Get Paid to Install Malware
Botnets are using affiliate programs to infect PCs.
Sites
like Amazon offer affiliate programs that pay users for sending them new customers. And now, malware authors, always quick to adopt tactics that work elsewhere, have developed
their own affiliate program, which was described in a talk given today at the
Black Hat DC computer security conference in Washington, DC.
Kevin
Stevens, an analyst at Atlanta-based security consulting company SecureWorks, says sites with names like “Earnings4U” offer to pay
users for each file they can install on someone else’s PC; the practice is called “pay per install.” Stevens found sites
offering rates ranging from $180 per 1,000 installs on PCs based in the U.S. to
$6 per 1,000 installs on PCs based in Asian countries.
As he researched the practice, Stevens
says he discovered a number of companies engaged in pay per install. These companies periodically change their names to dodge the authorities. He also found forums where users
shared tips for making more money, and a variety of sophisticated tools
developed to make it easier for them to install malware. “It’s almost like a real,
legitimate business,” he said.
This story is only available to subscribers.
Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.
Subscribe now
Already a subscriber?
Sign in
People who sign up for the
affiliate programs often download “malware cocktails” that they then
try to distribute as widely as possible. One common technique is to combine the
malware with a video and offer it for download on a peer-to-peer file sharing
site. Another is to host the malware somewhere on the Web, and use search
engine optimization techniques to attract traffic to it.
Stevens outlined several
types of software that a malware affiliate can use. “Crypters,” for
example, are programs that mask malware from antivirus programs. One popular
crypter costs about $75 initially, and then $25 to buy fresh pieces of code that
keep the malware masked once antivirus programs have begun to recognize the
original. Stevens estimates that it’s possible to get by for two to three weeks
on each such update.
For about $225, a malware
affiliate can multiply his earnings by obtaining a Trojan download
manager. This program allows him to pump multiple malware cocktails
into each infected PC, getting paid for each one on each compromised computer. One Trojan download manager
comes with add-ons that allow a user to harvest e-mail addresses from an
infected system, which could then be used to send spam or phishing messages.
Stevens estimates that some
of the larger companies offering pay-per-install programs are responsible for
about 2.8 million malware installs each month.