Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The team also found that PPI programs almost always installed bots that engage infected systems in a variety of “click fraud” schemes, involving fraudulent or automated clicks on ads to falsely generate ad revenue.

One unexpected finding may help explain why PCs infected with one type of malware often quickly become bogged down with multiple infections: Downloaders that are part of one scheme often fetch downloaders from another. In other words, affiliates from one PPI service themselves sometimes act as clients of other services. Consequently, many of the installers pushed by affiliates will overwhelm recipient PCs with many types of malicious software.

“We speculate that some of these multi-PPI-service affiliates are arbitrageurs, trying to take advantage of pricing differentials between the (higher) install rates paid to the affiliates of one service for some geographical region versus the (lower) install rates charged to clients of another PPI service,” the researchers wrote.

This dynamic lends an inherent conflict of interest to the PPI market that hurts both clients and affiliates: The more installations an affiliate provides, the larger the payment received. But the more malware is installed, the greater the likelihood that the owner of an infected system will notice a problem and take steps to eradicate the malware.

PPI services have ominous implications for coordinated efforts to shut down botnets. In recent months, security researchers, Internet service providers, and law enforcement agencies have worked together to dismantle some of the world’s biggest botnets. In March, for example, Microsoft teamed with security firms to cripple the Rustock botnet, long one of the most active spam botnets on the planet. 

The Berkeley researchers argue that even if defenders can clean up a botnet—by hijacking its control servers and even remotely disinfecting PCs—the controller of that botnet can rebuild it by making modest payments to one or more PPI services.

“In today’s market, the entire process costs pennies per target host—cheap enough for botmasters to simply rebuild their ranks from scratch in the face of defenders launching extensive, energetic takedown efforts,” the researchers wrote.

2 comments. Share your thoughts »

Credit: Technology Review

Tagged: Computing, hackers, spam, cyber security, botnets, cybercriminals

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me