ADVERTISEMENT

Massive network of 30,000 websites filters victims before delivering scams or malware

A sprawling, malicious network has turned 30,000 websites into a sinister slot machine for millions of visitors. Most see harmless content, but some will get funneled into scams, and an unlucky 1% will receive malware. Security researchers unveil the overwhelming complexity behind the scenes.

malware, websites, web, internet

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Oct 1, 2025 5 min read
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

DNS trickery used for control

malware search results seo attack
Image by Cybernews.
  1. The victim visits one of the thousands of compromised websites
  2. The compromised website sends the DNS queries with user information: IP, device type, and a random string for identification
  3. Attacker-controlled DNS server responds with a text record containing a command and a link. Responses are obfuscated using Base64
  4. The web server then fetches the net stage payload and relays the output to the user
Has my data been leaked?
ADVERTISEMENT

Scams from notorious traffic distribution systems (TDS)

detour-dog-scheme

Takedown requests ignored by the registrar

IP address, website, domain
Image by Cybernews.

Who’s behind this malicious operation?


ADVERTISEMENT