Some 'Reopen' Domains Could Be Phishing and Malware Campaigns (cnet.com) 29
CNET reports on new research from a threat-intelligence company into the more than 540 domain names registered this month with the word "reopen" in their URL.
While hundreds of them are "designed to lend credibility to anti-lockdown protests," and 98 more were purchased to thwart that effort, there's still many other domains that "come from suspicious sources or resellers looking to make money... Researchers at DomainTools have found hundreds of 'reopen' URLs that were bought specifically to be resold and others that resemble malware campaigns." These are "reopen" websites targeted toward restaurants, movie theaters and sports, and all are set up for sale... "Domainers are a particular type of people who spot any chance they can to hop on a quick buck," said Chad Anderson, senior security researcher at DomainTools. "In any of these instances, there's going to be people who try and pick domains they are able to sell for $5,000 that they bought for $10 because someone wants to start a movement."
DomainTools' researchers also found a batch of links registered in bulk specifically with typos for the phrase "Reopen American Business." All of these domains were registered in China and have misspellings, indicating they're set up to be phishing pages... The idea is to trick visitors who make typos into entering their sensitive credentials on these fraudulent pages. These domains all have servers registered with Bodis, an advertising service that monetizes domain names and has links to a previous malware campaign from the advanced persistent threat (APT) group DarkHotel.
APTs are known groups behind cyberattacks. DarkHotel APT is a hacking group that primarily affects victims in Japan, Taiwan, China, Russia and South Korea. "It looks like it's going to be used for phishing campaigns," Anderson said. "It hasn't been fully activated yet, but it has characteristics of a DarkHotel APT group."
There's also an interesting detail about the first seven "reopen" pages created, which looked like they represented independent groups but were all registered under the name of pro-gun activist Aaron Dorr from Iowa, and redirected visitors to the gun rights groups that were organizing protests to "liberate" their locked down cities. That activist's family also created "reopen" Facebook groups with hundreds of thousands of followers -- which then directed people to the websites. "NBC News found that many of the websites hosted by Dorr were designed to harvest visitors' data, including emails and home addresses."
NBC adds that the group's usual method "is to attack established conservative groups from the right, including the National Rifle Association, and then make money by selling memberships in their groups or selling mailing lists of those who sign up, according to some conservative politicians and activists who have labeled the efforts as scams."
While hundreds of them are "designed to lend credibility to anti-lockdown protests," and 98 more were purchased to thwart that effort, there's still many other domains that "come from suspicious sources or resellers looking to make money... Researchers at DomainTools have found hundreds of 'reopen' URLs that were bought specifically to be resold and others that resemble malware campaigns." These are "reopen" websites targeted toward restaurants, movie theaters and sports, and all are set up for sale... "Domainers are a particular type of people who spot any chance they can to hop on a quick buck," said Chad Anderson, senior security researcher at DomainTools. "In any of these instances, there's going to be people who try and pick domains they are able to sell for $5,000 that they bought for $10 because someone wants to start a movement."
DomainTools' researchers also found a batch of links registered in bulk specifically with typos for the phrase "Reopen American Business." All of these domains were registered in China and have misspellings, indicating they're set up to be phishing pages... The idea is to trick visitors who make typos into entering their sensitive credentials on these fraudulent pages. These domains all have servers registered with Bodis, an advertising service that monetizes domain names and has links to a previous malware campaign from the advanced persistent threat (APT) group DarkHotel.
APTs are known groups behind cyberattacks. DarkHotel APT is a hacking group that primarily affects victims in Japan, Taiwan, China, Russia and South Korea. "It looks like it's going to be used for phishing campaigns," Anderson said. "It hasn't been fully activated yet, but it has characteristics of a DarkHotel APT group."
There's also an interesting detail about the first seven "reopen" pages created, which looked like they represented independent groups but were all registered under the name of pro-gun activist Aaron Dorr from Iowa, and redirected visitors to the gun rights groups that were organizing protests to "liberate" their locked down cities. That activist's family also created "reopen" Facebook groups with hundreds of thousands of followers -- which then directed people to the websites. "NBC News found that many of the websites hosted by Dorr were designed to harvest visitors' data, including emails and home addresses."
NBC adds that the group's usual method "is to attack established conservative groups from the right, including the National Rifle Association, and then make money by selling memberships in their groups or selling mailing lists of those who sign up, according to some conservative politicians and activists who have labeled the efforts as scams."
You could learn from the experts insead (Score:2)
https://www.youtube.com/user/p... [youtube.com] - The virology
https://www.youtube.com/channe... [youtube.com] - Dr John Campbell.
https://www.youtube.com/user/M... [youtube.com] - Medcram
https://www.youtube.com/channe... [youtube.com] - Dr Mike Hansen.
https://www.youtube.com/user/U... [youtube.com] - DrBeen for medical professionals.
Shortage of suckers (Score:1)
Hmm... Rather a diverting FP. Yeah, facts are nice, but I think the insight here is that Trump supporters are gullible idiots, natural suckers, and there is a shortage of "good" suckers these days. At least a shortage of suckers with money to suck away.
However even the cash-strapped Trump-supporting suckers are still useful for "Phishing and Malware" scammers. Their identities can be used for credit card scams and their pwned computers can be used for spambot and DDoS networks. Just a few examples among man
Putin must wake up every morning and laugh (Score:4, Insightful)
Re: (Score:3)
What do you expect when we've opened the internet to the masses?
This is a toy to the general public. Just like every other advancement- it will be played with by people without a clue.
Putin knows that.
Re: (Score:2)
The internet is analogous to the biblical tree of knowledge, and we've all taken a bite of this apple...
Re: (Score:3)
The internet is more an analogy for sex. It was used to transmit important information for the survival of the species, but when people started using it more for fun than for its original purpose, it became more a vehicle for transmitting diseases.
Re: (Score:2)
Re: (Score:2)
Animals have STDs as well. And so far as I can tell there has never been a time when humans didn't do sex things for "fun".
Re: Putin must wake up every morning and laugh (Score:2)
The internet is analogous to the biblical tree of knowledge, and we've all taken a bite of this apple...
No, it's a metaphor for sex. And if you'd ever actually had it you'd understand the internet is a pale shadow of the real thing.
There are some who would argue that the Tree is a metaphor for the development of human Mortality, in which case the Internet is pretty much the polar opposite of that concept.
Re: (Score:2)
it will be played with by people without a clue.
You forgot about the Russian Reversal, it is "it will play with people without a clue".
Re: (Score:2)
Re: (Score:3)
Mitch McConnel, leading the GOP majority Senate, is the real threat to this country. He's held his nose more than any other Republican legislator has, personally reviles Trump to the extreme, but has kept his eye on the ball of the neo-conservative extremist Right agenda and used Trump for all he's worth (a figure of speech -- Trump is pretty worthless IMO) to implement as much of that agenda as possible -- and the most re
Re: (Score:2)
> I really, REALLY resent all this shit happening in MY lifetime. I just wanted to live in peace, man, not live in this hell-scape.
Funny thing - halfway through your post, before reading that part, I was thinking "it seems like too much politics is making this guy's life less fun." We survived Reagan, we survived Bush (the qualified one), we survived Clinton, Bush Junior, we survived Obama, even Trump. We'll survive the next guy, and there really isn't anything YOU can do about it anyway. Life might be
Re: (Score:2)
Re: (Score:2)
> Shut the fuck up, asshole, nobody asked you.
I guess I was wrong - now you sound like a joyful person.
I wish I could be more like you because it sounds like you are having a wonderful day.
Re: (Score:2)
During the 35 years I've been a voter, the conservative appointees to the SCotUS have been far more fair and balanced, more willing to cross the party aisle, and in some cases doing so so often that they're categorized with the SCotUS' liberal wing
Re: (Score:2)
Re: (Score:2)
With a minimum amount of effort, he's completely destroyed the US. It'll be 50 years before we can even start to get our soft power back, and the lower half of the average American intelligence has been mobilized to protest anything that someone can throw up a crudely designed webpage for and make some Facebook posts about.
I don't even know what point you're making... (1) Putin tipped the balance in favor of Trump being elected? (2) Putin used Ukraine to show that the rest of the world is powerless? (3) Putin trounced the US in their real-world political influence in the Middle East? (4) Putin invested in enough Internet Research Agency work to increase the level of partisanship and bickering in the US? (5) Putin invested enough in fearmongering in the US and everywhere in the world to have them shut down their economies more
Rich vein of morons over here, Vern! (Score:3)
Some 'x' Domains Could Be Phishing and Malware (Score:3)
Some 'search' Domains Could Be Phishing and Malware
Some Domains Using The Letter 'e' Could Be Phishing and Malware
Film at 11.
Foment chaos and panic in your enemies (Score:2)
Regardless of whether or not this virus was 'helped' or not by anyone, the enemies of the U.S. and the West in general would not hesitate to use this in any way they can to magnify the chaos panic and mayhem it's causing, and believe you me, cause as many more deaths from it as possible. Psyops 101. First few pages of the playbook.
Re: (Score:2)
I agree. Most of these enemies are enthusiastically calling for an early disorganised exit from lockdown so that the second wave finishes America off. MAGA Trump 2020 kill the libs!
Clickbait (Score:2)
This article is blatant clickbait. Some domains of any topic in the public interest could be malicious. It does not matter what the topic is.
There is a legitimate reason to open up (Score:2)
Since killing off this virus before it infe