Cybercriminals operate affiliate networks to boost their malware and rogueware distribution 
(23/03/2009)
Finjan Inc.'s Malicious Code Research Center (MCRC) managed to research one of the rogueware affiliate networks, where members make $ 10,800 a day. In the first issue of its Cybercrime Intelligence Report for 2009, Finjan shows how the rogueware was distributed using search engine optimization (SEO) techniques.
Cybercriminals used SEO to optimize the distribution of their rogueware. Typos and misspelled keywords (such as “obbama” and liscense”) as well as trendy keywords taken from Google Trends system were abused to show compromised websites as top search results.
Subsequently, the traffic volume to the compromised websites increased significantly luring masses of potential buyers to the rogueware offering.
The Cybercrime Intelligence Report covers the following:
· Cybercriminals are professionally organized and operate affiliate networks to boost their malware and rogueware distribution
· To promote their rogueware, they compromise legitimate websites by injecting SEO targeted pages which include repetitive popular search keywords with minor typos
· Search engines indexed these injected pages and display them as top search results
· This SEO targeted technique has proven to be very effective and yielded almost half a million Google searches to compromised sites, according to statistics found on the criminal’s server during the research
· 1.8M unique users were redirected to the rogue Anti-Virus software during 16 consecutive days
· Members of the affiliate network were rewarded for each successful redirection with 9.6 cents “a piece”, which totals $ 172,800 or $ 10,800 per day
“As reported by Finjan before, cybercriminals keep on looking for improved methods to distribute their malware and rogueware. Since they make money by trading stolen data or selling rogue software, they are looking for new and innovative techniques all time. To increase the distribution reach of their rogueware, they successfully turned to SEO,” said Yuval Ben-Itzhak, CTO of Finjan.
The report further details how the cybercriminals created “doorways” to redirect users searching the web. The research is described in Finjan’s first Cybercrime Intelligence Report.
Related topics: Hacking and intrusion prevention Internet and Web security Virus, Worm, Email security, spyware and malware
Print version | 
Email to a friend | 
Related articles
Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.
Other Security news and resources
Security News
Suppliers Directory
Jobs forum
Classifieds
Knowledge base
White papers
Research library
Security books
Special reports
Security interviews
Security companies
Security events
Security links
Security market
Product channels
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products
IT Security white papers and research library
Access Control Authentication Data Management Data Security Digital Signatures Email Security Identity Management Internet Security Intrusion Prevention Network Security Remote access security Security Management Security Policies Security Software Security Threats Virus Detection Software Virus Protection VPN Vulnerability Assessment Wireless Security
Security books, guides, standards and toolkits
RFID and Smart Cards books, guides and reference documents Biometric books, guides and reference documents CCTV books, guides and reference documents Intruder alarms and intrusion detection systems books, guides and reference documents Monitoring and surveillance books, guides and reference documents IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits Fire, Health & Safety books, guides and reference documents
