A World-wide Scam Network

January 3, 2014 - By Chris Larsen

A fellow researcher (thanks, Kimberly!) recently asked about an odd domain (seamaster.pw) she'd seen show up in a page in her browser as she was visiting a normal web site. It turned out to be worth a look...

As background, several months ago, we recommended that people consider blocking the whole .pw domain. (We continue to run into shady .pw domains on a regular basis.)

Anyway, back to seamaster.pw...

 

It's being fed traffic almost entirely by ads.yahoo.com, with a bit of traffic from other ad networks.

In turn, it's sending most of its traffic to sebcotrk.com, with a bit going directly to a scammy site. Which turns out to be no coincidence, seeing that sebcotrk.com is sending its traffic to a world-wide network of scam sites:

screenshot of Indian work-at-home scam site

(BTW, I Googled for Krishna Karpal from Mumbai, and did not find her blog -- maybe the "reporter" who wrote this was a better researcher than I am -- but there were lots of sites calling her a fraud. And other things.)

 

screenshot of Australian scam site

 

screenshot of .co (columbia) scam site

 

screenshot of American bankruptcy scam site

 

screenshot of Taiwan iPhone scam site

 

screenshot of Polish scam site

 

screenshot of Australian win-a-car scam site

Let's see.. So far, that's India, Australia, Columbia (the .co domain), America, Taiwan, Poland, and Australia again.

On another branch of the network, it's a Portuguese pop-up:

screenshot of Portuguese scam pop-up

Hey, maybe I'll try this one -- I'd like to win an iPad!

screenshot of Portuguese win-an-iPad scam site

Wait! I think I know this one... Yeah, I think the guy who founded Apple was Bill Gates! That's it! I'm sure of it!

(*Click*)

Woo-hoo! I was right!

screenshot of Portuguese scam site, winning even after wrong guess

 

(I have to say that it's hard to respect scammers who are so clumsy that they'll claim to hand out iPads to people who mix up Bill Gates and Steve Jobs...)

So no malware, but definitely a big network of scam sites. And they all get a well-deserved Scam/Questionable rating. (We can't spend all of our time just catching malware, after all. There's a lot of other junk out there on the Web to clean up.)

 

--C.L.

@bc_malware_guy