Tuesday, January 19, 05:29
Home security Expired domains: They can redirect you to malicious sites!

Expired domains: They can redirect you to malicious sites!

Most users, if not all of them, will certainly try to open a site and in the process discover that this site no longer exists, but has been replaced by a landing page indicating that the domain has expired or is about to be renewed. . In some cases, the resulting page simply contains left-wing related to the expired site. In other cases, the page is hosted by an auction site that aims to sell the expired domain name. These landing pages or auction sites seem to contain links that direct users to legitimate sites. In reality, though, things are different, as expired domains carry many risks - one of which is redirecting users to malicious sites.

In particular, a report released this week by Kaspersky points out that some of these seemingly "innocent" pages are very likely to hide malware. Looking at one application for one online game, Kaspersky's researchers found that the application tried to redirect them to an unwanted address URL, which was put up for sale on an auction site. Instead of being transferred to the right website stub, their second stage redirect resulted in a blacklist page.

expired domains

Kaspersky then discovered about 1.000 sites for sale from the same auction service. The second redirection stage for these sites has led users to more than 2.500 unwanted URLs. In addition, many of these URLs were created to download Shlayer Trojan, a malware that tries to install adware on computers. Poppy.

Tracking activity from March 2019 to February 2020, Kaspersky's researchers found that 89% of these second-stage redirects took users to ad-related pages, while 11% took them to malicious sites. In some cases, the pages were malicious code. There have also been cases where users have been asked to install malware or download infected documents. Microsoft Office and files PDF.

The ultimate goal in such cases is profit. People get paid to drive users to specific pages, whether they are legitimate ad sites or malicious ones. One of the malicious pages received an average of 600 redirects in ten days. With the pages trying to install the Shlayer Trojan, the intruders received money with each installation of the malware on a target device.

malicious sites

Kaspersky researchers estimate that cybercriminals behind this malware campaign are part of a well-organized and possibly managed network that can divert traffic to malicious sites. They could do this by redirecting legally domain names and exploiting the resources of a well-known domain auction site.

Dmitry Kondratyev, a junior malware analyst at Kaspersky, explained that users can do little to avoid being redirected to a malicious page. He also said that there is no way to know if visitors are being taken to pages that download malware, while it is difficult to manage expired domains. He also stressed that malicious advertising programs are complex, which makes them difficult to detect and deal with. Therefore, the best defense of users against expired domains and the consequent consequences, is to have a complete security solution on their device, according to Kondratyev. Although this type of attack can be difficult to mitigate and combat, users can take steps to prevent Trojans from infecting their devices.

Kaspersky suggests that users follow two key steps:

  • Only install programs and updates from trusted sources.
  • Use a reliable security solution with features against it Phishing that prevent redirects to suspicious pages.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



FCC: Extremists turn to radio equipment after banning from social media

The US government warns that extremists could turn to radio equipment to plan their future attacks, ...

Android: How to make Signal the default messaging app

Signal is a popular encrypted messaging application that focuses on privacy. It is an alternative to ...

Google Cloud: We use some SolarWinds, but we were not affected by the hack

Google Cloud CISO Phil Venables has revealed that the cloud uses software from the vendor, SolarWinds, but states that the use ...

Scotland Environment Service: ransomware continues to affect us

The Scottish Environmental Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and continues to face ...

Backdoors and vulnerabilities were discovered in FiberHome routers

Backdoors and other vulnerabilities have been discovered in the firmware of a popular FiberHome FTTH ONT router. FTTH ONT stands for Fiber-to-the-Home Optical Network ...

GitHub apologizes to an employee who fired! What happened;

GitHub has admitted that it was wrong to fire a Jewish official who made "anti-Nazi" comments about the Capitol riots.

By 2030 AI will replace the people of cybersecurity

Security company Trend Micro recently conducted a new survey that reveals that more than two-fifths (41%) of IT leaders believe ...

Chinese Winnti APT targets organizations in Russia and other countries!

Security researchers at Positive Technologies have uncovered a series of attacks carried out by a Chinese APT hacking team targeting organizations in Russia ...

Silicon Valley is investing a huge amount of money in India

From March to November, even when COVID-19 destroyed economies around the world, the richest man in India ...

Microsoft, Salesforce, Oracle are designing a digital vaccination passport

A Covid digital vaccination passport is being developed jointly by a team of health and technology companies, as well as governments, airlines and ...