I searched for diet spam tweets on Twitter and found one link that looked promising: ongarciniacambogia.com:
Quick check on Pinterest using the /source/ – parameter – lots of fruity images:
The page looks quite different. No annoying videos or pop-ups, the page has links to Twitter, Facebook, Google+ – not spam or scam?
The source code of the page didn’t reveal anything clearly malicious. The site is powered by WordPress. Lets proceed and click on the “free trial” and see what happens:
I was redirected to exclusiverewards.honkeyproductions.com. The “survey” page is localized saying I might win a 1000€ gift certificate just by answering five simple questions about my browser usage. The page recognizes at least Firefox, but gets confused with other great browsers such as Opera and Safari.
I completed the survey, because the page source code didn’t reveal what is going to happen next. I landed here:
Interesting journey: diet products, fake (and possibly malicious) browser survey and finally some random competition. This scheme is too complex and confusing. Hopefully so confusing that users will close the browser window after the first step – or before it.
I have reported the domains and links to F-Secure. You can check the status e.g. from F-Secure’s Browsing Protection site.
This campaign involves several typosquatted domain names. I have found the following ones:
- goggle.com, goggle.net
- hotmil.com (possibly related)
- myspce.com (possibly related)
They all redirect to the same scam survey. Below is a screen-shot of the “faecbook”: