Security

Russian cybergangs make the Web a dangerous place

Russian cybergangs have established a robust system for promoting Web sites that sell fake antivirus software, pharmaceuticals and counterfeit luxury products, according to a new report from security vendor Sophos.

To sell bogus goods, many of those sites rely on hundreds of “affiliate networks,” which are essentially contractors that find ways to direct Web users to the bad sites, wrote Dmitry Samosseiko, a Sophos analyst. He made a presentation this week at the Virus Bulletin security conference in Geneva.

Affiliate networks have been around for a long time and there are many legitimate ones. But “the majority of the most powerful and controversial affiliate networks are based in Russia,” Samosseiko wrote.

In Russian, the networks are known as “partnerka” and focus exclusively on promoting the dark corners of the Web. Essentially, someone who wants to become part of an affiliate signs up on a password-protected forum, most of which now are low profile and require an invitation. Once vetted, the new contractor is given a set of Web sites to promote.

One way to do so is to infect computers with malware either through spam or other means. The malware can tamper with a computer's DNS (Domain Name Server) settings in order to direct the user to a fake Google search engine site, which meshes real search results with ones that lead to, for example, a site selling fake antivirus software.

Another trick is called black hat SEO (search engine optimization). It involves creating a Web site, then using a variety of tricks mostly forbidden by search engines to get those Web sites high in search rankings. Methods include incorporating the most recently used search terms, often listed by search engines such as Google's Trends, into a Web site.

These affiliated “doorway” Web sites will redirect users to a dodgy Web page. A referring site can earn a commission if, for example, a person buys something.

The trick for someone selling a product is to “choose a partnerka with a high conversion rate to ensure that the generated revenue will be greater than the cost of traffic itself,” Samosseiko wrote.

It's an insidious, yet profitable, scheme. Sophos was able to get a peek at one of the more popular partnerka called RefreshStats. That Web site enlists partners to create Web sites that implore people to download a codec, or a piece of software required to play video. Inevitably, the codec is a fake, and the PC is usually infected with fake antivirus software.

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines