Malware Distribution Network Consistently Expanding
Researchers at web security firm SecureWorks have found that an industry based on serving adware has now developed into a full-fledged channel distributing malware, with a blooming underground economy.
Known as Pay-Per-Install (PPI), this business model makes profit by recruiting "affiliates", who are keen to facilitate installing malware on victim's PCs.
"The Underground Economy of the Pay-Per-Install Business", a latest report from SecureWorks Counter Threat Unit, states that the entire process kick starts when an affiliate receives a file from a PPI provider after he/she signs up with its site.
These sites earlier used to serve as a breeding ground for distributing adware, but today criminals are hiring opportunists to acquire more dangerous malicious code. As per the report, the flourishing malware ecosystem incorporates the skills of Web marketers, software developers and ordinary grunts in order to infect millions of systems used by end users.
Further, it also said that like Shaklee, Amway, and various other direct marketing businesses of the past, the PPI model depends on standard services for assistance. Once these affiliates sign up, they are offered with a wide range of services provided by other businesses. These affiliates then earn a small amount of fee for every single computer they infect.
Affiliates also use a Trojan Download Manager, which is usually popular among the blackhat malware communities. It enables an attacker to update any sort of malware which has been downloaded by the victim, install additional malware, and to perform other functions designed by the author of Trojan Download Manager software.
Attackers prefer Trojan Download Managers because besides enabling them to infect the computers, this software also compels the computer to download and install any malware or PPI file as per their instructions.
According to Kevin Stevens, a security researcher at SecureWorks' Counter Threat Unit, as adware purveyors have evolved into a full-fledged business model, like 180solutions (that later changed its name to Zango), the affiliate system encompasses groups dealing with some of the world's most wicked Trojans, as reported by The Register on September 30, 2009.
Researchers, in the view of this fact, said that PPI business has witnessed considerable malicious transformations over the past years.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 19-10-2009