Rogue blogs redirect search traffic to bogus AV sites. Part 2.
This is the second part of the post about rogue blogs installed into subdirectories of hacked legitimate websites. The first part talked about how those blogs redirect search engine traffic to scareware sites. In this part I will talk about the whole black hat campaign, its evolution and its strange connection with Servage hosting provider.
Generations of rogue blogs
In the Cyveillance blog, they mentioned two types of rogue blogs with “bsblog” and “bmsblog” strings in the URLs. Having played with Google searches, I discovered some more versions:
- bmblog. allinurl:bmblog/category search returns 281 000 results
- mdblog. allinurl:mdblog/category returns 1 880 results
- and generic blog (with specific categories).
So what do those strings mean? A quick analysis of the blogs’ content suggests that “blog“, “bmblog”, “bsblog“, “bmsblog” and “mdblog” strings in blog addresses correspond to different generations of this black hat campaign.
Here is the timeline »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
