Besides the randomly named sites that host the rogue antivirus pages, I have also noticed a huge amount of legitimate sites that have been compromised to direct traffic to the rogue antivirus domains.
Each compromised website contains a folder with a 5 lettered randomly generated name. The folder also contains another randomly generated folder of the same length that contains hundreds of computer generated infected php web pages.
Examples of the folders found on compromised legitimate sites that I have discovered via google are:
http://kingofthecageskennels.com/hoabe/sueno/
http://trd3tv.net/qiqut/aejpc/
http://markingsstudio.com/ppplc/iyiux/
http://internationalharpmuseum.org/keaeb/qrdaw/
http://romania-ti.com/steuf/sgqrm/
http://bizbuilderswa.org/pmrum/bpakx/
http://mrantasi.com/ljglc/mjqrl/
http://amerilao.org/grano/kpsxm/
http://appliancerepair.tv/bseul/ewsyo/s
http://susancastor.org/czpmf/dihbl/
http://deartes.net/qesbr/sieme/
http://ffseguros.net/zwwzo/ommil/
http://eventsregister.net/cbuga/dykdb/
http://giaitri8x.net/bdrmh/bhusp/
http://alu-vene.com/eiika/zeypc/
http://streetmedia.us/iktdl/ytzcq/
http://butteredhost.com/iwyiw/xdbhc/
http://leadershipsummit.net/tyird/yeirh/
http://vogelrentalproperties.ca/iljqu/daogi/
http://punk-designs.com/uaiyx/tkuif/
http://guard-door.info/fqrna/nyhlh/
http://mortgagecapitalrealty.com/cyzle/ubpnr/
http://endoscopyspecialists.com/kescd/drwiy/
http://californiahistoricalsociety.org/ieeci/skelr
http://uriellaw.com/ilrxb/dxixr
http://elrealsabordecuba.com/lyxei/uolqe/
http://karpovthewreckedtrain.com/epjfw/htgbs/
http://moto-osat.com/npkcg/zuzfj
http://swanjoy.com/ewyqi/fopzi/
http://stevericks.net/yuyrz/tbrdw/
http://costumeoriental.com/lwicu/nghep/
http://kfgroup.net/nbfep/biqni/
http://otroma.com/omhig/flwbi
http://bilikbahasa.com/nsege/olgyf/
http://catasticbritz.com/imgjx/ekquz
http://tomspencerbassin.com/pcuwz/sbous
http://puijonsrknuoret.net/exhcy/sirfa/
http://caflasvegas.org/zeaen/ifpkl/
http://energizardelvalle.com/xisfe/esixm/
Examples of infected php pages taken from one of the above sites:
http://kingofthecageskennels.com/hoabe/sueno/survivors.php
http://trd3tv.net/qiqut/aejpc/pomegranate.php
The list of compromised sites continue to grow every hour.
BEC Scammers Adventures on the Run
-
Last week the case of Valentine FOMBE was finally brought to a close. FOMBE
was sentenced to 144 months in Federal prison and ordered to pay $325,856
in...
4 weeks ago