by Blight Crusader

Thanks to Brian Krebs over at the “Security Fix” blog at WashingtonPost.com for this story. Apparently, there are big bucks to be had by franchising out the installation of “anti-virus” software for a sort-of “rewards program.” From Krebs’ article:

In the cyber underworld, more and more individuals are generating six-figure paychecks each month by tricking unknowing computer users into installing rogue anti-virus and security products, new data suggests.

One service, that exemplifies a very easy way these bad guys can make this kind of money is TrafficConverter.biz, one of the leading “affiliate programs” that pays people to distribute relatively worthless security software. Affiliates are given a range of links and Javascript snippets they can use to embed the software in hacked and malicious Web sites, or tainted banner advertisements online.

Unsuspecting users who view one of these hacked sites or ads see a series misleading warnings saying their computers are infected with malware, and offering a free scan. Those who agree are prompted to download a program that conducts a bogus scan and warns of non-existent threats on the user’s system. The software also blocks the user from visiting legitimate security Web sites. The user is then pestered with increasingly deceptive and incessant prompts to purchase the software (see the screen shots above and below for some of the more subtle examples).

The user’s system remains in this state until he or she figures out how to remove the software or relents and pays for a license. At that point, the affiliate responsible for generating that installation is paid by TrafficConverter.biz about $30. The software is sold for between $50 and $75 per license.

The article goes on to state:

TrafficConverter.biz was dismantled on Nov. 29, 2008, most likely because the same domain was referenced deep inside the guts of the Conficker worm, a family of malware that is estimated to have infected at least 10 million Microsoft Windows systems.

Prior to site’s demise, security researchers managed to snag a copy of the database for the TrafficConverter affiliate program. While that data set is incomplete, the information available on the top-earning affiliates helps explain why so many consumers are reporting infections from rogue anti-virus products: Successful affiliates are making money hand over fist with these programs.

It then goes on to show, in graphic detail, how much money these affiliates are making. And how they are spurred on by contests such as winning Mercedes cars. It concludes with the following:

TrafficConverter.biz was forced offline at the end of November, but it was resurrected just a few days later at TrafficConverter2.biz. The site to this day boasts at least 500 active affiliates, all pushing a new rogue product called Antivirus360. What’s more, a new contest — for luxury goods, including a Mercedes S-Class — is already underway.

One final observation: As we noted last month, Microsoft has issued a $250,000 reward for information leading to the arrest and conviction of the individual(s) responsible for unleashing the Conficker worm. I wonder, though, if that amount is at all enticing to any of these affiliates if they know who was responsible, since apparently that kind of money can already be earned in a little more than a month’s time.

That’s an excellent question.

Tags: anti-virus, virus

This entry was posted on Tuesday, March 17th, 2009 at 3:20 am and is filed under Articles, Blight News, Headlines. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.