Another BHSEO attack is targeting users searching with key words related to volcanic eruption in Iceland after 200 years.
Our findings reveal that if users Google with key words “Iceland volcano 2010”, they can be redirected to malicious websites.
In this wave of attack, these malicious websites fake Windows’ interface and have such domain names as the following:
In fact, www.xorg.pl is the website that allows free registration of xorg.pl’s subdomains. Taking advantage of this, hacker creates countless domain names such as dibod81.xorg.pl, dibod76.xorg.pl, gertub11.xorg.pl, etc. to avoid Google Safe Browsing’s block. If Google blocks one domain, hacker will create another one.
Usually, with different domain names the hacker will have different IP server addresses.
Bkis Taskforce Team