Cybercriminals can exploit web pages of inactive domains to mislead users into malicious websites.
In this digital era, most people have come across a website only to discover that it no longer exists. Such websites are generally replaced by other landing pages indicating that either the domain has expired or needs to be renewed.
Many of the resulting pages contain links related to the expired domains. In another instance, the page is most likely to be hosted by an auction site – to vend the ‘expired’ domain name.
These landing pages come out to be genuine with links to other legitimate websites – however, the reality is different. There could be malware lurking behind the seemingly normal web pages.
Recently, the researchers from Kaspersky, while investigating an application online, found that it tried to redirect to an unwanted and unforeseen URL. It was already listed for sale on an auction website. Despite directing users to the right site, the second-stage redirection escorted them onto a blacklisted page.
As mentioned by Dmitry Kondratyev, Junior Malware Analyst at Kaspersky in the company blog post, “Unfortunately, there is little users can do to avoid being redirected to a malicious page…The domains that have these redirects were—at one point—legitimate resources, perhaps those the users frequently visited in the past. And there is no way of knowing whether or not they are now transferring visitors to pages that download malware.”
In the latest report by Kaspersky, it was found about 1,000 websites were up for sale from the same auction site. The next stage of redirection of the sites took into more than 2,500 malicious URLs. Among them, many were set to download the Slayer Trojan, a malware that tries to install adware on the system.
Analyzing the activities from March 2019 to February 2020, the study revealed that 89% of the second-stage redirects proceeded to ad-related pages. Besides, about 11% moved to malicious pages. Certain cases found that the pages themselves had malicious code. Similarly, some URLs prompted users to install malware or download infected PDF files and Microsoft Office documents.
Unsurprisingly, people receive funds for driving users to certain sites or pages – and this is applicable for both legitimate and malicious ad pages. Profit is the ultimate objective behind malvertising, and cyber-attackers get paid for each malware installation.
The report claimed, on average, a malicious page receives 600 redirects in ten days. Dmitry Kondratyev also added, “In general, malvertising schemes like these are complex, making them difficult to fully uncover, so your best defense is to have a comprehensive security solution on your device.”