Fraudsters are using lapsed web domains to redirect visitors to dangerous URLs, designed to spread adware and other forms of malicious content.
According to security firm Kaspersky, around 1,000 inactive domains are rigged to redirect users to blacklisted pages, some of which are capable of triggering malware downloads.
Cybercriminals used these thousand domains to route users to over 2,500 unrelated URLs, 89% of which were designed to generate advertising profits (malvertising campaigns) and 11% either contained malicious code or prompted the visitor to download infected documents and executables.
Dangerous web domains
If a company or individual decides not to renew their ownership of a web domain, the URL traditionally redirects visitors to an auction stub notifying them of its availability.
However, in some instances, hackers have found a way to replace the auction stub with a dangerous redirect mechanism. Kaspersky believes scams of this kind are likely made possible by flaws in ad filtering systems.
Researchers found one of the malicious pages identified received an average of 600 redirects every ten days, with hackers likely receiving payment based on the number of visitors funneled to the site.
“Unfortunately, there is little users can do to avoid being redirected to a malicious page. The domains that have these redirects were – at one point – legitimate resources…and there is no way of knowing whether or not they are now transferring visitors to pages that download malware,” explained Dmitry Kondratyev, Junior Malware Analyst at Kaspersky.
“In general, malvertising schemes like these are complex, making them difficult to fully uncover, so your best defense is to have a comprehensive security solution on your device.”