Thanks to a mature monetization model introduced by vendors of bogus online gambling software, cybercriminals continue mass mailing millions of emails in an attempt to earn revenue for each and every new installation of the promoted software.
In this post, I’ll profile several prolific spam campaigns attempting to trick users into visiting a bogus web site, and downloading a copy of the potentially unwanted application (PUA) most commonly known as W32/Casonline.
More details:
Screenshot of the bogus W32/Casonline-promoting email:
Screenshot of the bogus W32/Casonline-promoting web site:
Second screenshot of the bogus W32/Casonline-promoting web site:
Third screenshot of the bogus W32/Casonline-promoting web site:
Fourth screenshot of the bogus W32/Casonline-promoting web site:
Fifth screenshot of the bogus W32/Casonline-promoting web site:
Sixth screenshot of the bogus W32/Casonline-promoting web site:
Seventh screenshot of the bogus W32/Casonline-promoting web site:
Eight screenshot of the bogus W32/Casonline-promoting web site:
Ninth screenshot of the bogus W32/Casonline-promoting web site:
Spamvertised URLs: hxxp://www.allslotscasino.com; hxxp://www.specialpromotions.biz; hxxp://www.luckynuggetcasino.com; hxxp://www.21grandcasino.com; hxxp://www.gowildcasino.com; hxxp://www.casinoclub.com; hxxp://www.slotsofvegas.com; hxxp://www.cityclubcasino.com; hxxp://clubplayercasino.com
Detection rate for MD5: eba4632138daf2fc857f3c8145bb4d1e – detected by 7 out of 42 antivirus scanners as Skodna.Casino.BK; Adware/CasOnline
Detection rate for MD5: 7d7e0a5adfd49fd44e8d103e3c1730af – detected by 8 out of 42 antivirus scanners as Riskware/CasOnline; Unwanted-Program
Detection rate for MD5: f7d72b0b86aabb3f22c2afb1f88713d2 – detected by 1 out of 42 antivirus scanners as Win32/RubyRoyal
Detection rate for MD5: 84b778528b96db04d233608f40f56aaa – detected by 6 out of 42 antivirus scanners as W32/Casino.P.gen!Eldorado; Riskware/CasOnline
Detection rate for MD5: 0121df3907024a68e6d9423b14db30fe – detected by 3 out of 42 antivirus scanners as Win32/RealTimeGaming_i
Detection rate for MD5: ec49130d21b60a766737aa4061790313 – detected by 2 out of 42 antivirus scanners as Heuristic.LooksLike.Win32.Suspicious.C
We’ll continue monitoring these ongoing spam campaigns.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
