Thread: Attention ALL GFY MEMBERS. We're being robbed
View Single Post
Old 03-09-2007, 08:51 PM  
JD
Too lazy to set a custom title
 
Industry Role:
Join Date: Sep 2003
Posts: 22,651
Attention ALL GFY MEMBERS. We're being robbed
There is some serious shit going down on the net that is a most likely effecting all of us. I know I've been hit pretty hard...

reposted from another board (icq me for link)

Quote:
Over the past couple months (at least) there has been a very large spyware network growing among adult site surfers. During the past couple days there has been a large and noticeable increase in activity. What is happening is that the spyware/malware is replacing affiliate codes with the code of the spyware authors. This is nothing new however the number of people that are being affected now is much larger than normal.

This is reportedly affecting 4-5% of all adult site traffic atm, presumably affecting TGP/MGP traffic to a much more significant extent because that is the traffic base the spyware is likely being distributed from. As a matter of speculation, if it's averaging 4-5% overall, that might be more like 1-2% of SE traffic and 10-20% of TGP/MGP traffic. So webmasters relying heavily on SE traffic are less likely to have noticed a drop in ratios as compared to freesite traffic.

The processors and many paysites have been aware of this for some time but are not speaking about it publically. They do not have a solution for it. Perhaps out of fear of losing affiliate confidence, this has not been publicized. CCBill is according to my source aware of it and seems to be the sponsor hardest hit.

I've been told some programs are ignoring it completely, while others are cancelling the spyware accounts and keeping the extra sales themselves. Either way, the processors see the same # of signups, as do the programs. The only people getting screwed out of this are the affiliates.

They have some information as to who is behind this, it appears to be a crime ring based in the Ukraine with enough resources to either have the cooperation of a webhost or own their own hosting center. I have a list of IP's that have been known to provide the spyware but will not make this data public, it is entirely possible that the authors of the spyware are reading this very forum.

Another server in the same class B IP range as this one has been using trojans disguised as codecs to generate fake traffic since at least November 2006. Presumably when the trojan is installed, it generates 'fake' clicks on TGP's from real users pc's. If one can find out where this traffic is being sent to, you're likely to find the source of the malware distribution. It's probably someone with a fairly large and newer MGP, perhaps someone you're trading with.

The trojan is being distributed as a fake codec; people are being prompted to download a codec to play a video, and instead they wind up with this shit on their PC.

If you are aware of any site or gallery prompting for the download of suspicious codecs, please PM me.

As far as what you can do about it, other than keep an eye out for and report suspicious activity, probably not very much. This isn't a top priority for law enforcement because it isn't affecting consumers; also, being based in the Ukraine probably isn't helping matters. The most likely solution would seem to be something coming from the anti-virus makers, who as yet have not addressed this issue. Over 300 variants of this trojan had been found back in November, it is likely that more variants were already in existence or have been created since then.

If you have any questions feel free to post them. Also feel free to copy this post to any other forums you'd like, there seems to be something of a cover-up going on amongst those who've known about this, when IMO their greatest resource in tracking down those responsible is likely the freesite/tgp/mgp community who is being most affected by it.
JD is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote