Casino sites are difficult to categorize: A spamvertised brand may be on a single IP or on a fast flux botnet; it may be spammed as short-lived “throwaway” domains that redirect to the target site, or the throwaway domain may load the target domain in an iframe. Spam may arrive in consistent bunches that would suggest the same mailer is responsible for all, yet promote sites with different brands and different behaviors. There are probably several competing casino operations whose affiliates do not deal exclusively with a single sponsoring casino.
Many gambling casinos run on an illegally hijacked fast-flux set of botnet machines. The casino botnet being used in early 2008 was primarily located in the US, Romania, and Argentina. There were seats for 24 round robin addresses at a time with a refresh every 5 minutes, though fewer than 24 IP addresses were actually filled.
Legitimate sites which are within the law, like offshore casinos, often will have multiple servers due to the risk of Distributed Denial of Service attacks (DDoS). However, it was likely these sites were being hosted legitimately.
Legitimate and legal online casino websites can be found at:
- https://www.onlinecasinos.co.uk/ for players in the UK
- https://online-casino-osterreich.at/ for players in Austria (German)
- https://casino41.ch/ for players in Switzerland (French)
A sure sign that a gambling casino is illegal is when it is spammed using the redirection method. The link in the spam does not go directly to the site, but it first goes to an intermediate site. Another common sign is when the link to the site resides on a free hosting service, such as LiveJournal.com.