soundclou.com - dangerous exploit installer/typosquatter

[blueguitarbob]

The domain soundclou.com (soundcloud without the final "d") is serving malware, specifically a variant of the DomainIQ installer, disguised as a "soundcloud plugin." When a user accesses the site, it immediately redirects to http://soundcloud.audio-updates.com/1/, which attempts to install the exploit.

http://soundclou.com Exploits
http://soundcloud.audio-updates.com/1/ Exploits


I have a copy of the exploit file, if anyone wants it.

The domain is obviously preying on users who mistype the URL for soundcloud.com, for the purpose of installing an exploit on their system. I believe this is called typosquatting.

This domain has nothing to do with the company Soundcloud, and is registered in Panama. WHOIS is stealthed. I have alerted Soundcloud to the problem so they can also take action if they choose.

[emmyslim]

hello thanks for your post please i want doc exploit spy and i also want need an exploits that i can use to convert my exe file to doc or pdf

[dlipman]

You can upload it/them ( samples ) to http://www.uploadmalware.com  and mark the submission that it was based upon a request from MDL.

Obrigado.

[Malvertiser]

Hmmm... This (hxxp://soundclou.com) redirected me to a Browlock.fakeTechSupport with the following message:

"Important security message. Please dial the number provided ASAP. You will be guided for the removal of the adware/spyware virus on your computer..."

Blah blah blah.
No exploit seems to be hosted on this site.

The other url posted here is currently offline.

[BenENichols]

Blacklist them anyway, its still a scam, a con, a phish attempt.