From Russia With Malware - InformationWeek
02:07 PM

From Russia With Malware

An online site in Russia is using an affiliate model to spread malicious code, including back doors, other Trojans, spyware, and adware

An online business based in Russia is paying Web sites 6 cents for each machine they infect with adware and spyware, according to security researchers who call the practice "awful."

Pay To Infect

A Russian business pays Web sites to infect PCs with adware and spyware

IframeDollars says it pays 6.1 cents per compromised machine to any site that signs up as an affiliate

IframeDollars claims that it handed out $11,890 in payments two weeks ago

If true, that would translate to nearly 195,000 infected PCs

One security expert estimates that iframeDollars could collect as much as $75,000 annually from the adware it placed on the infected machines during the third week of May, which cost approximately $12,000 in payments to place says it pays Webmasters to place a one-line exploit on their sites. The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven't been updated would be vulnerable to the exploit. According to analysis done by the SANS Institute's Internet Storm Center, the exploit drops at least nine pieces of malicious code--including back doors, other Trojans, spyware, and adware--on any PC whose user surfs to a site that hosts the exploit code.

IframeDollars says it pays $61 per thousand unique installations, or 6.1 cents per compromised machine, to any site that signs up as an affiliate.

"It's very clever," says Richard Stiennon, the director of threat research at anti-spyware software vendor Webroot Software Inc. "And very brazen. This is new in that they're taking an existing business model--an affiliate-style program--to exploit a [Windows] vulnerability to plant their code."

Stiennon estimates that iframeDollars could collect as much as $75,000 annually from the adware it placed on the infected machines two weeks ago, which cost it about $12,000 in payments.

IframeDollars isn't alone in taking this model and running with it, says Dan Hubbard, head of security at Websense Inc., a Web security and filtering vendor. Other sites, since shut down, have tried a similar approach. "I'm surprised that [iframeDollars] hasn't been shut down, too," Hubbard says.

According to the Internet Storm Center, companies can prevent the downloading of adware and spyware from iframeDollars' servers by blocking the IP address

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
A Data-Centric Approach to the US Census
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  10/12/2018
10 Top Strategic Predictions for 2019
Jessica Davis, Senior Editor, Enterprise Apps,  10/17/2018
AI & Machine Learning: An Enterprise Guide
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/27/2018
Register for InformationWeek Newsletters
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll