Quote:
Originally Posted by Soul_Rebel
Here's an update on this and some clarifications
I became aware of this spyware activity about a week ago when the computer of a very experienced friend of mine was affected by it. It happened through the fake codec update RawAlex posted earlier. Since he is a tech guy he noticed the hijacking instantly. He analyzed all registry changes and outgoing connections and also started contacting the aff.programs he is using and at that point seem to be affected.
Before coming on forums and posting half-info of what could possible be going on we decided to further research it first to avoid making false claims and accusations. Soon we realized the size of this issue and specially after talking with directors of few aff.programs. There's an already growing number of infected computers that frequently visit adult sites and it ranks in several millions. So, 3 days ago I let an experienced webmaster know of this issue and pretty much start letting know the adult webmasters community of what is going on. All those numbers mentioned in his initial post are personal estimations I had after getting in touch with various affected parties. If you had told me 10 days ago these numbers I wouldn't believe them, but now I can pretty much assure you they are realistic and they'll get even higher within the next few months.
Some important things:
a) There's minimal descrimination on what kind of paysites they are getting targetted. The initial post states: "CCBill is according to my source aware of it and seems to be the sponsor hardest hit". This was wrong interpretation of my words. When I found out the size of the problem I notified ccbill about it and provided them with some technical info and a sample source of infection. I did that for the simple reason it's the processor I know better and I can take their word they'll seriously check it out. At this point all cases I'm aware of have to do with aff.programs paying out with Epassporte. This for the simple reason such illegal activities are usually keen to anonymous payment methods.
b) As stated before the whole hijacking takes place on dns level therefore making things extremely harder. Aside paysites any domain can be target of this activity. For example user visits ebay.com and technically he could get a phishing site instead. I haven't seen with my own eyes the hijacking method that Wil described,but I'm sure it happens. Just I want to point out this isn't so popular at the moment (unless we are taking about adware) and not directly related with this growing issue mentioned in this thread. If you read reports of security analysts on this case you'll see they characterize it as organized crime. This is due to the intelligence and available resources it has. I cannot confirm it 100% yet, but it appears the whole spyware creation takes place on server level on-demand. Meaning the software used is so sophisticated now it generates unique instances of the same spyware for each visitor or at least extremely frequently. This makes its detection tremendously hard.
c) Another reason I didn't brought this on forums myself is for the simple fact I don't like to appear as fake-anti-spyware cruisader with actual intentions a low-level marketing scheme. I find it pretty lame that each aff.program "has to take" a public position if they support spyware or not. From what I remember we never bothered even making a post about it before. Spyware is stealing. Period. If it's not obvious to some affiliate of us we do not support stealing I can tell him he has poor criteria on picking business associates.
d) Suggested Solutions. I'll let you guys propose those, I already said my thoughts on this before and is similar to what Wil suggests. Just something to point out for being more effective in shorter timeframe is to at least attempt to seek a legal solution in the beginning. This is a truly criminal activity that is straight related with anyone operating a website/business on-line and everyone surfing the web.
If you have any technical info you think they can help please email them to me at [email protected]
thanks
|
Seeing is believing. I had some people argue with me months back that it wasn't a big deal, i talked them into downloading the shit on their pc and when they saw what was happeing they were floored and pissed.
in many cases "adware" = spyware. It is just adware tries to appear to have a legal front and they are run by corporations where as spyware is some trojan installing kid in mama's basement with no attempted perception of being legal. sure zango tricked a lot of people "legally" into installing the search assistant, but how many of their affiliates have done installs of zango on other people's computers without the user knowing. Probably millions.... " blame the affiliate syndrome" . Zango didn't do it, it was the affiliate.
the problem with a "criminal / civil " route is that a lot of these individuals opperate in countries like Ukrane where we have no recourse. One possibility is to sue the affiliate companies themselves that allow support and accept this traffic.
Glad to see more and more people are finding out about this. whether it is "adware" or spyware trojans, they all affect us the same, they steal signups from us. I just wish you would have found out about this more than a couple days ago.