Tech support malware : Scammers prefer .ORG, .XYZ and .Online domains

Directnic

Scammers posing as tech support resolving malware attacks, have a preference for .ORG, .XYZ and .Online domains.

A recent article by Malwarebytes Labs, researched how “tech support” scammers abuse native ad provider, Taboola, to serve such tech support scam ads.

How does this work: Ads are bought on Taboola, serving links to web sites that appear to contain real, shocking news, through clickbait headlines.

Not all headlines serve the malicious content that disables one’s web browser, thus making detection more difficult by the advertising providers, such as Taboola.

Malwarebytes Labs listed the identity of one of these scammers, operating from the domain Infinitymedia.Online which is linked to the email address, bhanutomar90nk@gmail.com and a location in India (IP: 43.225.55.107)

We ran a reverse report using DomainTools, which is a great provider of anti-cybercrime technology.

The following domain names were linked to the scammer’s email address:

247-BREAKINGNEWS.XYZ
247BREAKINGNEWS.ORG
247BREAKINGNEWS.XYZ
ALERT-VIRUS-FOUND.XYZ
ARTATTACKK.ONLINE
ARTISTZEBRA.COM
BESTPORNVIDEOS.ONLINE
BESTPORNVIDEOS.SITE
BESTPORNWORLD.ONLINE
BLOOM-BC.COM
BRAMBEDKARNGO.ORG
BREAKINGNEWS247AVAILABLE.ORG
CLICKWEBSITENOW.ONLINE
CREATIVE-HANDS.IN
DALITPRAHARI.ORG
DIGITAL-WEBS.XYZ
DIGITALWEBS.XYZ
ERROR-07676XX.ONLINE
EXE-VIRUS-FOUND.XYZ
EXEMICROSOFTALERT.ONLINE
EXETROJANVIRUS.ONLINE
EXETROZANVIRUS.ONLINE
EXEVIRUSFOUND.ONLINE
FABPLUS.ONLINE
FEDOSKY.ONLINE
FUN2VIDEO.XYZ
FUN2VIDEOS.XYZ
GRICS.ONLINE
HAPPYEASYGO.WEBSITE
HIPSTERVIRUSFOUND.XYZ
HISPSTER-VIRUS-ALERT.XYZ
INFINITYMEDIA.ONLINE
INFINTITYMEDIA.ONLINE
LATESTNYNEWS.ONLINE
MAISOVERSEAS.COM
MARKETINGEXPERTS.XYZ
MICRO-SOFT-SYSTEM-ALERT.ONLINE
MICRO-SOFT-SYSTEM-ALERT1.ONLINE
MICRO-SOFT-SYSTEM-ALERT2.ONLINE
MICRO-SOFT-SYSTEM-ALERT3.ONLINE
MICROSOFT-ERROR.XYZ
MICROSOFT-FOUND-A-VIRUS.XYZ
MICROSOFT-TROJAN-VIRUS.XYZ
MICROSOFTFOUNDAVIRUS.XYZ
MS-SUPPORT-ALERT.ONLINE
MS-SUPPORT-ALERT.WEBSITE
MS-SUPPORT-ALERT.XYZ
MS-SUPPORT-ALERT1.ONLINE
MS-SUPPORT-ALERT1.WEBSITE
MS-SUPPORT-ALERT1.XYZ
MSCOMFORT.IN
MYBESTMAIL.XYZ
MYPORNWORLD.ONLINE
NOW-DEAL-WITH-VIRUS.XYZ
NYTIMESDAILY.XYZ
ONLINE-FREE-GAMES.XYZ
PLAYGAMEONLINENOW.XYZ
PLAYGAMESONLINENOW.XYZ
PORNHUBWORLD.XYZ
SERVER-CRASH-ALERT.XYZ
SHOPPINGSITEONLINE.XYZ
SUMOLOGIC.ONLINE
THENEWYORKTIMENEWS.XYZ
THEONLYTIMESNEWS.XYZ
THETIMESNEWS.XYZ
TIMES-NEWS.XYZ
TOUCHWOOD-SUPPLY.ORG
TROJAN-ALERT.ONLINE
TROJAN-ERROR.ONLINE
TROZAN-VIRUS.ONLINE
UK-TIMES-NEWS.XYZ
ULTIMATEPORNTOYS.XYZ
ULTIMATEPORNWORLD.XYZ
UNITEDTIMESNEWS.XYZ
VIRUS-ALERT2.ONLINE
VIRUS-DETECTED-2.XYZ
VIRUS-DETECTED-3.XYZ
WARNINGALERT.ONLINE
WEDOMARKETING.ONLINE
XXMICROSOFTVIRUS.XYZ
XXXVIRUS.XYZ
YOUTUBE-TO-MP3CONVERTER.ONLINE

As one can see, the majority of the TLDs used are .XYZ, .ORG, Online and the occasional .COM and .Website.

For the full article click here.

Update:

The XYZ Registry sent us an update:

“Tech support malware .xyz domains suspended. Wanted to let you know that the .xyz domains you mentioned in your article have all been investigated and suspended. After investigating the non-.xyz domains on your list, we found that some of those bad actors also had some .xyz domains that you hadn’t reported. We took action on some additional .xyz domains as well.”


Facebooktwittergoogle_plusredditpinterestlinkedinmail
Copyright © 2017 DomainGang.com · All Rights Reserved.

Comments

One Response to “Tech support malware : Scammers prefer .ORG, .XYZ and .Online domains”
  1. DomainGang says:

    The XYZ Registry sent us an update:

    “Tech support malware .xyz domains suspended. Wanted to let you know that the .xyz domains you mentioned in your article have all been investigated and suspended. After investigating the non-.xyz domains on your list, we found that some of those bad actors also had some .xyz domains that you hadn’t reported. We took action on some additional .xyz domains as well.”

Leave a Reply

Your email address will not be published. Required fields are marked *

 characters available