Bi Screenshot
The attack was first discovered by Endgame, which has a fantastic, detailed write-up from a security perspective on its blog.
They explain:
House of Cards Season 4 debuted on Netflix this past weekend, much to the joy of millions of fans, including many Endgamers. One particular Endgamer made an innocent, but potentially damaging mistake. He mistyped the domain "www.netflix.com" as "netflix.om" in his browser, accidentally dropping the "c" in ".com". He did not get a DNS resolution error, which would have indicated the domain he typed doesn't exist. Instead, due to the registration of "netflix.om" by a malicious actor, the domain resolved successfully. His browser was immediately redirected several times, and eventually landed on a "Flash Updater" page with all the usual annoying (and to an untrained user, terrifying) scareware pop-ups.
Basically, Engame discovered that malicious parties have taken to buying up the web domains of popular typos related to popular websites, with the hopes that unsuspecting people will see the fake "Flash Updater" popup and install the infected software out of fear.
Luckily, when you arrive at one of these websites, the malware won't immediately install itself. Instead, it will prompt you to download a file that could look like a Adobe Flash update. It goes without saying, but don't download or install it. It's fake, and will infect your computer with spammy software.
According to Kaspersky Lab, that fake "Flash Updater" download usually carries a payload called Genieo, which installs itself as an extension on your browsers and generally serves pop-ups and other annoyances on your computer.
When I visited "netflix.om" a few minutes ago, I wasn't prompted to install anything, but I found myself on a site that was decidedly sketchy and may have been phishing for my email password. Google Chrome wouldn't even let me visit "adobe.om.," as our company firewall detected something wasn't right.
As Endgame points out, ".om" is the country-specific domain name for Oman, and domains associated "with the vast majority of brands" may currently be unregistered. If you own a company, it might be worth picking up your associated .om domain name if you've found yourself the target of phishing scams before.
Here's the complete list of sketchy ".om" sites found so far:
126.om
163.om
1688.om
17173.om
28.om
4399.om
53.om
58.om
6pm.om
6pmc.om
aa.om
aaa.om
aac.om
abercrombie.om
adidas.om
adobe.om
adp.om
aetna.om
agoda.om
alibaba.om
aliexpress.om
aliexpressc.om
aljazeera.om
amazon.om
amazonc.om
americanexpress.om
ameritrade.om
ancestry.om
aol.om
aolc.om
ask.om
asos.om
att.om
autotrader.om
autozone.om
avg.om
badoo.om
baidu.om
baiduc.om
bankofamerica.om
barnesandnoble.om
beeg.om
bestbuy.om
bestbuyc.om
bet365.om
bet365c.om
betfair.om
bing.om
blogfa.om
blogger.om
blogspot.om
bol.om
bolc.om
boohoo.om
bookingc.om
capitalone.om
cbs.om
chasec.om
cheapoair.om
chegg.om
cibc.om
citi.om
citibank.om
citibankc.om
cj.om
cnet.om
cnn.om
cnnc.om
costco.om
creditkarma.om
ctrip.om
cvs.om
dailymotion.om
dangdang.om
dell.om
delta.om
deviantart.om
digg.om
directv.om
discovercard.om
douban.om
dropbox.om
drugstore.om
dubizzle.om
dw.om
dx.om
eastbay.om
eastmoney.om
ebates.om
ebayc.om
enterprise.om
etao.om
etrade.om
etsy.om
evite.om
expediac.om
facebookc.om
fedex.om
fiverr.om
flickr.om
flipkart.om
fnac.om
footlocker.om
forever21.om
fox.om
foxnews.om
freelancer.om
ft.om
gamestop.om
ganji.om
geico.om
gilt.om
github.om
gizmodo.om
globo.om
gmail.om
gnc.om
go.om
godaddy.om
googlec.om
groupon.om
hao123.om
haosou.om
hi5.om
hilton.om
homedepot.om
hotelsc.om
hottopic.om
hotwirec.om
hp.om
hsn.om
htc.om
huanqiu.om
huffingtonpost.om
hulu.om
hupu.om
ifeng.om
ign.om
ihg.om
ikea.om
imdb.om
imgur.om
indeed.om
instagram.om
instagramc.om
intuit.om
iqiyi.om
istockphoto.om
jcpenney.om
jcrew.om
jd.om
jdc.om
jet.om
kaspersky.om
kayak.om
kayakc.om
kmart.om
kohls.om
kooora.om
lan.om
lastminute.om
lenovo.om
linkedin.om
linkedinc.om
live.om
livejournal.om
livescore.om
lowes.om
lufthansa.om
macys.om
mapquest.om
meituan.om
mi.om
miniinthebox.om
mlb.om
monster.om
monsterc.om
msnc.om
mtv.om
nascar.om
nba.om
nbc.om
netflix.om
newegg.om
nfl.om
nhl.om
nike.om
nj.om
nordstrom.om
norton.om
nuomi.om
office365.om
officedepot.om
okcupid.om
oldnavy.om
one.om
opentable.om
oracle.om
orbitz.om
outlook.om
outlookc.om
overstock.om
pandora.om
paypal.om
paypalc.om
pch.om
photobucket.om
pinterest.om
pnc.om
pof.om
pogo.om
priceline.om
progressive.om
qq.om
qqc.om
qunar.om
qvc.om
qz.om
realtor.om
realtorc.om
reddit.om
rediff.om
rei.om
renren.om
rr.om
samsclub.om
samsung.om
scottrade.om
sears.om
shutterfly.om
si.om
skype.om
snapdeal.om
sogou.om
sohu.om
sony.om
soundcloud.om
southwest.om
sportsdirect.om
spotify.om
sprint.om
staplesc.om
starbucks.om
statefarm.om
steampowered.om
stubhub.om
suning.om
suntrust.om
t-mobile.om
taobao.om
taobaoc.om
targetc.om
tdcanadatrust.om
tesco.om
ticketmaster.om
tigerdirect.om
tmall.om
tmallc.om
tmz.om
toysrus.om
travelocity.om
trulia.om
tudou.om
tumblr.om
tuniu.om
united.om
ups.om
urbanoutfitters.om
usaa.om
usaac.om
usbankc.om
usps.om
vanguard.om
verizon.om
verizonwireless.om
vimeo.om
vip.om
vistaprint.om
vk.om
vkc.om
vrbo.om
vueling.om
walgreens.om
walmart.om
walmartc.om
wayfair.om
weatherc.om
webmd.om
weibo.om
weiboc.om
wellsfargo.om
wellsfargoc.om
wetter.om
whatsapp.om
williamhill.om
woot.om
wordpress.om
wordpressc.om
wsj.om
wwe.om
xbox.om
xe.om
xvideos.om
y8.om
yahoo.om
yahooc.om
yandex.om
yatra.om
yellowpages.om
yelp.om
yhd.om
youku.om
youtube.om
youtubec.om
zappos.om
zapposc.om
zara.om
zillow.om
zulily.om