msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Rogue blogs redirect search traffic to bogus AV sites. Part 2.

27 Nov 09   Filed in Website exploits with 5 Comments

This is the second part of the post about rogue blogs installed into subdirectories of hacked legitimate websites. The first part talked about how those blogs redirect search engine traffic to scareware sites. In this part I will talk about the whole black hat campaign, its evolution and its strange connection with Servage hosting provider.

Generations of rogue blogs

In the Cyveillance blog, they mentioned two types of rogue blogs with “bsblog” and “bmsblog” strings in the URLs. Having played with Google searches, I discovered some more versions:

So what do those strings mean? A quick analysis of the blogs’ content suggests that “blog“, “bmblog”, “bsblog“, “bmsblog” and “mdblog” strings in blog addresses correspond to different generations of this black hat campaign.
Here is the timeline »»