Author Topic: soundclou.com - dangerous exploit installer/typosquatter  (Read 9478 times)

0 Members and 1 Guest are viewing this topic.

January 04, 2014, 06:11:41 pm
Read 9478 times

blueguitarbob

  • Newbie

  • Offline
  • *

  • 1
The domain soundclou.com (soundcloud without the final "d") is serving malware, specifically a variant of the DomainIQ installer, disguised as a "soundcloud plugin." When a user accesses the site, it immediately redirects to http://soundcloud.audio-updates.com/1/, which attempts to install the exploit.

http://soundclou.com Exploits
http://soundcloud.audio-updates.com/1/ Exploits


I have a copy of the exploit file, if anyone wants it.

The domain is obviously preying on users who mistype the URL for soundcloud.com, for the purpose of installing an exploit on their system. I believe this is called typosquatting.

This domain has nothing to do with the company Soundcloud, and is registered in Panama. WHOIS is stealthed. I have alerted Soundcloud to the problem so they can also take action if they choose.

     --Robert

January 08, 2016, 01:44:02 pm
Reply #1

emmyslim

  • Newbie

  • Offline
  • *

  • 2
hello thanks for your post please i want doc exploit spy and i also want need an exploits that i can use to convert my exe file to doc or pdf

January 09, 2016, 04:33:18 pm
Reply #2

dlipman

  • Special Access
  • Full Member

  • Offline
  • *

  • 60
    • Multi-AV Scanning Tool
You can upload it/them ( samples ) to http://www.uploadmalware.com  and mark the submission that it was based upon a request from MDL.

Obrigado.

January 29, 2016, 04:59:14 pm
Reply #3

Malvertiser

  • Newbie

  • Offline
  • *

  • 2
Hmmm... This (hxxp://soundclou.com) redirected me to a Browlock.fakeTechSupport with the following message:

"Important security message. Please dial the number provided ASAP. You will be guided for the removal of the adware/spyware virus on your computer..."

Blah blah blah.
No exploit seems to be hosted on this site.

The other url posted here is currently offline.

February 25, 2016, 07:57:56 am
Reply #4

BenENichols

  • Newbie

  • Offline
  • *

  • 9
    • Blacklists For Squid Proxy & More.
Blacklist them anyway, its still a scam, a con, a phish attempt.
There is a demand for a better blacklist, we intend to fill that gap.

Benjamin E. Nichols
http://www.squidblacklist.org