scheme.
Dmitry Kondratyev, junior malware analyst at Kaspersky, commented: “The domains that have these redirects were — at one point — legitimate resources, perhaps those the users frequently visited in the past. There is no way of knowing whether or not they are now transferring visitors to pages that download malware. Adding to the challenge is that whether or not you land on a malicious site varies: if one day, you access the site from Russia, nothing will happen. However, if you then try to access it with a VPN, you might be sent to a page that downloads Shlayer.
“In general, malvertising schemes like these are complex, making them difficult to fully uncover, so your best defense is to have a comprehensive security solution on your device.”
Want to get the best solution for your business?
At Tristar Tech Solutions, we take a realistic approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.
To book a consultation or to arrange a further discussion, please get in touch.
If you’re looking for IT support in Hertfordshire or IT support in North London, contact us today, and a member of our team would be more than happy to advise you.
News Source: https://www.infosecurity-magazine.com/