• Total Posts: 28068
  • Total Topics: 8059
  • Online Today: 1132
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: Rogue Trail  (Read 1216 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7152
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Rogue Trail
« on: 27. May 2009., 07:02:33 »

This story will take us from Poland, to Ukraine and Russia in the fascinating world of fake software.

WinPC Defender is a rogue anti virus program. For some reason, the program crashed on my machine… I guess not much time is spent on quality control.

It also hijacks your browser and displays fake warnings when you click links.

I thought this one was interesting, what about a sub affiliate? What exactly is it? If anyone knows, please tell me!

This page is registered to Andrzej from Poland.  :)

It then takes me to the “check out” page. Time to get my credit card information!

This page is registered to Nexton Limited from Kiev, Ukraine:

After a failed attempt (bad credit card), I got redirected to another payment page:

This time folks, meet Sergey from Russia:

Well, after this Eastern Europe trip I still had some questions left in my bag. I found an answer to the sub affiliate:

A sub-affiliate is someone who joins a two-tier affiliate program after being referred to it by another affiliate.

As well as earning commissions on your own sales, you earn commissions on sub-affiliate sales.

So if Betty persuades John to join, and John (the sub-affiliate) makes a sale, Betty earns a commission.

(Taken from

It sounds like a lucrative business to me.

This is just one example, of many rogue scams. Why are there so many online criminals in Eastern Europe? Well, different countries have different laws. How do you fight against someone in another jurisdiction? There is no international agreement for those kinds of matters.  Read “Is it time for InternetPol?” from F-Secure for more on the topic:

Being a cyber criminal can be an easy way to make a lot of money with minimum efforts in a country where unemployment and socio-economic problems are high.

A lot of those fake programs are localised, so don’t think only North America is targeted. In fact their reach is pretty wide, so long as you have a computer and an Internet connection, you can be a victim. Those hackers leverage the lack of computer knowledge that most people have. It gets me though sometimes, how some simple things don’t get people to think twice.

Is there an end in sight? Not likely for a while, as the delivery mechanism (exploits, social-engineering) is pretty solid.

On the defensive side, blocking the malicious domains is always an arms race… and it is easy to change them dynamically (fast-flux) to prevent blocking:

If you are interested in reading about the rogue software business, I recommend checking out Dancho Danchev’s blog. He often posts very detailed reports.

(Jerome / Malware Diaries)

Samker's Computer Forum -

Rogue Trail
« on: 27. May 2009., 07:02:33 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising