Personal Tech Pipeline | spreading spyware | Russians Use Affiliate Model To Spread Spyware, Adware

White Papers

Sponsor Resources

WebCasts
Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

May 24, 2005

Russians Use Affiliate Model To Spread Spyware, Adware



Courtesy of TechWeb News

An online business based in Russia will pay Web sites 6 cents for each machine they infect with adware and spyware, security researchers said Tuesday, calling the practice "awful."

iframeDOLLARS.biz, which according to a WHOIS lookup, is registered to a Nick Fedorov in Nizhny Novgorod, a Russian city on the Volga about 240 miles east of Moscow, will pay Webmasters to place a one-line exploit on their sites. The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven't been updated, however, would still be vulnerable to the exploit. According to analysis done by the SANS Institute's Internet Storm Center, the exploit drops at least nine pieces of malicious code, including backdoors, other Trojans, spyware, and adware, on any PC whose user surfs to a site hosting the exploit code.

iframeDOLLARS says it pays $61 per thousand unique installs, or 6.1 cents per compromised machine, to any site that signs up as an affiliate. The Russian firm boasts that its exploit works "without any ActiveX console or any pop-upsIt means that you will not lose your unique visitors." Nor, apparently, give away the fact that the code is dropping malware onto machines whenever a vulnerable user simply visits an affiliate site.

On its own site, iframeDOLLARS claimed that it handed out $11,890 in payments last week, which if true, would translate into nearly 195,000 infected PCs. But the business is picky. "We won't buy Russian and Asian (Japanese, Korean, Chinese) traffic," it tells prospective partners on its Web site.

"It's very clever," said Richard Stiennon, the director of threat research at anti-spyware software vendor Webroot. "And very brazen. This is new in that they're taking an existing business model -- an affiliate-style program -- to exploit a [Windows] vulnerability to plant their code."

What's not new is exploiting Windows to install adware and spyware, Stiennon added. CoolWebSearch, the most pervasive and pernicious piece of adware on the planet by the Boulder, Colo.-based company's calculations, is typically installed using some of the same vulnerabilities.

Stiennon estimated that iframeDOLLARS could collect as much as $75,000 annually from the adware it placed on the infected machines during the past week (and which cost it approximately $12,000 in payments to place). "They could be making a lot of money," said Stiennon.

Dan Hubbard, the head of security at Websense, a San Diego-based Web security and filtering vendor, said that iframeDOLLARS.biz has been around for some time, known to his team, and included in Websense's database as a malicious site.

"They've tried other things in the past [to install adware], including malicious Java applets and PHP exploits," said Hubbard.

Nor are they alone in taking this model and maliciously running with it, Hubbard added. Other sites, since shut down, have tried a similar approach, paying for other sites to infect PCs, then reaping the revenue rewards.

"I'm surprised that [iframeDOLLLARS] hasn't been shut down, too," said Hubbard.

According to the Internet Storm Center, organizations can prevent the downloading of adware and spyware from iframesDOLLARS' servers by blocking the IP address 81.222.131.59.

E-mail This Story
Print This Story
Reprint This Story




Get the latest Personal Tech news, product info, and trends every week.


Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed



Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
Unleash the Power & Opportunity of Grid Computing
Experts will identify trends in grid computing, provide
examples and examine solution options.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?


In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.



PERSONAL TECH PIPELINE MARKETPLACE (sponsored links)
Critical Steps for a Successful VoIP Deployment
Enterprises expect voice and data network convergence to reduce management complexity, drive down operating costs, and enable more efficient communications. Use this "how-to" guide to effectively assess the current state of your network.

SEC & HIPAA IM Compliance
Satisfy regulatory and compliance requirements for instant messaging.

Network & Application Performance doc downloads
Free white papers, buyers guide, application notes, industry articles, and more. NetScout's nGenius Solution provides network performance management and application monitoring for complex enterprise networks.

Re-energize Your Email System in Just Two2 days!
INBOX: The Email Event, May 31-June 1, 2006. Discover best options, implement more effecient systems, meet the providers who can solve your system's pain points! Security, authentication, reputation, anti-spam and holistic threats and much more!

Security Within - Configuration based Security
Configuration and policy based security systems are a pro-active way to defend against IT security attacks. Click here to request our white papers, "Security Within - Configuration based Security" and "Policy Management vs. Vulnerability Scanning".


Buy a Link Now


Hewlett-Packard Back up your important business data with the HP DAT 72 USB tape drive.
Stellent eSeminar "Approaches to Metadata Design" on March 23
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia