Ali Baba and the 40 thieves LLC a.k.a my Ukrainian “fan club” , the one with the Bahama botnet connection , the recent malvertising attacks connection , and the current market leader of black hat search engine optimization campaigns , has been keeping themselves busy over the past couple of weeks, continuing to add additional layers of legitimacy into their campaigns ( bit.ly redirectors to blogspot.com accounts leading to compromised hosts ), proving that if a cybercrime enterprise wants to, it can run its malicious operations on the shoulders of legitimate service providers using them as “virtual human shield” in order to continue its operations without fear of retribution. Over the past two weeks, the Koobface gang once again indicated that it reads my blog, “appreciates” the ways I undermine the monetization element of their campaigns, and next to redirecting Facebook’s entire IP space to my blog , they’ve also, for the first time ever, moved from using my name in their redirectors , to typosquatting it. For instance, the — now suspended — Koobface domain pancho-2807 .com is registered to Pancho Panchev , pancho.panchev@gmail.com , followed by rdr20090924 .info registered to Vancho Vanchev , vanchovanchev@mail.ru .
See more here:
Koobface Botnet’s Scareware Business Model – Part Two