I did a Bing search for Office 365 which I used in my previous post. Along the sidebar I saw the following ad:
Free download? That looks suspicious so I reported the ad as spam. I did a whois lookup on the domain and here’s what I found:
- The contact information is Moniker Privacy Services, registered out of Florida. Gee, now doesn’t that look suspicious?
- The domain was created on Feb 15, 2011. It’s less than a month old. Since it is a standard spammer technique to register lots of domains and then throw them away, this is a suspicious creation date because it fits the profile of a spam domain.
- The name servers for this domain are ns1/2.cpamoney.biz. Now seriously, what proportion of legitimate domains do you see with a .biz on them? And with “money” in the domain name? Again, this looks like an abusive site.
So you see, here’s a prime example of spammers using malvertising in order to push their illegal software. The Bing team actually came to me a few weeks ago with some advice on how to combat it and I think that they are working on some stuff to cut down on that sort of thing. It’s not actually all that different than URL reputation scanning in email, only here it has to be done in very close to real time.