Desenmascara.me is a free online service that analyzes websites to spot mainly whether they are FAKEs (related with the online counterfeiting) or not.
How does a FAKE website might be related with malicious content?; let me give you a bit of background to understand it.
Fake luxury goods are sold all over the Internet. There is an underground economy where a large number of globally distributed criminals trade in data, knowledge and services with the goal to defraud users and business, and this is related with the black market commoditization; a recent innovation from the fraudsters.
The underground organizations have well defined roles with inter dependencies, let's take for example; to buy and sell compromised web servers, scam hosting, exploit kits, and wholesale access to stolen user records including usernames and passwords, credit card numbers, and other sensitive personal data.
whose explanation step by step can be viewed dinamically in this video:
Where the division of labor based on the chain of specialization is clearly represented. This underground economy is the culprit of current online threats such as fake anti-virus, ransomware, Trojan banks and any kind of commodity crimeware available out there. While reading the aforementioned research paper, the below figures called my attention:
Where IOCs for most of the threads above are usually included in the vast amount of intelligence watchlists either propietary or open source in order to do some kind of:
- Correlation: (i.e: we need to see incident A before incident B can trigger)
- Validation: (i.e: customers IP-space is linked to an IOC)
- Enrichment: (i.e: To provide more context to known threats)
But for the Luxury knock-offs strategy of the profit center: Spamvertised products, whereas the revenue numbers are even higher than in known threats such as Clickfraud or even close to the infamous Zeus, I was not aware of any kind of intelligence feed providing only such specific information.
The integration of desenmascara.me into Virustotal's URL online scanning service is about the profit center: Spamvertised products. Any FAKE website related with the online counterfeiting will be flagged as such in desenmascara.me and as suspicious in VirusTotal.
Below you can find some metrics about data desenmascara.me is collecting:
Dashboard with all the brands detected
Availability of FAKE sites targeting to the PRADA brand
One of the main goals of the desenmascara.me webservice is to let anyone known with just 1 click whether a website is FAKE or not. All the information collected is shared with the community through this VirusTotal integration. In addition, if you are a brand protection professional:you would want to follow the desenmascarame twitter account (tweeting automatically each time a FAKE site is spotted and warning to the affected brand), o maybe to join the service avisame in order to get all the metadata of the FAKE website affecting to your brand.
More announcements to come.