Wednesday, June 23, 2010

SpyEye C&C and spreading with Microsoft SpyNet Black Hat Seo technique

The following domain typo squat it's been detected googling the URL:

hxxxxxp://www.microsoft-spynet.com

As know, Spy Net is a Microsoft forum where are discussed new threats, malware and so on.
More info about this service are placed here:  http://en.wikipedia.org/wiki/Microsoft_SpyNet

In the following screen shot it's reported result (shown with a smile) from Google:


The red point is the MyWot response for the malicious URL. At the following page the SpyEye admin panel:

hxxxxp://microsoft-spynet.com/software/main-admin-panelv1.0.500/

The RobTex info about the fake SpyNet domain (and others):



Some notes: - this domain, was already known from MDL and other malicious URL database. Malware Domain List records:

http://www.malwaredomainlist.com/mdl.php?inactive=on&sort=IP&search=microsoft-spynet.com&colsearch=All&ascordesc=DESC&quantity=100&page=0

So I think that the interesting thing is the smile that appears as Google result.

An update (7/6/2010): the "smile Google result" is still alive :)

3 comments:

  1. Have you contacted Google or Microsoft about it? The smile is still there! Nice article and blog btw.

    ReplyDelete
  2. Just for info the domain 'microsoft-spynet.com' seem relied to the coder of SpyEye (gribodemon himself)

    Regards
    __
    /Xyl

    ReplyDelete