Wednesday, June 23, 2010

SpyEye C&C and spreading with Microsoft SpyNet Black Hat Seo technique

The following domain typo squat it's been detected googling the URL:


As know, Spy Net is a Microsoft forum where are discussed new threats, malware and so on.
More info about this service are placed here:

In the following screen shot it's reported result (shown with a smile) from Google:

The red point is the MyWot response for the malicious URL. At the following page the SpyEye admin panel:


The RobTex info about the fake SpyNet domain (and others):

Some notes: - this domain, was already known from MDL and other malicious URL database. Malware Domain List records:

So I think that the interesting thing is the smile that appears as Google result.

An update (7/6/2010): the "smile Google result" is still alive :)


  1. Have you contacted Google or Microsoft about it? The smile is still there! Nice article and blog btw.

  2. Just for info the domain '' seem relied to the coder of SpyEye (gribodemon himself)