Web Fraud 2.0: Franchising Cyber Crime
Brian Krebs writes on Security Fix:
For the most part, cyber gangs that create malicious software and spread spam operate as shadowy, exclusive organizations that toil in secrecy, usually in Eastern Europe. But with just a few clicks, anyone can jump into business with even the most notorious of these organizations by opening up the equivalent of a franchise operation.More here.
Some of the most active of these franchises help distribute malicious software through so-called pay-per-install programs, which pay tiny commissions to the franchise operators, or so-called affiliates, each time a supplied program is installed on an unsuspecting victim's PC.
These installer programs will often hijack the victim's search results, or steal data from the infected computer. Typically, affiliates will secretly bundle the installers with popular pirated software titles that are made available for download on peer-to-peer file-trading sites. In other cases, the installers are stitched into legitimate, hacked Web sites and quietly foisted upon PCs when people visit the sites with outdated, insecure Web browsers.
Working with security researchers, Security Fix signed up for an account at IntsallsCash to learn what their affiliates were really installing.
What we found was the installation program given by InstallsCash to distributors installs some of the most sophisticated and aggressive malicious software in circulation today.