Deceiving domain - s3.amazonaws.com
S3.amazonaws.com is the website that is hosted by legitimate Amazon service but gets misused by malicious people and becomes a malware distributing scamming tool when the page delivers a false message about Adobe Flash Player Updates and additional installations. The domain becomes a vector that spreads Potentially unwanted programs or even injects machines with malicious script or spyware. Malicious script hides behind every pop-up with promotional or commercial material.
The site itself shows a redirecting pop-up and reroutes online traffic to services involving advertisements and malware downloads. S3.amazonaws.com urges visitors to click Allow or OK button, so the agreement to download is received. Then background processes run and start the installation of PUP. It is a common deceptive method used by PUA developers when fake software updaters deliver useless applications.
However, the biggest issue is the use of Amazon Web Services' name that people tend to trust. The fact that people are not questioning the source in the first place makes scams appearing on the page more believable and leads to more victims.
| The URL | S3.amazonaws.com |
|---|---|
| Type of the threat | Adware |
| Danger | Ad-tracking techniques involved in redirected pages obtain information about visitors' browsing habits and preferences. Scammy pop-ups lead to infiltration of a variety of cyber threats |
| Distribution | Deceptive pages redirect to the page and PUPs installed during insecure installations can trigger such pop-upsĀ |
| Leads to | Infiltration of potentially unwanted programs, useless software or serious malware |
s3.amazonaws.com violations
2CR-015: The site is included on the database of anti-spyware tools
2CR-002: The page shows fake update installer message that encourages to allow the download of questionable application
2CR-007: The domain shows additional browser pop-up encouraging to click on it before closing the window
