Breach, Threat Management, Data Security, Malware

Megaupload sites seized by DOJ now distributing malware

Three years after the U.S. Department of Justice shutdown Megaupload, some of the seized sites are being used to distribute malware.

Instead of displaying a banner identifying them as sites seized as part of an investigation, Megaupload.com and Megavideo.comsites are directing users to a Zero-Click advertising feed that contains malicious links and ads.

One ad redirects users to a fake BBC article that offers the iPhone 6 for 1 Euro while another redirects them to malicious links prompting users to update their browser. Researchers at TorrentFreak said the servers still list Megaupload Limited as registrant but the CIRFU.BIZ domain in the nameserver, PLEASEDROPTHISHOST15525.CIRFU.BIZ, is not an official FBI Cyber Initiative and Resource Fusion Unit domain but rather "points to a server in the Netherlands hosted by LeaseWeb."  

The CIRFU.NET domain, which the FBI unit once used, now shows “Syndk8 Media Limited” as the registrant,

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.