Fake virus alert leads to Tech Support scam from compromised site – BroadAnalysis

BroadAnalysis

Threat Intelligence and Malware Research

Fake virus alert leads to Tech Support scam from compromised site

Oct 29, 2017 by Analysis in Tech Support Scam

Sorry. No pcap available.
Thanks to EKTracker for sharing information on compromised site.

ASSOCIATED DOMAINS AND IP ADDRESSES:

www.canmoredaycare.com – Compromised site
spwms.com – GET /js/ – Redirect leading to Tech Support Scam
www.polesandtracks.co.uk – GET /js/ – Redirect leading to Tech Support Scam
vryheid.top – GET /index/?2271507809353 – Redirect leading to Tech Support Scam
techsupport4u26101.tk – GET /?number=888-818-9761 – Tech Support Scam Page

NOTES:

spwms.com is still very much active leading to fake flash player and PUP bundles.

Follow on Twitter @broadanalysis

Tagged with: Indicator's of Compromise, IOC's, Malware Research, Tech Support Scam