CYBER NEWS

Expired Domain Names Are Being Registered to Point To Malware

Computer criminals have been found to abuse expired domain names by registering them once again and pointing the visitors to malware. This was a commonly used tactic for marketers and SEO specialists who used just names to point to landing pages of their clients. This new change of scenario shows how important it is to never trust a site domain name to be safe by default.




Expired Domain Names Registered and Abused To Deliver Malware

Computer hackers are exploiting the common marketing strategy of registering expired domain names. This is a common tactic which is devised to provide backlinks to a given site. Digital marketers lookup newly expired domain names that may have a similar name, significance or a lot of links that point to notable sites. If they find that they are fitting in the niche of their client’s site they can register it and post content, edit archived posts or even institute (potentially malware) redirects to other sites.

There is also another possibility that hackers can abuse – by faking the faking the expired domain name message. This will come up when a given site has expired and the visitors are notified that it is now sold by a domain registrant or a hosting company. As these pages usually contain some sort of forms or contact information this can be used in phishing campaigns. The exact kind of phishing strategy can depend on the chosen site or the hacking group.

In one of the confirmed cases security researchers have found that the source of such hacking tactics was coming from an online game. The investigation shows that when the users to this game are accessing a site there was a link in it which redirects to one such expired domain. This redirect link was found to lead the visitors to a blacklisted web-page instead of a regular domain auction site.

Related:
A new study by Princeton University highlights the interrelation of using smartphones, associate behavioral data, and personality traits.
How You Use Your Smartphone Can Predict Your Personality Traits

Following up to the domain links an audit discovered that there have been more than 2,500 pages in total which link to various sites. There are two primary consequences:

  1. Malware Distribution — In many cases the hackers can embed virus-infected files or direct malware payloads. In this particular case the most popular example is the Shlayer Trojan. It will install adware and run other dangerous actions on the host system.
  2. Malware Redirects — The criminals can redirect the visitors to fake login forms, phishing sites and intrusive ads content.

One of the reason why this method is becoming more and more efficient and popular among hackers is the fact that the use of such domains is very easy. Registration of expired domains and analytical data about their value can be easily done via free public tools.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...