- Code: Select all
If you break it up, you find the malicious url is hxxp://mabcom[dot]net . This URL then contains a redirect to a final spam site, typically pillz or replica watches. But also contains a hidden iframe, linking to a site that in this case contained RogueAV and Zeus.
And a final note to the lengthy (sorry!) post, a number of these redirect sites have been hosted with HostRocket.com. Has anyone had issues with them in the past? They have been responsive with takedown requests, but I find it odd they continue to be a problem.