Koobface Botnet’s Scareware Business Model
UPDATE1: TrendMicro just confirmed the ongoing double-layer monetization of Koobface . Meanwhile, the gang is rotating the scareware domains with new ones pushed by popup.php, followd by two recently updated Koobface components. The new scareware domains kjremover .info ; lrxsoft .info – 212.117.160.21 – Email: niclas@i.ua actually download it from the well known q2bf0fzvjb5ca .cn portfolio, which phones back to the same domains listed previously, with only a slight change in the filename – urodinam .net/8732489273.php
Read the original here:
Koobface Botnet’s Scareware Business Model