How Pay-Per-Install Industry Values Malware Dissemination

Researchers who during August 8-12, 2011 attended the USENIX Security Symposium held at San Francisco's Westin St. Francis presented a paper titled "Measuring Pay-per-Install: The Commoditization of malware Distribution" wherein they offered certain current analysis related to the way the underground crime world valued hijacked PCs that belonged to the ever-expanding as well as profitable botnet trade. ORC reported this on August 15, 2011.

Essentially as accords to the study, in PPI schemes where contaminated computers are obtained and used for unleashing malware, cyber-criminals may sell such computers' services to individuals or groups that seek a place for running their malware. Occasionally such sellers engage middlemen for providing the hijacked PCs at an agreed price following which they sell those systems on retail.

Describing the process more clearly, the researchers say that at first a downloader is installed, which hunts and pulls down malware onto the victim's computer. For escaping identification, the PPI operators utilize packer software, which disguise the downloaders' signatures. At a mean of every 11 days, the operators repacked those downloaders, while they repacked the SecuritySuite downloader twice daily on average.

A few downloaders establish a connection with URLs that are hard-coded inside them for accessing malware. The rest link up with C&C servers, which choose the malware to be dispatched to these remaining downloaders.

The PPI dealers trade the services of hijacked computers region-wise demanding a price that's higher for the US-located systems compared to the Asia-based ones. Currently the costs are $110-$180 for every 1,000 PCs within UK and USA, while it's $20-$60 in the remaining European countries and below $10 in any other country.

Furthermore, the researchers as well categorized the various malicious programs based on their types into 20 unique groups while also elucidated the manner in which particular groups of malicious programs cleverly targeted particular territorial regions, while on other occasions just proliferated haphazardly.

They even elucidated the way a few of the malevolent installers were hardwired into particular URLs for accessing them whereas some others were highly forceful, in comparison, that were transmitted onto different C&C servers that decided on the choice and source of their malware.

Related article: Hi-Tech Security Systems To Counter Sophisticated Hacking

» SPAMfighter News - 8/24/2011