Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Firm Pays to Infect PCs with Adware

Posted by timothy on from the that's-pleasant dept.

Jaidev writes "Information week is reporting that a Russian site (IframeDollars) is paying web developers 6 cents for each machine they infect with spyware or adware. One security expert estimates that iframeDollars could collect as much as $75,000 annually from the adware it placed on the infected machines during the third week of May, which cost approximately $12,000 in payments to place"

32 of 266 comments (clear)

  1. never a better time NOT to RTFA by LiquidCoooled · · Score: 5, Funny

    Never know if the article publisher itself is an affiliate ;)

    --
    liqbase :: faster than paper
  2. MS putting food on other peoples table once again by Anonymous Coward · · Score: 5, Funny

    Eat this, open source zealots.

    This story proofs once againe that MS is delivering an infastructure on which other companies can thrive.

    Thank you MS!

  3. They've got me! by nyxon · · Score: 5, Funny

    They've already infected my machine! I keep getting pop-ups for penis enlargements! Help!

    1. Re:They've got me! by cr3ative · · Score: 5, Funny

      The good old targeted advertising must be working then ;)

  4. in soviet russia by maharg · · Score: 3, Funny

    spyware pays you to infect it

    --

    $ strings FTP.EXE | grep Copyright
    @(#) Copyright (c) 1983 The Regents of the University of California.
    1. Re:in soviet russia by kryptkpr · · Score: 3, Informative

      Sure.

      It was all started by Russian-board comedian Yakov Smirnoff.

      The original (and most funny version) of this joke was "In California, you can always find a party. In Soviet Russia, the Party can always find you!".

      I think it was the family guy episode that really popularized it though.. read the wikipedia article I linked for more info.

      --
      DJ kRYPT's Free MP3s!
  5. When spreading malware becomes this obvious by Anonymous Coward · · Score: 3, Insightful
    it needs to be dealt with in a very obvious and unsubtle fashion. The owners if iFrameDollars should be killed, publicly and very bloodily as should anyone who works for the company. This might not satisfy strict due process guarantees (OK, it doesn't) but on the other hand these guys are scum and it's not as if we need a trial to prove this. Killing everyone at iFrameDollars will have the salutary effect of making other idiots who are considering this sort of thing think twice, or perhaps even three or four times about it, before they embark on something so odious.

    1. Re:When spreading malware becomes this obvious by swschrad · · Score: 4, Funny

      the russians will understand your post.

      nobody else will accept it as a viable option.

      we need a compromise here... perhaps on the order of "kill all the spammers, but pray for their souls."

      --
      if this is supposed to be a new economy, how come they still want my old fashioned money?
    2. Re:When spreading malware becomes this obvious by Tim+C · · Score: 3, Insightful

      You'd kill over something like this? Get a sense of perspective.

      --
      It's official. Most of you are morons.
  6. Amateurs! by serutan · · Score: 5, Funny

    6 cents per machine? Hah! Our outsourcing group could get it done for 4 cents.

    1. Re:Amateurs! by John+Seminal · · Score: 5, Funny
      6 cents per machine? Hah! Our outsourcing group could get it done for 4 cents.

      But your help hotline would be in India. No thanks!

      Spammer: Hello, this is 30 year old shit in parents basement calling. I have infected 4,000 machines but only credited with 500.
      CallCenter: One moment, very sorry, read off sheet. Okay. Thank you so very much for using SpamInfect. We can help you.
      Spammer: Okay, about those machines I was not credited with.
      CallCenter: So very sorry. Very, very, very sorry. I sure it fixed soon.
      Spammer: So, are you going to credit my account or what?
      CallCenter: Yes, we credit right now. Right now. All better. Now you go to www.infectspammertoo.com for your reward.

      --

      Rosco: "If brains were gunpowder, Enos couldn't blow his nose."

  7. Everybody is satisfied! by MikeDX · · Score: 5, Interesting

    # Everyone is welcome to join the iframeDOLLARS.biz partnership program
    # Earn $0.055 ($55.00/1000 installs) and more for each unique iframe installs
    # You only put the short one line iframe code on your page(s) and start to MAKE MONEY
    # WITHOUT any Active-X console or any pop-ups...It means that you will not lose your unique visitors with our iframe!
    # The best percentage of installs (10-40% from the total traff or it's $4-$15 FOR 1000 UNIQUE VISITORS)
    # DAILY updated soft
    # We have 3 reliable servers with excellent speed
    # Payments every Tuesday
    # Real-time statictic of your work
    # Payment via: Fethard, Webmoney, Wire and E-gold
    # More than 150 webmasters work with us
    # Friendly support service
    # Everybody who works with us is satisfied.

    Does this "everybody" include the people whos pcs get infected with this shit? How long before this becomes more widely known or more common place... and will joe public do anything or care? no. The only chance we have is when the next windows "more money, better computer needed edition" comes out..

    1. Re:Everybody is satisfied! by Paco23 · · Score: 5, Insightful

      # We have 3 reliable servers with excellent speed Probably not for very long.

  8. SANS Internet Storm Center already reported this by Anonymous Coward · · Score: 3, Informative

    SANS Internet Storm Center reported this issue more than a fortnight ago.

  9. Tracking? by Mad+Merlin · · Score: 3, Insightful

    How do they track this? I guess their malware/adware calls home as soon as it strikes a target. Perhaps there's a possible weakness in this in that you could just keep infecting a VM and then restoring it to a good image again. Think they'd be smart enough to notice something odd about a million infections from the same IP?

    --
    Game! - Where the stick is mightier than the sword!
    1. Re:Tracking? by mikael · · Score: 3, Insightful

      They would probably consider one IP address as a single sale.

      You could try spoofing false IP addresses, but they would probably be smart enough to have a three stage handshake to make sure the IP address actually existed. Not forgetting checksums to ensure that the whole package was installed. They would probably have this happen every time the machine was switched on/off, in order to know which systems were available for use. And they would probably wait a whole week until they were certain the malware was installed successfully.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
  10. So much for our time by AtlanticGiraffe · · Score: 5, Funny

    The price of your hours spent trying to get rid of that annoying adware from your mother's WinXP box:

    6.1 cents.

  11. Get the Firefox users! by Anonymous Coward · · Score: 4, Funny

    1. Code up a cool extension
    2. Throw in some code for this
    3. Spread it around
    4. Profit!

  12. Prevention by kschawel · · Score: 4, Informative

    First of all, this exploits holes that already have patches on Windows systems:

    The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven't been updated would be vulnerable to the exploit.

    So patch and you'll be fine. Second, if you don't want to patch, you can just block this company's IP:

    According to the Internet Storm Center, companies can prevent the downloading of adware and spyware from iframeDollars' servers by blocking the IP address 81.222.131.59.

    1. Re:Prevention by Baron_Yam · · Score: 4, Informative

      So what if everyone here started clicking here?

      Is it morally acceptable to launch a preemptive strike when you absolutely, positively know the bastard is attacking you? Given that I get a timeout when I click on that link, I'd guess many people have already said, "Yes".

    2. Re:Prevention by Baron_Yam · · Score: 4, Informative

      Oh, and since going to iframedollars.com or iframedollars.biz takes you to 195.95.218.170 and not the address mentioned in the parent post, you might want to click on the link above a few times as well.

    3. Re:Prevention by radish · · Score: 3, Informative

      Judging by what's happening for me right now, putting a bogus id in the form to the left of that page hits their server rather hard. Hasn't come back yet and it's been over a minute. Doesn't increase their hosting costs, but maybe we can cause a meltdown in the database ;)

      Oops, I appear to have just started 20 request threads on their app server. My mistake.

      --

      ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

  13. The Real Question is... by kingofalaska · · Score: 3, Interesting
    The question I thought of is: how much will be paid for adware/spyware removal tools, and who will profit?

    I say this because just last week I helped a friend set up his new HP machine, and noticed that it came bundled with 30 day trials of Norton firewall/AV, some anti-adware, and some antispyware. I replaced all three with free/OS versions. But many users don't know about this, don't know where to get it, and don't know how to use them. In fact, removal of these 'trials' was a pain, even for me.

    KOA

    Anchorage, Alaska Will Host National Policy Meeting on Technology

  14. That's lowball.... by kawika · · Score: 3, Interesting

    The going rate for a US computer is more like 15 to 20 cents. Other countries go for as little as 1 or 2 cents. Cash4Toolbar is installing its stuff through some blogspot.com blogs (IE users beware) and some really cute social engineering, but several others are seeding infected files on BitTorrent.

  15. Re:First post.... by Alex+Belits · · Score: 3, Insightful

    1. US government passes a legislation that destroys a profitable business model.

    2. Saudi Arabia develops a housing program that involves building a large number of igloos.

    I would rather bet on the second one.

    --
    Contrary to the popular belief, there indeed is no God.
  16. Use of affiliate program business as normal by NathanBFH · · Score: 3, Insightful

    This isn't really all that suprising. Business is business, whether it's black, gray, or white market. Affiliate programs work, why wouldn't adware businesses use this method to spread their product? It's interesting to see some estimates on their revenue, however. At first I read the slashdot summary and thought they were talking about $75,000 revenue annually and was surprised that anyone would even bother making adware for such pittly money. But the 'Aha!' moment came when I reread it and saw that's the estimated revenue for one-weeks worth of business. Damn, not too shabby.

  17. I will pay by Anonymous Coward · · Score: 5, Funny

    I will pay 6 cents for every employee of this Russian company you murder.

  18. Honeypot browser by tgibbs · · Score: 4, Interesting

    So what we need is a "honeypot browser," that represents itself to a website as an old, unpatched copy of IE--but doesn't actually install the spyware. Then we could log in over and over, costing the spyware company money each time.

    1. Re:Honeypot browser by SacredNaCl · · Score: 3, Informative

      Apparently these folks can be reached at:

      ICQ: 291994264

      and

      traff@mail.com

      I sure wouldn't want anyone spamming them, or contacting them with complaints and wasting their time like they waste mine having to remove their garbage...

      --
      Freedom is merely privilege extended unless enjoyed by one and all.
  19. Deal with the cause not the symptom by MarkByers · · Score: 3, Interesting

    It wouldn't work - even if you removed one company, others would appear.

    How about hitting stupid users over the head repeatedly until they click the 'install critical updates' button...

    Then impose heavy fines on the companies that create security-hole-ridden software and charge extortionate amounts to upgrade, despite that the software is a necessary component of most people's systems. They should be forced to provide free security patches for the entire lifetime of the product, or else a free upgrade to the next version.

    --
    I'll probably be modded down for this...
  20. The story left out one very important detail... by ArsenneLupin · · Score: 3, Insightful

    It didn't answer the question: "Where do I sign up?". I've got a couple of thousands of windows users to teach a lesson to, and if I can make some moolah in the process, so the better!

  21. Re:First post.... by Tsunamio · · Score: 3, Insightful

    I'll take that bet. The US (or any other) government doesn't like profitable business models that attack other, even more profitable business models. Napster may have been making a profit, but that doesn't mean the folks in Washington liked it. And that was something that most voters approved of!

    The US government really doesn't like profitable business models from other countries that depend on slowing down our economy (say, by installing malware on all our computers).