WEST PALM BEACH, FL – Expired domains or domain names which have not been renewed by their previous owner are encountered by all of us often – most times we just don’t notice it. When we do, we open a website only to find out it no longer exists. We are redirected to a site with links on it, or it showcases a sales page for auction of the domain name.
These types of websites are generally considered harmless, but recent research proves otherwise. In a report released by well known security provider, Kaspersky, it has been found that these ‘harmless’ websites can contain malware that target your computer system and can cause damage to your sensitive data.
This was found by the Kaspersky researcher when they were investigating an online game; it was reported that when a user visited the site, there was a link which, upon clicking, would take the user to another website listed for sale. But, the second redirection from that site to the next was found to be leading the users into a trap. Instead of redirecting them to the unwanted auction site, users were led to a blacklisted web-page.
The investigation got even more intense when Kaspersky found that there were around 1,000 websites under the same unnamed auction service and the second redirection from these websites were all linked to more than 2,500 Blacklisted pages. Most of websites contained the Shlayer Trojan that Kaspersky says installs adware on one in ten macOS users.
Considering the activity of this website in a period of one year from March 2019, Kaspersky reported that 89% of the unwanted re-directions were to ad-related pages while the rest were to a malicious page. Some of these websites also tricked users to download the malware through documents and PDFs.
As to why such pages exist, profit is the only reason. People receive money by generating traffic on these pages when visitors click on advertisements – but sometimes these ads contain hidden malicious intent known as malvertising – a process of injecting malicious code into legitimate online advertising networks.
It was also found that almost 600 redirects were received by one of the malicious pages in just ten days. With other pages that involved the installation of Shlayer Trojans, a payment was made to the attackers for each successful installation.
Considering the magnitude of these attacks and their quality, Kaspersky assumes that this campaign is being carried out by a group of criminals belonging to a well-organized and well-managed network responsible for generating traffic on malicious websites. This act was made possible by using legitimate domain names and by using the resources of reputable domain auction sites.
In a statement issued by Dmitry Kondratyev, junior malware analyst at Kaspersky, he said that:
“Unfortunately, there is little users can do to avoid being redirected to a malicious page, the domains that have these redirects were—at one point—legitimate resources, perhaps those the users frequently visited in the past. And there is no way of knowing whether or not they are now transferring visitors to pages that download malware. In general, malvertising schemes like these are complex, making them difficult to fully uncover, so your best defense is to have a comprehensive security solution on your device.”
Personally, I’ve always used Norton and it usually alerts me at least once or twice per day that it prevented something from sneaking into my computer system. I’d never operate a personal computer with it.
About The Author: John Colascione is Chief Executive Officer of Internet Marketing Services Inc. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a ‘how to’ book called ”Mastering Your Website‘, and is a key player in several Internet related businesses through his search engine strategy brand Searchen Networks®