Cybercriminals are currently spamvertising hundreds of thousands of emails enticing end and corporate users into clicking on links leading to bogus online casinos requiring the installation of an executable file.
This is the second bogus casino themed campaign I’ve intercepted in recent months, and the third time when I profile the distribution and infection vectors of W32/Casonline.
More details:
Screenshot of a spamvertised bogus online casino site:
Second screenshot of a spamvertised bogus online casino site:
Third screenshot of a spamvertised bogus online casino site:
Just like in the previously profiled spamvertised campaign, the cybercriminals behind this campaign are monetizing the traffic by participating in a revenue sharing affiliate network called StarPartner. The affiliate network offers:
- Commission of up to 80% per month
- Detailed and transparent reporting
- Remain committed to offering the best banner and content design
- Allowing up to 10 web sites per affiliate – with up to 1,000 unique tracking codes per casino, for each web site
- No negative monthly carry-overs
- Dedicated, multi-lingual Affiliate support
Screenshots of the affiliate network’s web site:
Second screenshot of the affiliate network’s web site:
Go through related posts on previously spamvertised W32/Casonline campaigns:
- Don’t Play Poker on an Infected Table
- Don’t Play Poker on an Infected Table – Part Two
- Don’t Play Poker on an Infected Table – Part Three
- Don’t Play Poker on an Infected Table – Part Four
- Don’t Play Poker on an Infected Table – Part Five
Spamvertised URLs: hxxp://www.allslotscasino.com; hxxp://www.crazyvegas.com; hxxp://www.ceudicestar.net
Sample detection rate for the advertised executables:
AllSlots.exe – detected by 7 out of 41 antivirus scanners as GAME/Casino.Gen; W32/Casino.P.gen!Eldorado
MD5: 76585c23167e0dcf49d55dede37ab999
CrazyVegas.exe – detected by 8 out of 41 antivirus scanners as GAME/Casino.Gen; TROJ_GEN.R3EH1FF
MD5: 72fc925d80f31501130bb1642f6a8f68
SilverOakCasinoInstaller.exe – detected by 3 out of 41 antivirus scanners as GAME/Casino.Gen2; Win32/RealTimeGaming_i
MD5: 0084f53acd115c3c7b7917f34f1b3ddc
Webroot SecureAnywhere users are proactively protected from these ‘potentially unwanted applications’.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
thank you for very very important information. I want to play live casino game. It is my favorite entertainment.
<a href=”http://www.ilovebingo.co.uk/Bet365-Bingo-Review.html”>bet365 bingo</a> : Bet365 Bingo one of the most biggest and popular online gambling websites in the UK, Bet365 offer the latest popular Bingo versopms games for use with 90 balls, 75 balls offerings. For users Review about Bet365 visit at Bet365 review website.