An online site in Russia is using an affiliate model to spread malicious code, including back doors, other Trojans, spyware, and adware
An online business based in Russia is paying Web sites 6 cents for each machine they infect with adware and spyware, according to security researchers who call the practice "awful."
Pay To Infect
A Russian business pays Web sites to infect PCs with adware and
IframeDollars says it pays 6.1 cents per compromised machine to any
site that signs up as an affiliate
IframeDollars claims that it handed out $11,890 in payments two weeks
If true, that would translate to nearly 195,000 infected PCs
One security expert estimates that iframeDollars could collect as
much as $75,000 annually from the adware it placed on the infected
machines during the third week of May, which cost approximately $12,000
in payments to place
IframeDollars.biz says it pays Webmasters to place a one-line exploit on their sites. The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven't been updated would be vulnerable to the exploit. According to analysis done by the SANS Institute's Internet Storm Center, the exploit drops at least nine pieces of malicious code--including back doors, other Trojans, spyware, and adware--on any PC whose user surfs to a site that hosts the exploit code.
IframeDollars says it pays $61 per thousand unique installations, or 6.1 cents per compromised machine, to any site that signs up as an affiliate.
"It's very clever," says Richard Stiennon, the director of threat research at anti-spyware software vendor Webroot Software Inc. "And very brazen. This is new in that they're taking an existing business model--an affiliate-style program--to exploit a [Windows] vulnerability to plant their code."
Stiennon estimates that iframeDollars could collect as much as $75,000 annually from the adware it placed on the infected machines two weeks ago, which cost it about $12,000 in payments.
IframeDollars isn't alone in taking this model and running with it, says Dan Hubbard, head of security at Websense Inc., a Web security and filtering vendor. Other sites, since shut down, have tried a similar approach. "I'm surprised that [iframeDollars] hasn't been shut down, too," Hubbard says.
According to the Internet Storm Center, companies can prevent the downloading of adware and spyware from iframeDollars' servers by blocking the IP address 184.108.40.206.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.