A number of inactive websites have been compromised and are redirecting visitors to unwanted URLs, many of which are malicious. This is according to a new study by Kaspersky, which uncovered over 1000 inactive domains that send users to second-hand pages as a way for fraudsters to make money or even infect their device.
Inactive domains are sometimes purchased by a service before being put up for sale on an auction site. Visitors to the inactive website should then be redirected to the auction stub; however, fraudsters are often substituting these stubs for malicious links.
Kaspersky researchers discovered that there were about 1000 websites for sale on one of the world’s biggest auction platforms, and these redirected visitors to over 2500 unwanted URLs. Many of these download the Shlayer Trojan, which installs adware on infected devices and is distributed by webpages with malicious content.
Of these websites, 89% were redirects to ad-related pages while 11% were to malicious sites, which either contained a malicious code or prompted users to install malware or download infected MS Office or PDF documents.
It is believed fraudsters are being paid to drive traffic to both the legitimate advertising pages and malicious sites, which is the motivation for the scheme.