Slashdot Mirror
Russian Firm Pays to Infect PCs with Adware
Jaidev writes "Information week is reporting that a Russian site (IframeDollars) is paying web developers 6 cents for each machine they infect with spyware or adware. One security expert estimates that iframeDollars could collect as much as $75,000 annually from the adware it placed on the infected machines during the third week of May, which cost approximately $12,000 in payments to place"
Never know if the article publisher itself is an affiliate ;)
liqbase
Eat this, open source zealots.
This story proofs once againe that MS is delivering an infastructure on which other companies can thrive.
Thank you MS!
This is Microsoft enabling yet another business to succeed in the ever changing technology marketplace.
They've already infected my machine! I keep getting pop-ups for penis enlargements! Help!
spyware pays you to infect it
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
6 cents per machine? Hah! Our outsourcing group could get it done for 4 cents.
# Everyone is welcome to join the iframeDOLLARS.biz partnership program
# Earn $0.055 ($55.00/1000 installs) and more for each unique iframe installs
# You only put the short one line iframe code on your page(s) and start to MAKE MONEY
# WITHOUT any Active-X console or any pop-ups...It means that you will not lose your unique visitors with our iframe!
# The best percentage of installs (10-40% from the total traff or it's $4-$15 FOR 1000 UNIQUE VISITORS)
# DAILY updated soft
# We have 3 reliable servers with excellent speed
# Payments every Tuesday
# Real-time statictic of your work
# Payment via: Fethard, Webmoney, Wire and E-gold
# More than 150 webmasters work with us
# Friendly support service
# Everybody who works with us is satisfied.
Does this "everybody" include the people whos pcs get infected with this shit? How long before this becomes more widely known or more common place... and will joe public do anything or care? no. The only chance we have is when the next windows "more money, better computer needed edition" comes out..
SANS Internet Storm Center reported this issue more than a fortnight ago.
How do they track this? I guess their malware/adware calls home as soon as it strikes a target. Perhaps there's a possible weakness in this in that you could just keep infecting a VM and then restoring it to a good image again. Think they'd be smart enough to notice something odd about a million infections from the same IP?
Game! - Where the stick is mightier than the sword!
The price of your hours spent trying to get rid of that annoying adware from your mother's WinXP box:
6.1 cents.
1. Code up a cool extension
2. Throw in some code for this
3. Spread it around
4. Profit!
This is the kind of thing that should be illegal. I mean, it's just blatantly...evil *puts on flame retardant suit* (as for mispellings, I've been up for 45 hours). When are people just going to all in all make these things illegal? (and no I don't mean some crappy worthless legislation, I mean a point where if adware/spyware is what your company profits from, youre done, DONE). There has to be SOME common sense...come on...please? People have to stand up and give these companies the big middle finger. I'm a libertarian, I believe in free market, but I really really hate worthless parasites.
First of all, this exploits holes that already have patches on Windows systems:
The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven't been updated would be vulnerable to the exploit.
So patch and you'll be fine. Second, if you don't want to patch, you can just block this company's IP:
According to the Internet Storm Center, companies can prevent the downloading of adware and spyware from iframeDollars' servers by blocking the IP address 81.222.131.59.
I say this because just last week I helped a friend set up his new HP machine, and noticed that it came bundled with 30 day trials of Norton firewall/AV, some anti-adware, and some antispyware. I replaced all three with free/OS versions. But many users don't know about this, don't know where to get it, and don't know how to use them. In fact, removal of these 'trials' was a pain, even for me.
KOA
Anchorage, Alaska Will Host National Policy Meeting on Technology
If adware and spyware is not illegal (although nobody here would argue it is ethical), and there is some monitary value for each PC infected, it was only a matter of time that offers like this would become public. Hopefully market competition will force down the value of each infected PC, making these schemes less inviting.
__________
Love conquers all... except CANCER
The going rate for a US computer is more like 15 to 20 cents. Other countries go for as little as 1 or 2 cents. Cash4Toolbar is installing its stuff through some blogspot.com blogs (IE users beware) and some really cute social engineering, but several others are seeding infected files on BitTorrent.
As a tech support agent that works to remove this crap from the machines of those brave enough to call me, I have to hate these bastards with a virulence that borders on psychotic.
But I also have to thank them for the job security, afer all if they did not do this I would be uneeded and would have to go get a real job.
Talking to Geeks is like eating jello with a chainsaw, interesting, but painful.
I was wondering where we are going from here.
SPAM, Pay-for-xploit. 99% of the web content is pretty much useless.
Is it possible to claim back the Internet ? Somehow, I don't think so.
morcego
Well, here in the UK installing stuff on my PC without my consent would be illegal under the Computer Misuse Act. I'd be amazed if there wasn't a similar law in your jurisdiction.
Bottom line - I doubt very much indeed that this is legal in most countries.
It's official. Most of you are morons.
This isn't really all that suprising. Business is business, whether it's black, gray, or white market. Affiliate programs work, why wouldn't adware businesses use this method to spread their product? It's interesting to see some estimates on their revenue, however. At first I read the slashdot summary and thought they were talking about $75,000 revenue annually and was surprised that anyone would even bother making adware for such pittly money. But the 'Aha!' moment came when I reread it and saw that's the estimated revenue for one-weeks worth of business. Damn, not too shabby.
Recently I was contacted by a friend of mine in the United States who wanted to hire me as a programmer to develope an email borne virus with a certain advertisement payload for one of his clients.
I graciously declined the offer.
I will pay 6 cents for every employee of this Russian company you murder.
So what we need is a "honeypot browser," that represents itself to a website as an old, unpatched copy of IE--but doesn't actually install the spyware. Then we could log in over and over, costing the spyware company money each time.
Make sure you edit out any mentions of Russia from article summaries. That can only lead to at least half of the comments being lame Soviet Russia jokes.
Signature.
I suspect they only care if its legal in Russia, and then perhaps only a little.
My other car is a Popemobile
It wouldn't work - even if you removed one company, others would appear.
How about hitting stupid users over the head repeatedly until they click the 'install critical updates' button...
Then impose heavy fines on the companies that create security-hole-ridden software and charge extortionate amounts to upgrade, despite that the software is a necessary component of most people's systems. They should be forced to provide free security patches for the entire lifetime of the product, or else a free upgrade to the next version.
I'll probably be modded down for this...
I agree, but lack of a lock, or lack of a WORKING lock is not part of a "Normal Business Model". Ignorance of the masses doesn't make it "Normal" for a maliceous company to subvert what little security the bank (or computer) may have.
My point is that because of the complexity of computer hardware and software, combined with its increadible proliferation, makes it very easy for these companies to use their marketing "tools". If they were legit, they woulden't need to "pick the lock". I think we're arguing over terminology here... Security is part of a normal business model, I agree, but unfortunately the general masses are relatively ignorant in regards to this very problematic issue. Until we educate them, they're going to fall prey to this kind of attack. However, it still doesn't make it "Normal" or "Okay" for a BUSINESS to actively exploit the property of others.
"In a world without walls or fences, who needs Windows or Gates?"
Follow the money. Find out who's receiving the payments, extradite them if they're outside the U.S., slap them in irons, put them on trial, and off to pound-me-in-the-ass prison. This sort of problem won't be solved without a credible deterrent.
I too have felt the cold finger of injustice.
It didn't answer the question: "Where do I sign up?". I've got a couple of thousands of windows users to teach a lesson to, and if I can make some moolah in the process, so the better!
All of these exploits have been patched by Microsoft already. It is the responsibility of the end-user to keep their OS up-to-date. For those too inept, Windows XP SP2 "automatic update" feature is decent i've heard.
I think you've touched on an interesting point worth exploring further. The complexity of these systems makes it difficult to figure out what's legal and what's not legal, leaving a big grey area. Much Adware and Spyware presents the user with a dialog box:
[ lots of fine print nobody reads ]
[ OK? ]
So technically, the user agreed to get pop-up ads for penis enlargement and mortgage refinancing and downloading all the trojan spyware buddies and I don't know what else because I don't run a Windows computer.
There are quite a few exploitative industries, and they pre-date the complexity of home computing and Windows and Adware and Spyware.
Rent to own? Circumvented credit laws allowing the company to, in effect, charge higher than legal interest rates to low-income consumers.
Televangelism? Exploited the home bound and lonely and sick by showing them television of people (pretending to be) healed. This was the pioneer for staged "Reality" television, and frankly I'm surprised that it took so long (decades) for the television industry to apply the basic business model to popular television (cheap to produce, add some "Scripted Assisted Reality" drama, advertise, and whammo! Dollars flow in without exploiting the poor and the sick.
The modern credit card and mortgage industries present even more complex examples. They have successfully lobbied themselves into a position where the laws are extraordinarily complex, and allow them to perform all manner of exploitative business practices that are perfectly legal. Bought a house lately? Do you have *any* idea who really paid how much for what in that stack of papers?
None of this requires exploiting the complexity of home computers. In fact, in a sense one might consider the wild west nature of marketing via spyware on the home computer to be inspired by these other industries, which pre-date these companies by decades.
One last wild hare thought... Adware and Spyware are also great equalizers, in the same way as the dot com types viewed the internet. This massive market of insecure home systems based on Windows allows *anyone* to get into a money making business with very little overhead.
One could ask the rhetorical question: why is it OK for established multi-billion dollar per year industries to first create and then exploit legal complexity, but it's not OK for budding entrepreneurs in economically disadvantaged nations to set up an, ahem, advertising company.
Work from home! Watch the $$$ roll in!!!
Things should be made as simple as possible, but not any simpler. -- Albert Einstein
This post presented a vexing moderation problem to me.
Thing number 1: Refrozen presented a very informative on-topic link.
Thing number 2: Refrozen also stated nothing wrong with ADWARE, which to me is a very inflammatory troll.
I consider ANY intrusion and placing of stuff in my machine as malicious mischief, much as I would view anyone coming onto my property and leaving painted ads... aa well as a theft of my time to witness ad and time required to remove it.
Whether they flip bits or leave paint, they have still altered my property - and stolen my time.
No way can I condone adware like this - I think about all of us here consider it at least malicious mischief.
So how do you moderate an informative flamebait?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
And when your car has recall-worthy defects several times a week, it's your responsibility to scan the newspapers for the alert notices. And spend several hours a week in your mechanic's garage, while they fix them with you. It's all OK, because it's on the automaker's tab, right?
--
make install -not war
Aside from the fact that he can't spell worth spit, and as much as I want to flame the crap out of that AC, he does have a point. Now before you all start to flame me, I am a die hard gentoo user, a recent convert from MS Windoze. I switched due to the reasons in this article (spyware/adware). Now to my point. Yes Microsoft should have done better, but the fact is they don't care. As long as they keep putting out a new OS, and removing backwards capability and "legacy" features from the newer versions, the general public will eat it up. I am not a m$ fan at any level, but to make jokes about how a BSD or Linux box is unaffected, while its true, is somewhat misguided IMO. I have recently been doing some research on the topic, and I have found that ANY OS is vulnerable. If a person wants to go to a website, and it requires they install an activex control, no matter what you teach them they will click "ok". Anyone here who has ever had to teach their (grand)parents how to use a computer will know what I am talking about. So is it FUD to thank MS for building a platform that we can all profit from? Me personally, I hope they stick around for a while, fixing their mistakes is my bread and butter. Logically one could assume that if/when linux becomes as main stream as m$, it will be under attack in much the same way m$ is now. I feel it should be noted that OSS is not as safe as some people would like to think it is. I installed Firefox on my grandparents computer, and within a week, I found that "MyWebSearch" has apparently written a toolbar for Firefox!! Which is also notably difficult to get rid of.