Official press notice regarding namecheap corruption:

Legal disclaimer: any articles linked or people mentioned are in no way affiliated and or associated with this press release. The companies and or person(s) are in no way responsible for the content in this press release 

Recently, I noticed a spam campaign exploiting the "new friend on Facebook" email template to lure users into clicking malicious links. Confirmation of this has been confirmed by malwareBytes here http://blog.malwarebytes.org/fraud-scam/2013/12/fake-vpn-site-serves-up-keylogger/ by @paperghost. The domain is registered by namecheap. Proof of registration here who.is/Whois/aquavpn.com

I've contacted namecheap via twitter,phone and email proof of contact here https://twitter.com/trojan7sec/status/423494834926940160 and here https://twitter.com/trojan7sec/status/423435841286193152 their response https://twitter.com/trojan7sec/status/423725772537602048 in summary, they refuse to suspend the domain as the domain doesn't use their hosting ( can easily suspend the domain the same way they would do with a ICANN or ic3 request).

This company is completely corrupt and is perfectly happy to be the registrar behind a huge malware campaign. I've contacted them at least 30 times by now and they've made absolutely no effort to even consider elevating this to management never mind suspend the domain. 

We can't shut down the hosting. Why? Because the hosting is considered "bulletproof" and completely ignores reports (even ic3). Seems namecheap is heading towards this "bulletproof" registrar theme. 

After hacking the administration panel of this exploit kit I've noticed figures anywhere from 4-10k successful infections DAILY. This is a huge infection vector considering the publicly this campaign has received. 

This press release will be forwarded too several news agencies and independent journalists.

Any questions.

Email: trojan7malware@gmail.com

Twitter: @trojan7sec