Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Many of the affiliates do extremely well. SecureWorks, a unit of Dell, analyzed the distribution of a fake antivirus program called Antivirus XP 2008 via an outfit called Bakasoftware, which was based in Russia. According to documents provided by the hacker behind Bakasoftware, who went by the nickname Krab, one of his top affiliates was able to fool 154,825 people into installing copies of malware on their computers in 10 days, with 2,772 victims going on to enter their credit card numbers. If the documents are accurate, Krab’s affiliate scuttled away with $146,524 in that brief period.

Innovation

Affiliates have spawned an impressive body of dark innovation to create new ways of infecting computers over the Web. A key tool is a legitimate website that has been surreptitiously compromised. If you visit such a site, you are often automatically redirected to a site that brings up the flashing warnings, attempting to fool you into clicking approval to download the fake antivirus program. Often, other malware is seeking unpatched holes in common software like Java and Adobe Flash—holes through which it can install other damaging payloads, like malware that steals passwords stored on your computer. This is known as a “drive-by download.”

Phony warnings similar to the one above—in dozens of languages—are a familiar sight to millions of computer users worldwide.

Remarkable technology underlies the whole process. To maintain a constant supply of infected websites, criminals write code that crawls the Web looking for known vulnerabilities in common publishing platforms like Wordpress or in Web hosting software such as cPanel, says Weinstein. (Every month, his StopBadware organization helps clean up 1,200 websites, a tiny fraction of the hundreds of thousands believed to be infected at any time.) Alternatively, the criminals can use purloined passwords to log in to websites and add malicious code. To make this job easier, botnets do much of the work automatically.

Booby-trapping websites is just one step. The malicious code must avoid detection if those sites are to remain useful to the criminals. To outwit real antivirus programs that are updated daily, the criminals make cosmetic changes to the code—often with simple and widely available encryption tricks. (The malicious code behind the Princess Di image, for example, was much the same as that used in other fake-antivirus scams but was missed by 38 out of 42 real antivirus scanners.) And to keep ahead of the blacklists that security companies and Web companies maintain to block Web addresses known to be housing malicious software, they exploit techniques for rapidly registering and changing thousands of addresses.

A look at one domain registry shows how easy this is. A company in South Korea specializes in selling millions of addresses in the national domain “.cc”—that of the Cocos (Keeling) Islands, an Australian territory. The Korean shop has registered “co.cc.” To this it can add countless numbers of names. For $1,000, in fact, it’ll give you 15,000 of them. It boasts of having 57 million co.cc sites indexed by Google, showing just how easy it can be to reach a broad swath of victims. And free Web hosting services around the world make it easy to press these sites into service.

10 comments. Share your thoughts »

Credits: Fox Photos/Getty Images, Courtesy of U.S. Department of Justice, Tommy McCall
Video by David Talbot, edited by Brittany Sauser

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me