Russians Use Affiliate Model To Spread Spyware, Adware - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
5/24/2005
04:52 PM
50%
50%

Russians Use Affiliate Model To Spread Spyware, Adware

An online business based in Russia will pay Web sites 6 cents for each machine they infect with adware and spyware, security researchers say, calling the practice "awful."

An online business based in Russia will pay Web sites 6 cents for each machine they infect with adware and spyware, security researchers said Tuesday, calling the practice "awful."

iframeDOLLARS.biz, which according to a WHOIS lookup, is registered to a Nick Fedorov in Nizhny Novgorod, a Russian city on the Volga about 240 miles east of Moscow, will pay Webmasters to place a one-line exploit on their sites. The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven't been updated, however, would still be vulnerable to the exploit. According to analysis done by the SANS Institute's Internet Storm Center, the exploit drops at least nine pieces of malicious code, including backdoors, other Trojans, spyware, and adware, on any PC whose user surfs to a site hosting the exploit code.

iframeDOLLARS says it pays $61 per thousand unique installs, or 6.1 cents per compromised machine, to any site that signs up as an affiliate. The Russian firm boasts that its exploit works "without any ActiveX console or any pop-upsIt means that you will not lose your unique visitors." Nor, apparently, give away the fact that the code is dropping malware onto machines whenever a vulnerable user simply visits an affiliate site.

On its own site, iframeDOLLARS claimed that it handed out $11,890 in payments last week, which if true, would translate into nearly 195,000 infected PCs. But the business is picky. "We won't buy Russian and Asian (Japanese, Korean, Chinese) traffic," it tells prospective partners on its Web site.

"It's very clever," said Richard Stiennon, the director of threat research at anti-spyware software vendor Webroot. "And very brazen. This is new in that they're taking an existing business model -- an affiliate-style program -- to exploit a [Windows] vulnerability to plant their code."

What's not new is exploiting Windows to install adware and spyware, Stiennon added. CoolWebSearch, the most pervasive and pernicious piece of adware on the planet by the Boulder, Colo.-based company's calculations, is typically installed using some of the same vulnerabilities.

Stiennon estimated that iframeDOLLARS could collect as much as $75,000 annually from the adware it placed on the infected machines during the past week (and which cost it approximately $12,000 in payments to place). "They could be making a lot of money," said Stiennon.

Dan Hubbard, the head of security at Websense, a San Diego-based Web security and filtering vendor, said that iframeDOLLARS.biz has been around for some time, known to his team, and included in Websense's database as a malicious site.

"They've tried other things in the past [to install adware], including malicious Java applets and PHP exploits," said Hubbard.

Nor are they alone in taking this model and maliciously running with it, Hubbard added. Other sites, since shut down, have tried a similar approach, paying for other sites to infect PCs, then reaping the revenue rewards.

"I'm surprised that [iframeDOLLLARS] hasn't been shut down, too," said Hubbard.

According to the Internet Storm Center, organizations can prevent the downloading of adware and spyware from iframesDOLLARS' servers by blocking the IP address 81.222.131.59.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
News
Data Science Salary Survey Reveals Market Shift
Jessica Davis, Senior Editor, Enterprise Apps,  6/27/2019
Commentary
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
Slideshows
How to Land a Job in Cloud Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/19/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll