Phish Hosted for Free

Staff Writer
By Staff Writer

Brand Protection | cybercriminals | malware |

Since March 2010, and especially this month, the MarkMonitor Security Operations Center (SOC) has noticed a significant increase in the use of free web hosting services for phishing and malware attacks. Cybercriminals are using free hosting services to either host the phishing and malware sites themselves or redirect to fast-flux malicious sites.

Here is how this new attack method works: Emails with links, obfuscated by the use of HTML or a URL shortening service, direct victims to a free-hosted web page. In some cases, this page would be a phishing or malware site. In other cases, the landing page would have Javascript which would seamlessly redirect users to a malicious site hosted on a fast-flux botnet.

The free hosting-fast-flux combination is particularly interesting because it indicates cybercriminals have added another, front-end layer to their fraud infrastructure for greater stealth and resilience:


    • Layer 1: Free-hosted webpages with Javascript redirectors


    • Layer 2: Constantly changing compromised PCs that serve as proxy redirectors


    • Layer 3: Phish or malware domains


The SOC believes free hosting services are becoming popular with cybercriminals because these services give cybercriminals unlimited free resources to launch their attacks and to protect their expensive fast-flux infrastructures.

In addition, cybercriminals are able to set up malicious sites on free hosting services much more easily than registering malicious sites with ISPs or registrars. Typically, cybercriminals would register their malicious sites using stolen credentials. With free hosting services, cybercriminals may now open accounts and set up their malicious sites by simply using email addresses created on free email services.

MarkMonitor‰Ûªs SOC believes that this new development of free hosting combined with fast-flux, especially as seen this month, suggests the tell-tale signs that something on a larger scale may occur this summer. The emergence of free hosting front-ends to fast-flux botnets may indicate that cybercriminals have been beta-testing their new attack infrastructure in recent months before a general release in August, the historical high point of phishing each year. Stay tuned ‰Û_

Brand Protection, cybercriminals, malware,


Related Post

Branddy Spence 3 min read 09 Sep, 2020

The Evolution of E-Commerce amid COVID-19

OpSec Connect: The evolution of e-commerce amid COVID-19

In the second webinar of the...

Online Brand Protection, Brand Protection

Branddy Spence 5 min read 08 Aug, 2020

Leadership in licensing: A conversation with Maura Regan

A fun-filled and insightful conversation on modern leadership in the licensing...

Licensing, Brand Protection,

Stefanie Wood Ellis 3 min read 08 Aug, 2020

Why SSL Certificates Have Become the New Frontier of Phishing

In 2020 so far, over half of all phishing sites the OpSec Online AntiFraud Security...

Brand Protection, consumer protection,

Get All News Updated to your inbox