Topic: Rogue Trail

[Samker]

This story will take us from Poland, to Ukraine and Russia in the fascinating world of fake software.

WinPC Defender is a rogue anti virus program. For some reason, the program crashed on my machine… I guess not much time is spent on quality control.



It also hijacks your browser and displays fake warnings when you click links.




I thought this one was interesting, what about a sub affiliate? What exactly is it? If anyone knows, please tell me!



This page is registered to Andrzej from Poland.  



It then takes me to the “check out” page. Time to get my credit card information!



This page is registered to Nexton Limited from Kiev, Ukraine:



After a failed attempt (bad credit card), I got redirected to another payment page:



This time folks, meet Sergey from Russia:



Well, after this Eastern Europe trip I still had some questions left in my bag. I found an answer to the sub affiliate:

A sub-affiliate is someone who joins a two-tier affiliate program after being referred to it by another affiliate.

As well as earning commissions on your own sales, you earn commissions on sub-affiliate sales.

So if Betty persuades John to join, and John (the sub-affiliate) makes a sale, Betty earns a commission.

(Taken from associateprograms.com).

It sounds like a lucrative business to me.

This is just one example, of many rogue scams. Why are there so many online criminals in Eastern Europe? Well, different countries have different laws. How do you fight against someone in another jurisdiction? There is no international agreement for those kinds of matters.  Read “Is it time for InternetPol?” from F-Secure for more on the topic: http://www.f-secure.com/weblog/archives/00001590.html

Being a cyber criminal can be an easy way to make a lot of money with minimum efforts in a country where unemployment and socio-economic problems are high.

A lot of those fake programs are localised, so don’t think only North America is targeted. In fact their reach is pretty wide, so long as you have a computer and an Internet connection, you can be a victim. Those hackers leverage the lack of computer knowledge that most people have. It gets me though sometimes, how some simple things don’t get people to think twice.

Is there an end in sight? Not likely for a while, as the delivery mechanism (exploits, social-engineering) is pretty solid.

On the defensive side, blocking the malicious domains is always an arms race… and it is easy to change them dynamically (fast-flux) to prevent blocking: http://www.honeynet.org/papers/ff/

If you are interested in reading about the rogue software business, I recommend checking out Dancho Danchev’s blog. He often posts very detailed reports.

(Jerome / Malware Diaries)