Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
An industry built on serving adware has become a full-fledged malware distribution channel, with a thriving underground economy, according to researchers at SecureWorks.The business model is known as pay-per-install (PPI), and profits by recruiting “affiliates” willing to facilitate malware installation on victims' computers.According to a new report from the SecureWorks Counter Threat Unit titled "The Underground Economy of the Pay-Per-Install Business", the method begins when an affiliate interested in building a network of infected computers signs up to a PPI site and receives files from the PPI provider. In the past, such sites typically served as the breeding ground for adware distribution, but now criminals are recruiting opportunists so they can receive more potent malicious code. “People interested in getting into the business go to PPI sites, sign up and download executable files,” Kevin Stevens, a SecureWorks researcher, told SCMagazineUS.com. “To make money, they install it on as many computers they can, using a variety of techniques, most of which are outlined on the PPI sites.” The PPI sites contain methods and tools to help affiliates distribute the malicious files. Some of the options include distributing the malware through drive-by-download or peer-to-peer sites, or by using blackhat SEO methods, Stevens said.The affiliates earn money for every 1000 installations they execute, though the compensation can vary widely.“One challenge affiliates encounter is that they must perform hundreds to thousands of installs to receive any significant income,” the report states.The malware files being distributed typically make use of subterfuge to remain undetected, such as encrypted signatures to hide from anti-virus engines. Another technique is for malware programs to shut themselves down if they are running in a virtual machine.“A virtual machine such as VMWare or VirtualBox has certain code that runs in the background – to virtualise hardware and processes,” Stevens said. “It doesn't have the same code running as it would if it were running on real hardware. The malware picks up on the processes [by trying to retrieve certain code] and if it finds one, kills itself.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.