Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Executable files on the Ya!Bucks pay per install program are spreading a range of malware including the Rustock and Pushdo spam bots and fake anti-virus.Writing on the Marshal8e6 TRACElabs blog, Gavin Neale claimed that affiliate or pay per install programs such as Ya!Bucks reward people for installing malware on a victim's PC or by redirecting browsers to landing pages where users may be asked to download software or be exposed to exploits.Once a user is registered with Ya!Bucks, members can download an executable file that they will then spread to victims' PCs via their own methods. Ya!Bucks members get paid if the victim purchases the software that was installed (often illegally) on their PC.Neale claimed that affiliate programs such as this are one reason why there is a constant stream of malicious web pages being created to install software on people's computers.“There is also a section of available landing pages where members can redirect traffic from their own web pages to. This is often seen in search engine optimisation schemes where web pages are made to appear in search engine results to attract visitors who are then redirected to an affiliate program-landing page. The landing page used by Ya!Bucks is a typical fake anti-virus page designed to trick users into installing the fake AV software,” said Neale.He claimed that the lab signed up to the site and received an email every few days to let them know that there was a new, apparently undetectable, executable file available for them to use. At first the file was only detected by a couple of anti-virus engines, but several days later most of the major anti-virus programs had added signatures for it.Neale claimed that on the test system, the executable downloaded a range of malware including the Rustock and Pushdo spam bots and the fake anti-virus software ‘Protection System'. It also caused the system to slow down to an almost unusable speed and generated a flood of various Windows error messages.Affiliate programs pay their affiliates in different ways, for example, Ya!Bucks states that they give affiliates 70 per cent of the revenue that they generate from purchases of the fake anti-virus software. Others pay for each PC their software is installed on. The payment per install varies between countries.US installs fetch the most, usually around US10-15c per install, while installs in Asia are around one cent. The payments can increase once the affiliate has reached a certain number of installs.Neale said: “Presumably the affiliate will get paid if the victim purchases the fake AV. Whether or not they purchase ‘Protection System' they will have two spam bots and a host of other malicious software on their computer.“Most affiliate programs require affiliates to have earned a certain amount of money before they are able to have the cash transferred to a web-money account. We have seen several affiliate programs apparently disappearing, leaving their affiliates lamenting their losses on underground forums.”See original article on scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.