Redirectors are a popular tactic used by cybercriminal on their way to trick Web filtering solutions. And just as we’ve seen in virtually ever segment of the underground marketplace, demand always meets supply.
A newly launched, DIY ‘redirectors’ generating service, aims to make it easier for cybercriminals to hide the true intentions of their campaign through the use of ‘bulletproof redirector domains’. Let’s take a peek inside the cybercriminal’s interface, list all the currently active redirectors, as well as the actual pseudo-randomly generated redirection URLs.
Cybercriminals are masters of multi-tasking. For instance, whenever a web server gets compromised, they will not only use its clean IP reputation to host phishing, spam and malware samples on it, they will also sell access to the shell allowing other cybercriminals the opportunity to engage in related malicious activities such as, mass scanning of remotely exploitable web application vulnerabilities.
Today, I intercepted a currently active phishing campaign that’s a good example of a popular tactic used by cybercriminal known as ‘campaign optimization’. The reason this campaign is well optimized it due to the fact that as it simultaneously targets Gmail, Yahoo, AOL and Windows Hotmail email users.
Cybercriminals are currently spamvertising a fraudulent email campaign impersonating Citi, using ‘Temporary Limit Access To Your Account‘ themed emails as a social engineering attempt to trick end users into clicking on the link found in the phishing emails.