14 DAY TRIAL // Security researchers from Sucuri have uncovered a new method through which some companies adopting questionable practices are making money by inserting unwanted ads on other sites, or even hijacking their entire traffic.
This tactic revolves around the usage of parked domains, which are Internet domains not associated with a current service, but registered for future development, reselling, or to protect against non-copyright holders' cyber-squatting.
Chinese company spent millions to buy nearly 200,000 domains
According to Sucuri, a company named China Capital Investment Limited (CCI) has been re-registering expired domains that have a large number of backlinks. "Backlink" is a term used for when your site's content is embedded and linked from the content of other websites.
Sucuri says that CCI has registered 196,879 domains, which it parked as soon as it registered them. The company has spent nearly $2 million to register the domains and is apparently using some script that looks for backlinks to the parked domains.
If the script detects an image, it replies with an ad. For example, if you found a cool picture online and decided to embed it in your site using its link (former-site.com/image.png), after the domain expired, the image would stop working.
When CCI bought the former-site.com domain and parked it, its malicious script would continue to answer to the image requests, but instead of the original picture, it would serve an ad.
CCI accused of hijacking a website's entire traffic
The same thing happens with JavaScript files. If, for example, you used a .js file hosted on another site, which in the meantime expired and was acquired by CCI, the former domain would serve malicious JS code that would redirect all of your traffic to the parked domain, where it would show ads, for CCI's own benefit.
Besides making money from hijacking image and JS backlinks via parked domains, CCI is also selling the acquired domains on domain marketplaces, in an attempt to generate as much money as possible from its questionable business model.
While not many people normally link to JS files on other sites, there are quite a lot of bloggers and news sites that embed images on their sites from other sources.
These users are now in the position of unwittingly serving unwanted ads to their users and helping CCI boost its profits. Below is an image showing the type of ads CCI serves via its parked domains.
