Cybercriminals are currently spamvertising online casino themed emails, which ultimately redirect users to a bogus casino site offering an executable download. Upon deeper examination, it appears that the download is actually adware.

More details:

Spamvertised URL, including affiliate ID: hxxp://grand-parker.com/bonus/15free.php?affid=22323&bonus=TAKE15 – currently responding to 212.7.194.232; 195.2.253.22.

Detection rate for GrandParker.exe: MD5: 7bec7eb7f891c1c894536c10fe53c34d, Detected by 6 out of 42 antivirus scanners as GAME/Casino.Gen2; W32/CasOnline; W32/Casino.HNY

Upon execution it  phones back to the following URL in order to download  the setup file:

setup.dnfilescntnt.eu//36175/cdn/parker/Grand%20Parker%20Casino20120417101453.msi

Detection rate for Grand_Parket_Casino.msi: MD5: e5fa6bc94ee9a5becfd6d5d1cb8f1147, Detected by 1 out of 41 antivirus scanners as PUA.Packed.PECompact-1

The cybercriminals behind the spamvertised campaign are earning revenue through the Hastings International B.V. distributor of RealTime Gaming software.

Webroot SecureAnywhere customers are proactively protected from this threat.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.