Russians use affiliate model to spread spyware
An online business based in Russia will pay websites 6 US cents for each machine they infect with adware and spyware, security researchers said this week, calling the practice "awful".
iframeDOLLARS.biz, which according to a WHOIS lookup is registered to a N*** F*** in Nizhny Novgorod, a Russian city on the Volga about 240 miles east of Moscow, will pay Webmasters to place a one-line exploit on their sites. [...]
The Russian firm boasts that its exploit works "without any ActiveX console or any pop-upsIt means that you will not lose your unique visitors". Nor, apparently, give away the fact that the code is dropping malware onto machines whenever a vulnerable user simply visits an affiliate site.
On its own site, iframeDOLLARS claimed that it handed out US$11,890 in payments last week, which if true, would translate into nearly 195,000 infected PCs. But the business is picky. "We won't buy Russian and Asian (Japanese, Korean, Chinese) traffic," it tells prospective partners on its website.
"It's very clever," said Richard Stiennon, the director of threat research at anti-spyware software vendor Webroot. "And very brazen. This is new in that they're taking an existing business model -- an affiliate-style program -- to exploit a [Windows] vulnerability to plant their code."
What's not new was exploiting Windows to install adware and spyware, Stiennon added. CoolWebSearch, the most pervasive and pernicious piece of adware on the planet by the US-based company's calculations, was typically installed using some of the same vulnerabilities.
Stiennon estimated that iframeDOLLARS could collect as much as US$75,000 annually from the adware it placed on the infected machines during the past week (and which cost it approximately US$12,000 in payments to place). "They could be making a lot of money," said Stiennon. [...]
Quelle: itnews.com.au, 25 May 2005
