Sunday, August 9, 09:43
Home security Expired domains: They can redirect you to malicious sites!

Expired domains: They can redirect you to malicious sites!

Most users, if not all of them, will certainly try to open a site and in the process discover that this site no longer exists, but has been replaced by a landing page indicating that the domain has expired or is about to be renewed. . In some cases, the resulting page simply contains left-wing related to the expired site. In other cases, the page is hosted by an auction site that aims to sell the expired domain name. These landing pages or auctions appear to contain links that direct users to legitimate sites. In reality, though, things are different, as expired domains carry many risks - one of which is redirecting users to malicious sites.

In particular, a report released this week by Kaspersky points out that some of these seemingly "innocent" pages are very likely to hide malware. Looking at one application for one online game, Kaspersky's researchers found that the application tried to redirect them to an unwanted address URL, which was put up for sale on an auction site. Instead of being transferred to the right website stub, their second stage redirect resulted in a blacklist page.

expired domains

Kaspersky then discovered about 1.000 sites for sale from the same auction service. The second redirection stage for these sites has led users to more than 2.500 unwanted URLs. In addition, many of these URLs were created to download Shlayer Trojan, a malware that tries to install adware on computers. Poppy.

Tracking activity from March 2019 to February 2020, Kaspersky's researchers found that 89% of these second-stage redirects took users to ad-related pages, while 11% took them to malicious sites. In some cases, the pages were malicious code. There have also been cases where users have been asked to install malware or download infected documents. Microsoft Office and files PDF.

The ultimate goal in such cases is profit. People get paid to drive users to specific pages, whether they are legitimate ad sites or malicious ones. One of the malicious pages received an average of 600 redirects in ten days. With the pages trying to install Shlayer Trojan, the intruders received money with each installation of the malware on a target device.

malicious sites

Kaspersky researchers estimate that cybercriminals behind this malware campaign are part of a well-organized and possibly managed network that can divert traffic to malicious sites. They could do this by redirecting legally domain names and exploiting the resources of a well-known domain auction site.

Dmitry Kondratyev, a junior malware analyst at Kaspersky, explained that users can do little to avoid being redirected to a malicious page. He also said that there is no way to know if visitors are being taken to pages that download malware, while it is difficult to manage expired domains. He also stressed that malicious advertising programs are complex, which makes them difficult to detect and deal with. Therefore, the best defense of users against expired domains and the consequent consequences, is to have a complete security solution on their device, according to Kondratyev. Although this type of attack can be difficult to mitigate and combat, users can take steps to prevent Trojans from infecting their devices.

Kaspersky suggests that users follow two key steps:

  • Only install programs and updates from trusted sources.
  • Use a reliable security solution with features against it Phishing that prevent redirects to suspicious pages.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Email tracking: How to be invisible in Gmail

Most people do not know what "email tracking" is, and they often fall victim to hacking and data interception when they open ...

Free services to check the validity of your passwords

Two-factor authentication, one-on-one connectivity and other tools have made it easier than ever to improve your internet security, ...

How can you back up your Gmail?

Many users may change jobs, decide to stop using a particular email account or just want a copy ...

Amazon Prime Video: How to create a new user profile?

Amazon Prime Video has added a new handy feature: the ability to create separate profiles with individual parental controls. See how you can ...

Hacker leaked online 20 GB of Intel internal documents!

Intel is investigating reports that a hacker has leaked online 20 GB of data coming from the giant of ...

How to pin comments on Instagram via smartphone?

One of the most popular applications that exists today, Instagram, regularly presents new features for users ...

Facebook removes QAnon conspiracy theories group

A group of over 200.000 members on Facebook sharing QAnon conspiracy theories has been deleted ...

Qualcomm Snapdragon: Vulnerabilities expose 40% of smartphones to hackers

Many vulnerabilities identified in Qualcomm's Snapdragon Digital Signal Processor (DSP) chip could allow hackers to take over ...

Mark Zuckerberg: Facebook CEO is now worth $ 100 billion

Mark Zuckerberg has joined the most exclusive club, that of the richest people in the world, and is worth $ 100 billion. THE...

Microsoft Office 365 is becoming a more common target for hackers

The use of Microsoft Office 365 is constantly increasing and the huge amount of data stored in the cloud is becoming a very tempting goal ...