Cybercriminals are Exploiting Inactive Domains to Launch Malvertising Campaigns

Even a dormant or inactive domain can turn bad and begin pointing to partner program pages, phishing sites, or even malware. This month, Kaspersky published a new study on how adware or malware was lurking behind some of these seemingly benign domains.

Links get converted into malicious ones

Fraudsters have been abusing inactive domains to make money or even infect victims’ devices in targeted malvertising campaigns.
  • Kaspersky researchers found about 1000 websites for sale on one of the world’s biggest auction platforms, and these sites redirected visitors to over 2500 unexpected and unwanted URLs.
  • Many of these URLs were set up to download the Shlayer trojan, a nasty piece of malware designed to steal information from macOS computers.
  • Between March 2019 to February 2020, 89% of these domains were redirected to ad-related pages while 11% went to malicious sites, which either contained a malicious script, or prompted users to install malware or download infected attachments (Microsoft Office or PDF files).

Think before you click

Hackers have been using more complex malvertising schemes that pose a far more serious threat.
  • In July 2020, a malvertising campaign utilized the Purple Fox EK, that exploited Internet Explorer 11 via the CVE-2020-0674 vulnerability on Windows 10 systems.
  • In May 2020, the GhostDNS Exploit kit used a malvertising link in a web browser to infect SOHO router users.

How to stay protected?

Users should install ad blockers and use a trusted security solution with anti-phishing features in order to stay protected from malvertising attacks. Avoid clicking on ads, especially on unknown websites. Users should keep all their operating systems, browsers, and plugins updated with latest security patches.