Pirated software spammers using Goo.gl domains to redirect to Eastern European domains
Software piracy has been a problem for over 2 decades, for the companies who invest time and money into the development and updating of the computer programs they offer for sale. After all, commercial businesses distribute computer software (a.k.a. programs), in the hopes of at least covering their costs, or maybe even making a profit, from the sales of licenses to use their intellectual property.
Standing in the way of profits are low life gangs of modern day pirates who obtain copies of popular commercial software, which they duplicate illegally and sell without permission from the legitimate copyright holders. In order to use these programs buyers must have a license code. In some cases, the software piracy gangs bribe insiders to steal actual bulk license keys from large businesses who pay huge fees to get bulk licensing for their multitudes of employees. They then re-issue these unlawfully obtained license codes to people who purchase pirated software from them.
It doesn't take too long for the companies being ripped off to learn which product keys are being distributed with pirated copies of their programs. As these keys are discovered, they are blacklisted. After that happens, the next time a buyer of that software checks for updates (manually or automatically), the program will become unlicensed and cease functioning properly, if at all. It is at that moment that many buyers realize that they have been ripped off.
But, not all pirated programs ship with stolen keys. Some have been recompiled to include embedded bulk license keys, which eventually fail, plus a little something extra to pad the profits of the gangs who sell pirated software at very low prices. That something extra is an embedded Trojan Horse remote control backdoor (botnet, etc).
I have been following the sources of pirated software for several years now and have learned that most of it is being distributed by Russian and Ukrainian criminals. During the last summer most of the domains used in email spam promoting pirated software ended in .RU. Those are Russian domains, registered in Russia.
Sadly, most of the actual websites are hosted in Czechoslovakia, on hijacked broadband PCs, or on web servers owned or leased by people involved with the crooks. All of the pirated software websites are running on the Russian Nginx web server.
Toward the end of August the Russian software piracy gangs began registering their domains with a new second level name that belongs to the Ukraine: .COM.UA. In order to register such a domain, one must possess a business license issued to a Ukrainian company. Since that time, most spam for pirated software contains a link ending in .com.ua.
Now, in mid October, 2011, the pirates have begun to use a new domain run by Google. It is a URL shortener system, named "goo.gl." They are now using a mixture of links pointing to shortened links on Goo.gl and to .com.ua domains. The Goo.gl links all contain instant redirection to an intermediate domain, which instantly redirects to a Ukrainian domain, where the pirated software is sold.
In case it isn't obvious, these websites are fly by night domains, set up from spam templates, run by cyber criminals in Russia. Anybody who is foolish enough to purchase anything from those websites has given their credit or debit card number to criminal gangs in far away places, with less than stellar enforcement of piracy or credit card fraud complaints. Buyers may lose a lot more than the money they paid for the soon to stop working pirated software!
My advice is simple. If you want a particular software program, save up and buy it from a legitimate source, authorized by the copyright holder. Commercial companies frequently offer coupons and seasonal discounts, which you can wait for and take advantage of. Many also offer very significant discounts to existing versions in July and August, as they prepare to release newer versions in or around September. These discounted programs usually come with either a free upgrade to the new version, or a very low upgrade price.
If you buy legally licensed software, you know that it won't suddenly stop working due to it being pirated. If you have issues with it, you are entitled to support from the makers. You won't have installed a botnet backdoor with it and your credit card won't have been handed over willingly to Eastern European cyber criminals.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.