Skip to Content
Uncategorized

Get Paid to Install Malware

Botnets are using affiliate programs to infect PCs.
February 2, 2010

Sites like Amazon offer affiliate programs that pay users for sending them new customers. And now, malware authors, always quick to adopt tactics that work elsewhere, have developed their own affiliate program, which was described in a talk given today at the Black Hat DC computer security conference in Washington, DC.

Kevin Stevens, an analyst at Atlanta-based security consulting company SecureWorks, says sites with names like “Earnings4U” offer to pay users for each file they can install on someone else’s PC; the practice is called “pay per install.” Stevens found sites offering rates ranging from $180 per 1,000 installs on PCs based in the U.S. to $6 per 1,000 installs on PCs based in Asian countries.

As he researched the practice, Stevens says he discovered a number of companies engaged in pay per install. These companies periodically change their names to dodge the authorities. He also found forums where users shared tips for making more money, and a variety of sophisticated tools developed to make it easier for them to install malware. “It’s almost like a real, legitimate business,” he said.

People who sign up for the affiliate programs often download “malware cocktails” that they then try to distribute as widely as possible. One common technique is to combine the malware with a video and offer it for download on a peer-to-peer file sharing site. Another is to host the malware somewhere on the Web, and use search engine optimization techniques to attract traffic to it.

Stevens outlined several types of software that a malware affiliate can use. “Crypters,” for example, are programs that mask malware from antivirus programs. One popular crypter costs about $75 initially, and then $25 to buy fresh pieces of code that keep the malware masked once antivirus programs have begun to recognize the original. Stevens estimates that it’s possible to get by for two to three weeks on each such update.

For about $225, a malware affiliate can multiply his earnings by obtaining a Trojan download manager. This program allows him to pump multiple malware cocktails into each infected PC, getting paid for each one on each compromised computer. One Trojan download manager comes with add-ons that allow a user to harvest e-mail addresses from an infected system, which could then be used to send spam or phishing messages.

Stevens estimates that some of the larger companies offering pay-per-install programs are responsible for about 2.8 million malware installs each month.

Deep Dive

Uncategorized

Uber Autonomous Vehicles parked in a lot
Uber Autonomous Vehicles parked in a lot

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.

If they ever hit our roads for real, other drivers need to know exactly what they are.

stock art of market data
stock art of market data

Maximize business value with data-driven strategies

Every organization is now collecting data, but few are truly data driven. Here are five ways data can transform your business.

Cryptocurrency fuels new business opportunities

As adoption of digital assets accelerates, companies are investing in innovative products and services.

Mifiprex pill
Mifiprex pill

Where to get abortion pills and how to use them

New US restrictions could turn abortion into do-it-yourself medicine, but there might be legal risks.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.