Kim Dotcom - a controversial hacker, businessman, singer and now politician
Kim Dotcom's seized Megaupload domains are now redirecting visitors to malware installers and scams Reuters

Several Megaupload domains that were seized by the US government over three years ago are now being exploited by cybercriminals to serve malware and execute scams.

The domains were seized by the DOJ in January 2012 when New Zealand police raided founder Kim Dotcom's mansion in Auckland and shutdown the online locker file storage website.

Then in June 2013, all Megaupload's servers were deleted by Dutch hosting company Leaseweb as Dotcom was not able to pay for hosting since his assets were frozen by the US government.

The domain names, which include Megaupload.com and Megavideo.com, now redirect site visitors to a Zero-Click advertising feed, whereby a webpage serves malicious links to malware installers disguised as software.

The feed also redirects visitors to scams that include a fake BBC News article offering the iPhone 6 for £1, online millionaire jackpots, and the chance to become an online trader by "copying" real traders.

A fake BBC article iPhone 6 scam
Megaupload.com and Megavideo.com are now redirecting to scams like this fake BBC News article about the iPhone 6 going for £1 IBTimes UK

According to TorrentFreak, the exploitation of these domains is due to the fact that the US Department of Justice (DOJ) has lost control of the main name server, which was previously registered to the FBI's Cyber Initiative and Resource Fusion Unit (CIRFU).

Once domains are seized by the US government, they are usually registered to the CIRFU.net domain name, but the domain name for Megaupload.com is now CIRFU.biz and points to a server hosted by Dutch hosting company Leaseweb, while the domain registrant is listed as Syndk8 Media Limited.

A malware installer masquerading as useful software
A malware installer masquerading as useful software, served up by the Zero-Click advertising feed IBTimes UK

It's not known whether the DOJ lost control of the Megaupload domains because so much time has passed since the original raid, other whether the domains were taken over by some other method.

"With US Assistant Attorney Jay Prabhu, the DOJ in Virginia employs a guy who doesn't know the difference between civil and criminal law. And after this recent abuse of our seized Mega domains I wonder how this guy was appointed Chief of the Cybercrime Unit when he can't even do the basics like safeguard the domains he has seized," Dotcom told TorrentFreak.

"Jay Prabhu keeps embarrassing the US government. I would send him back to law school and give him a crash course in 'how the Internet works.'"

Read more about Kim Dotcom and Megaupload: