Wednesday, June 29, 2011

Dirty Rotten Scoundrels - Now Selling Malware

The world of fraudsters has long been dominated by mafioso and slickster-types. But now a new more cerebral kind has emerged. David Talbot in MIT's Technology Review has put together a great piece on these new digital scammers who "sell" scareware. The economics of it are so compelling that some people might be tempted to quit their day jobs; it seems to have become a billion dollar industry. The modern day equivalent of selling "protection" without the heavies in suits involved. One innovative provider of malware:
....Innovative Marketing had some 600 employees and 34 servers disseminating malware, most of them operating from a traditional office complex in Kiev. The corporate empire included divisions that handled credit card payments, the call center in Ohio, and several adult websites that did double duty as vectors for the fake antivirus software. McAfee noted that Innovative Marketing logged 4.5 million orders during an 11-month period in 2008; at $35 per order, the annual revenue apparently neared $180 million. That's better than the $150 million that Twitter will pull in this year, according to an estimate by the market research firm eMarketer.
It has become so lucrative that some of these purveyors of malware have established rather sophisticated affiliate programs much like Amazon's:

One distributor, Avprofit.com, promised on its website that it would pay between $300 and $750 for every 1,000 installations in the United States, Canada, Great Britain, or Australia, where the chance is higher of encountering victims who can afford to pay what the fake warnings demand. Experience required: Avprofit sought hackers with "minimum average 250 installs per day."

Many of the affiliates do extremely well. SecureWorks, a unit of Dell, analyzed the distribution of a fake antivirus program called Antivirus XP 2008 via an outfit called Bakasoftware, which was based in Russia. According to documents provided by the hacker behind Bakasoftware, who went by the nickname Krab, one of his top affiliates was able to fool 154,825 people into installing copies of malware on their computers in 10 days, with 2,772 victims going on to enter their credit card numbers. If the documents are accurate, Krab's affiliate scuttled away with $146,524 in that brief period

These malware vendors are very innovative and have been employing multiple vectors to "sell" their wares including poisoning search engines like Bing and Google and are now going after social networks like Facebook and Twitter as well:

....search engines might be the predominant vector now, says Stefan Savage, a computer scientist at the University of California, San Diego. The scam artists play a variety of search optimization tricks to fool the algorithms that Google, Bing, and other engines use to determine which Web links to show in response to search requests. Generally, a page on an infected site (such as ­Kiwiblitz.com) is quietly stuffed with trendy search terms and links to images. Then the malicious players interlink pages—hundreds or thousands of them—so that the search engines' Web-crawling programs rank the infected page near the top for apparent popularity and relevance. Denis Sinegubko, a malware researcher in Russia, believes that criminals "have managed to hijack search results on the first pages of Google Image search for millions of keywords." As a result, he estimates, people clicked on poisoned image-search results 15 million times a month this past spring. Google says it has since reduced the number of malicious links in image searches by 90 percent from peak levels, and a spokesman emphasized that it continues to plug holes in its algorithms to head off new methods of attack. Google says that 0.5 percent of searches bring back returns that include at least one known malicious website. This might sound low, but given that Google handles more than a billion searches daily, it means that five million search returns every day bear a malicious link.

As long as the economics are so compelling we will see these scammers continue to innovate as we buffer our defenses. It seems like it will be one long slog with lots of collateral damage like the never ending War on Drugs.

No comments:

Post a Comment