As we published before Security Alert: Facebook URL Hijacking, AegisLab found Google is also the famous target for URL hijacking. 2 URls look like Google domain as listed below:

  • goole.com.tw
  • goglole.com
Once you click the the above URLs, it will redirect to the win prize page via (hxxp://domtrot.com /, hxxp://ssc23.com/, hxxp://secredir.com/) (see figure 1):
 
Figure 1: Win prize page
 
We collected several win prize URLs as listed below:
  • hxxp://channelawardspot.com?sov=22603&&id=cGiveaways1
  • hxxp://the-rewardz-spot.net?sov=22603&&id=cGiveaways1
  • hxxp://therewardspot.net?sov=22603&&id=cGiveaways1
  • hxxp://stationbonusspot.com?sov=22603&&id=cGiveaways1
  • hxxp://survey-pathway-spot.com?sov=22603&&id=cGiveaways1
  • hxxp://station-rewardspot.com?sov=22603&&id=cGiveaways1
After analyzing, we found the attack source IPs are the same as Security Alert: Fake Win Prize Site-Youtu"D"e.com as listed below:
 
 
AegisLab reminds you again, almost win prize pages attempt to gather your personal sensitive information. "There's no such a thing as free lunch"!
 
By AegisLab