GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Attention ALL GFY MEMBERS. We're being robbed

onlineriches · 03-10-2007, 02:01 PM

Nothing can be done to completely eliminate this problem.
Think about the following:

1) Removal programs / Cleaners will not be effective at cleaning this up. They will only be able to remove DETECTED files. This accounts for a small sample, and well known methods such as public codecs. It is very likely they use these files for public spreading, and then update to an undetected version or addon that performs the actions you are stating here.

By the time the malware is detected, there is already 5 more undetectable versions out. Any good malware has built in update features which will update to the latest version to keep from losing traffic. It is insanely simple to re-pack the new malware with any # of packers out there, or make small changes to slip detection once again.

2) End users are ultimately responsible, wreckless use and poor education increases the magnitude of the problem. Poor security such as patch management, lack of any sort of antivirus software or spyware detection software adds to the problem.

3) Sponsor's need to drastically crackdown on this type of spyware. If there is no money being paid out, or it is too difficult to make money with these methods, the scammers will move on to greener pastures. I think what it comes down to is the sponsors looking the other way because they make their money either way, it is the affiliate who takes the hit. It is alot easier for them to look the other way, then to spend money to develop and implement methods to fight this type of fraud.

4) There is alot of money to be made. Whenever this is the case, expect people to do anything they can to take advantage. It seems this industry is ripe for the picking right now, and it will only get worse as more scammers learn of these techniques to make easy money.

If anyone has copies of any malware, I wouldn't mind analysing them and posting the results I find. Including traffic origins, ref codes, sponsors targeted, and more.

Send me a pm with a link to malware.

03-10-2007, 02:01 PM
onlineriches Confirmed User Join Date: Apr 2006 Posts: 308	Nothing can be done to completely eliminate this problem. Think about the following: 1) Removal programs / Cleaners will not be effective at cleaning this up. They will only be able to remove DETECTED files. This accounts for a small sample, and well known methods such as public codecs. It is very likely they use these files for public spreading, and then update to an undetected version or addon that performs the actions you are stating here. By the time the malware is detected, there is already 5 more undetectable versions out. Any good malware has built in update features which will update to the latest version to keep from losing traffic. It is insanely simple to re-pack the new malware with any # of packers out there, or make small changes to slip detection once again. 2) End users are ultimately responsible, wreckless use and poor education increases the magnitude of the problem. Poor security such as patch management, lack of any sort of antivirus software or spyware detection software adds to the problem. 3) Sponsor's need to drastically crackdown on this type of spyware. If there is no money being paid out, or it is too difficult to make money with these methods, the scammers will move on to greener pastures. I think what it comes down to is the sponsors looking the other way because they make their money either way, it is the affiliate who takes the hit. It is alot easier for them to look the other way, then to spend money to develop and implement methods to fight this type of fraud. 4) There is alot of money to be made. Whenever this is the case, expect people to do anything they can to take advantage. It seems this industry is ripe for the picking right now, and it will only get worse as more scammers learn of these techniques to make easy money. If anyone has copies of any malware, I wouldn't mind analysing them and posting the results I find. Including traffic origins, ref codes, sponsors targeted, and more. Send me a pm with a link to malware.