Pop-ups pay day for Russian scammers
Relevant offers
Cyber criminals are earning up to $US150,000 a week selling fake anti-virus software to naive internet users, confidential documents obtained by a US security researcher reveal.
Computer users typically receive annoying pop-up messages telling them their computer is infected and they can clean their machine by clicking to buy a $US49.95 software package called Antivirus XP 2008 or Antivirus XP 2009.
The pop-ups are either delivered through ads on websites or, more commonly, directly to the user's computer if it has been infected with a virus and subsequently recruited as part of a "botnet" of PCs controlled by hackers.
With more recent "drive-by download" attacks, a computer can be infected just by browsing the web and when it is brought into a botnet, which could include thousands of machines, the hacker can surreptitiously control it and deliver the pop-up messages.
Joe Stewart, director of malware research at SecureWorks, said in an interview that while many hackers benefited from botnets by using them to harvest victims' bank and credit card details, it was now common for them to join affiliate programs selling fake anti-virus software.
One such program is run by a Russian outfit called Bakasoftware, which pays affiliates commission of between 58 per cent and 90 per cent of their sales.
For instance, if a hacker controls a botnet of 20,000 computers, they could earn up to $US225,000 just by tricking 5000 victims into buying the fake anti-virus software for $US49.95 each.
"For most people they might just be browsing the web and suddenly they don't know why this thing will pop up in their face, telling them they've got 309 infections on their computer, it will change their desktop wallpaper, change their screensaver to fake 'blue screens of death'," Stewart said.
"It goes to a lot of trouble to try and scare people into thinking they have a massive infection on their computer and they need to pay money to this software vendor to get it cleaned."
Stewart said the pop-ups keep re-appearing until the user buys the anti-virus program, which looks much like real security software. Once they do, another pop-up says the computer is being scanned and all problems are fixed, but "everything it just scanned for is fake so it didn't really do anything".
Recently, Bakasoftware's database was obtained by a hacker known as NeoN and earning details of the top 10 affiliates were published on various online hacking forums. The data revealed the most successful affiliate earned $US158,000 in a week and even small-time hackers could earn hundreds of thousands of dollars a year.
Stewart said the figures were consistent with those previously released by Bakasoftware itself in order to encourage hackers to join its affiliate program.
"What these hackers will do is they want to make some money one day and they've got 20,000 computers all under their control, so they just grab this software and push it out to them," he said.
Meanwhile, Bakasoftware simply has to develop the fake anti-virus software and sit back and collect its commission.
Since it is not hacking people's computers and only runs the affiliate program, Bakasoftware does not have to worry about being shut down by police, Stewart said.
"There's little risk in it for most of these guys as opposed to the amount of risk you might see in stealing credit cards or bank account information or even spam," he said.
"We know that most of the affiliates are in Russia. They don't target Russians - they know that if there's no Russian victims there's probably nil chance of Russian law enforcement ever coming after them."
Paul Ducklin, Sophos's head of technology for the Asia-Pacific region, advised Australians to only buy anti-virus programs they know they can trust. Any software that required customers to hand over money before even completing a trial scan and clean was probably fake.
"Don't feel pressured into purchasing because a free program has frightened you with a list of alleged threats," he said.
STUFF.CO.NZ AFFECTED
The malware virus affected several users on Stuff this morning. The virus brought up pop-up messages on the users computer telling them that their computer was infected, with a link to buy a fake antivirus package called Antivirus XP 2008 or Antivirus 2009.
The advert containing the virus was a first-time advertiser and has been subsequently pulled from Stuff.co.nz.
- © Fairfax NZ News
Sponsored links
NZ police access Facebook evidence
Facebook can alienate people further - study
Brazil files injunction against Twitter
Review: Catherine for Xbox 360
Top selling games in New Zealand
Apple factory hacked amid global activist stunt
Megaupload co-accused speaks out
Direct-to-fans sport still 'years away'
The Artist dog wins 'spokesdog' role
Kiwi game industry worth more than $179.6m
Tension high as lethal log pile cleared
Police name Hawke's Bay crash victim
'Trail blazer' Carmen farewelled in Auckland
Victim was holding bat, says witness
Engineer's report prompts mall evacuation
Gardener's paradise planned for Chch
Danny Lee drops back to pack at Pebble Beach
Obama tries to defuse birth control fight
Police recapture Madonna stalker
Promoter dismisses bike helmet harm study
Will bill make food safer or be a form of control?
Quakes blow Wellington's benchmark
EU courts Kiwis for science grants
Earthquakes shake north and south of NZ
Engineer's report prompts mall evacuation
Quakes blow Wellington's benchmark
Tension high as lethal log pile cleared
Daily trivia quiz: February 11
Author, 12, gives proceeds to cancer research
Baby murder-accused sobs, sniffles in court
Police name Hawke's Bay crash victim
Helmet law halves cyclist numbers
CERA report prompts mall evacuation
Top selling games in New Zealand
