Cyber criminals snap up expired domains to serve malicious ads

A man types on a computer keyboard in Warsaw in this February 28, 2013, illustration file picture. REUTERS / Kacper Pempel / Files

(Reuters) – Expired domain names are becoming the latest route for cyber criminals to find their way into the computers of unsuspecting users.

Cyber criminals launched a malicious advertising campaign this week targeting visitors of popular news and entertainment websites after gaining ownership of an expired web domain of an advertising company.

Users visiting the websites of the New York Times, Newsweek, BBC and AOL, among others, may have installed malware on their computers if they clicked on the malicious ads.

Bresntsmedia.com, the website used by hackers to serve up malware, expired on Jan. 1 and was registered again on March 6 by a different buyer, security researchers at Trustwave SpiderLabs wrote in a blog. (http://bit.ly/1Ubu21f)

Buying the domain of a small but legitimate ad company provided the criminals with high quality traffic from popular web sites that publish their ads directly, or as affiliates of other ad networks, the researchers said.

New York Times spokesman Jordan Cohen said the company was investigating if the attack had any impact. “To be clear, this is impacting ads from third parties that are beyond our control.”

Newsweek, BBC and AOL could not be immediately reached for comment.

The researchers also found two more expired “media”-related domains – envangmedia.com and markets.shangjiamedia.com – used by the same cyber criminals.

The people behind the campaign may be on keeping a watch for expired domains with the word “media” in them, they said.

(Reporting by Supantha Mukherjee and Abhirup Roy in Bengaluru; Editing by Saumyadeb Chakrabarty)

One thought on “Cyber criminals snap up expired domains to serve malicious ads

Leave a Reply

To have your avatar appear when commenting, please signup for the Gravatar service. Your email address will not be published.

 characters available

To have your avatar appear when commenting, please signup for the Gravatar service.