Results 1 to 7 of 7
  1. #1
    Roll Tide mobilebadboy's Avatar
    Join Date
    January 18th, 2005
    Location
    Mobile, Alabama
    Posts
    1,220
    Russians Use Affiliate Model To Spread Spyware, Adware
    An online business based in Russia will pay Web sites 6 cents for each machine they infect with adware and spyware, security researchers said Tuesday, calling the practice "awful."

    iframeDOLLARS.biz, which according to a WHOIS lookup, is registered to a Nick Fedorov in Nizhny Novgorod, a Russian city on the Volga about 240 miles east of Moscow, will pay Webmasters to place a one-line exploit on their sites. The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven't been updated, however, would still be vulnerable to the exploit. According to analysis done by the SANS Institute's Internet Storm Center, the exploit drops at least nine pieces of malicious code, including backdoors, other Trojans, spyware, and adware, on any PC whose user surfs to a site hosting the exploit code.

    iframeDOLLARS says it pays $61 per thousand unique installs, or 6.1 cents per compromised machine, to any site that signs up as an affiliate. The Russian firm boasts that its exploit works "without any ActiveX console or any pop-upsIt means that you will not lose your unique visitors." Nor, apparently, give away the fact that the code is dropping malware onto machines whenever a vulnerable user simply visits an affiliate site.

    On its own site, iframeDOLLARS claimed that it handed out $11,890 in payments last week, which if true, would translate into nearly 195,000 infected PCs. But the business is picky. "We won't buy Russian and Asian (Japanese, Korean, Chinese) traffic," it tells prospective partners on its Web site.

    "It's very clever," said Richard Stiennon, the director of threat research at anti-spyware software vendor Webroot. "And very brazen. This is new in that they're taking an existing business model -- an affiliate-style program -- to exploit a [Windows] vulnerability to plant their code."

    What's not new is exploiting Windows to install adware and spyware, Stiennon added. CoolWebSearch, the most pervasive and pernicious piece of adware on the planet by the Boulder, Colo.-based company's calculations, is typically installed using some of the same vulnerabilities.

    Stiennon estimated that iframeDOLLARS could collect as much as $75,000 annually from the adware it placed on the infected machines during the past week (and which cost it approximately $12,000 in payments to place). "They could be making a lot of money," said Stiennon.

    Dan Hubbard, the head of security at Websense, a San Diego-based Web security and filtering vendor, said that iframeDOLLARS.biz has been around for some time, known to his team, and included in Websense's database as a malicious site.

    "They've tried other things in the past [to install adware], including malicious Java applets and PHP exploits," said Hubbard.

    Nor are they alone in taking this model and maliciously running with it, Hubbard added. Other sites, since shut down, have tried a similar approach, paying for other sites to infect PCs, then reaping the revenue rewards.

    "I'm surprised that [iframeDOLLLARS] hasn't been shut down, too," said Hubbard.

    According to the Internet Storm Center, organizations can prevent the downloading of adware and spyware from iframesDOLLARS' servers by blocking the IP address 81.222.131.59.

    Source: TechWeb

    Shawn Kerr (.com) | Disney World | SEC Football

  2. #2
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Someone sent me that article earlier today. What I'm not getting is why they are sounding like this is something new. Paying however many cents per adware install isn't a new practice by a long shot. Nor having that type of things as an affiliate program. Nor exploiting Windows and browsers to get the installs on the computer. And you certainly don't have to go all the way to Russia to find this kind of nonsense.

    What really made me laugh was their specific mention of CWS as one of the worst companies for installing through vulnerabilities. Do they not know that CWS has an affiliate program and lists browser plug-ins as one of the ways to promote their program? Now I'd really love to see some $$$ figures thrown out for CWS like the ones for iframeDOLLARS.

  3. #3
    Roll Tide mobilebadboy's Avatar
    Join Date
    January 18th, 2005
    Location
    Mobile, Alabama
    Posts
    1,220
    I don't write it, I just post it.

    Shawn Kerr (.com) | Disney World | SEC Football

  4. #4
    Internet Cowboy
    Join Date
    January 18th, 2005
    Posts
    4,662
    Heck, this is happening right under our nose.

    http://forum.abestweb.com/showthread.php?t=56221


  5. #5
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    LOL MBB. It was just one of those articles that made me scratch my head and go 'huh?' Actually 'duh."

  6. #6
    Roll Tide mobilebadboy's Avatar
    Join Date
    January 18th, 2005
    Location
    Mobile, Alabama
    Posts
    1,220
    I figured if nothing else it'd help to point the idiot out publically, even if we know this is nothing really new. I had never heard of this particular "business" until I read the article.

    Shawn Kerr (.com) | Disney World | SEC Football

  7. #7
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    4,423
    Quote Originally Posted by mobilebadboy
    I don't write it, I just post it.
    Then you should link to the original source.

  8. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Adware/Spyware Setback
    By UncleScooter in forum Midnight Cafe'
    Replies: 10
    Last Post: June 1st, 2005, 02:43 PM
  2. Download.com Says No To Adware/Spyware
    By Kellie aka Ms. B in forum Midnight Cafe'
    Replies: 17
    Last Post: May 3rd, 2005, 08:20 AM
  3. adware/spyware/parasiteware
    By Steveinid in forum Suspicious Activity!
    Replies: 6
    Last Post: May 2nd, 2004, 10:33 AM
  4. Adware/Spyware Article at About.com
    By Buddha in forum Blocking Tips/Advice/scripts
    Replies: 0
    Last Post: December 5th, 2003, 08:17 AM
  5. The Campaign against Spyware/Adware
    By metalchick666 in forum Suspicious Activity!
    Replies: 1
    Last Post: November 20th, 2003, 07:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •