It's no secret that shady affiliates of some adware products have made serious cash by forcibly installing the pay-for-advertising software on victims' PCs. Now, cyber criminals are paying for much the same service, Web security firm Finjan announced on Monday.
During an investigation into one rogueware affiliate network, the security firm found a group of fraudsters who compromised legitimate pages, inserting code that redirects visitors to the Web sites of fake antivirus services, and then used search-engine optimization (SEO) techniques to attract victims. The providers of the questionable affiliate service garnered more than $10,000 a day over the 16 days of the study, the company said.
"There are two teams here," said Yuval Ben-Itzhak, chief technology officer for Finjan. "There is one team that focuses on compromising the Web site and inserting a page that redirects people, and another team that focuses on getting visitors to install rogue antivirus."
The scheme is one way that cybercriminals are improving their techniques to become more efficient at separating marks from their money. The U.S. Department of Justice has found that, historically, nearly two-thirds of companies have been hit by cybercrime. Several Internet service providers such as McColo and ESTDomains have been caught hosting the Web sites of spammers and, subsequently, have been taken down.
During the 16 days of Finjan's study, 1.8 million people were redirected to the rogue antivirus Web site under observation. Each click-through was worth 9.6 cents, resulting in a total payment of $172,000, according to a management server that kept the books for the rogueware site, the company said.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos