Gambling Casinos – Spam Tracking Resource

Description

Casino sites are difficult to categorize: A spamvertised brand may be on a single IP or on a fast flux botnet; it may be spammed as short-lived “throwaway” domains that redirect to the target site, or the throwaway domain may load the target domain in an iframe. Spam may arrive in consistent bunches that would suggest the same mailer is responsible for all, yet promote sites with different brands and different behaviors. There are probably several competing casino operations whose affiliates do not deal exclusively with a single sponsoring casino.

All spam casino sites require the player to be gullible enough to download software onto his/her own computer to play the games. Such programs are identified as adware or malware by various antivirus programs, though it is difficult to tell how malicious they may be nor to know if actually playing the games will download additional executable programs onto the computer. Some sites will attempt to download the software automatically by reloading themselves. Others require a click, but will download no matter what the user clicks, even the “about us” links. Others won’t download at all unless the user enables javascript for the entire site, a risky move. Site visitors who have java enabled by default or who are using browsers like Internet Explorer that permit ActiveX controls may not witness this behavior — because the software is being automatically downloaded and installed without permission from the user.

Many gambling casinos run on an illegally hijacked fast-flux set of botnet machines. The casino botnet being used in early 2008 was primarily located in the US, Romania, and Argentina. There were seats for 24 round robin addresses at a time with a refresh every 5 minutes, though fewer than 24 IP addresses were actually filled.

Legitimate sites which are within the law, like offshore casinos, often will have multiple servers due to the risk of Distributed Denial of Service attacks (DDoS). However, it was likely these sites were being hosted legitimately.

Legitimate and legal online casino websites can be found at:

https://www.onlinecasinos.co.uk/ for players in the UK
https://online-casino-osterreich.at/ for players in Austria (German)
https://casino41.ch/ for players in Switzerland (French)

A sure sign that a gambling casino is illegal is when it is spammed using the redirection method. The link in the spam does not go directly to the site, but it first goes to an intermediate site. Another common sign is when the link to the site resides on a free hosting service, such as LiveJournal.com.