Comments on: “Cheap Vista” or Cloaked Spam on High-Profile Sites

By: Denis

Denis — Mon, 19 Oct 2009 17:26:19 +0000

Regarding rewards. There is a Software & Information Industry Association that offers up to $1 million for information about software and content piracy. The site of this association is hacked and promotes those Soft2PCs online stores that sell pirated software. I had informed them about this issue more than two weeks ago and they just ignored my report. They know that they promote pirates and don't do anything about it. They just don't care.

By: D. Helppi

D. Helppi — Mon, 19 Oct 2009 17:05:12 +0000

Thank you for your very informative explanation of this part of the international criminal activity in pirated software.

I am amazed that the FBI and the victim companies don’t police this sort of activity intensively.

And, also why Google and the other search engines don’t get more pro-active.

Maybe with “Rewards” offered by the gov’t and software companies more bounty hunters would do the legwork to shutdown these criminal enterprizes.

And, ultimately, in the world of commerce buyers should beware, and patronize only legitimate vendors.

Thanks for your excellent work.

By: Jon

Jon — Mon, 19 Oct 2009 14:54:16 +0000

Good things for site owners and webmasters to be aware of.

By: Tynan on Tech » That Facebook friend is really a fake

Tynan on Tech » That Facebook friend is really a fake — Tue, 06 Oct 2009 15:30:41 +0000

[...] because such sites have gamed Google to land at the top of its search results. Some of these are legit sites that have been compromised, others are total fakes from the get-go. (And Bing is even worse, FYI.) Even if they don’t [...]

By: Denis

Denis — Fri, 02 Oct 2009 16:10:59 +0000

Probably the logic is more complex. I get redirected even if I just paste the URL into browser’s address bar and hit enter.

It would be intresting to hear from webmasters of the compromised sites and see the code used by hackers.

By: Google Tricked By Cyber Criminals

Google Tricked By Cyber Criminals — Fri, 02 Oct 2009 16:02:40 +0000

[...] on how these rogue activities are effecting search results read the following blog post from Unmask Parasites when they demonstrate the extend of the issue and how users and search results are being [...]

By: Arjen van Kol

Arjen van Kol — Fri, 02 Oct 2009 15:31:22 +0000

They’re checking the HTTP referrer. I just tested it: when clicking from a Google results page with sending referrer info disabled in my browser I get a 404, with sending referrer info enabled, I get redirected.

By: Denis

Denis — Fri, 02 Oct 2009 10:15:08 +0000

Yes. This trick is often used to redirect search traffic when hackers inject mod_rewrite rules into .htaccess files. It leaves webmasters unaware of the problem since they rarely use search engines to open their own sites. However in this case, the hack doesn't seem to check the referrer, and you get the same results both when you click on the search results and when you type the URLs in.

By: peter webb

peter webb — Fri, 02 Oct 2009 09:59:10 +0000

An easy way they could pull of showing different sites to real visitors is to check if the refer came from a search engine or a type in.

By: Tweets that mention “Cheap Vista” or Cloaked Spam on High-Profile Sites | Unmask Parasites. Blog. -- Topsy.com

Fri, 02 Oct 2009 04:34:56 +0000

[...] This post was mentioned on Twitter by InfoSec4All, Joseph Clore, Ricardo Delgado, Joe Burton and others. Joe Burton said: internetcrimes.net “Cheap Vista” or Cloaked Spam on High-Profile Sites | Unma.. http://bit.ly/2GGOd0 Training Today! [...]