Spammed Goo.gl Links – Part 2

One thing that we seem to have noticed (and granted we do have limited visibility of all spam campaigns) is that it seems when the spam campaign’s using Google’s link shortening service aren’t distributing malware, they are being used to redirect visitors to pharma websites.  We thought we’d look at where these were redirecting in a little more depth today.  So first we started to look at how the links were being delivered and were surprised to see that forum spam appeared to be a primary distribution method.  Here’s an example:

This spam contains 5 links so we thought we’d follow each of them and were again surprised to see the results:

The first link, goo.gl/syRGc, redirects to a rogue antivirus program called ‘Windows Trojans Sleuth’ via security-software-fgfdgf.info

The second link, goo.gl/x4IbG, redirects to a ‘Pharmacy online’ at bluepillss.comsyhost.com

The third link, goo.gl/J11W4, redirects to a ‘ViaGrow’ website at hifrino.ru

The fourth link, goo.gl/20yq0, redirects to a English/Spanish/French (?) language ‘Pills and Tabs’ website at bluepillstab.com

The fifth link, goo.gl/Ug1NW, redirects to mobile monitoring software at mspymobile.com

It looks like affiliate programs may be a good supplement to the income generated from Bugat/Gameover Zeus malware campaigns…as if that wasn’t enough.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: