Wednesday, August 20, 2008

A Diverse Portfolio of Fake Security Software - Part Three

One would assume that once you've managed to trick leading advertising providers into accepting your malicious flash ads inside their networks, you would do anything but hijack the end user's clipboard and rely on their curiosity in order to direct them to your fake security software site. Is the curiosity approach working anyway? Naturally, thanks to the effect of "regressive Darwinism".

Compared to February, 2008's malicious advertising (Malvertising) attack, the current one is less comprehensive and not so well thought of -- thankfully.

What these campaigns have in common is the fake security software served at the bottom line, next to the malware campaigners persistence in introducing new domains, like the very latest ones :

adware-download .com
windows-scanner2009 .com
antivirus2008free .com    
antivirusfree2008 .net
antispyware2008scanner .com
softwareantivirus2008 .com
free-2008-antivirus .com
free-2008-antivirus .net
free-antivirus-2008 .com
free-antivirus-2008 .net
free2008antivirus .com
free2008antivirus .net
getas2008xp .com
software-2008-antivirus .com
software-2008-antivirus .net
software-antivirus-2008 .com
software2008antivirus .com
software2008antivirus .net
softwareantivirus .net
2008-software-antivirus .net
2008-xp-antivirus .com
2008antivirusfree .com
2008antivirusfree .net
2008antivirussoftware .com
2008antivirussoftware .net
2008antivirusxp .net
2008freeantivirus .com
2008freeantivirus .net
2008softwareantivirus .com
2008softwareantivirus .net
2008xpantivirus .net
2008-antivirus-free .com
2008antivirusxp .com
2008-free-antivirus .com
2008-free-antivirus .com
2008-free-antivirus .net
2008-antivirus-free .net
2008-antivirus-software .net
2008-antivirus .net
antivirus-2008-free .com
antivirus-2008-free .net
antivirus-2008-software .com
antivirus-2008-software .net
antivirus-free-2008 .com
antivirus-software-2008 .com


No matter how fancy malvertising is in respect to demonstrating the creativity of malicious parties wanting to appear at legitimate sites by abusing their advertising providers, there are far more efficient tactics to do so.

DIY Botnet Kit Promising Eternal Updates

Among the main differences between a professional botnet command and control kit, and one that's been originally released for free, is the quality and the clearly visible experience of the kit's programmer in the professional one.

A Chinese hacking group is offering the moon, and asking for nothing. And in times when a cybercriminal can even monetize his conversation with a potential customer by telling him he's actually consulting them and barely talking, is this for real and how come? This "Robin Hood approach" on behalf of the group could have worked an year ago, when greedy cybercriminals were still charging hundreds of thousands of dollars for their sophisticated banker malwares. Today, most of them leaked in such a surprising, and definitely not anticipated on behalf of the malware coders way, that not only they stopped offering support and abandoned their releases, but what used to be available only to those willing to open their virtual pocket and transfer some virtual currency, is available to everyone making such free botnet kits irrelevant - mostly due to their simplicity speaking for zero quality assurance we can see in professional kits.

Once the dust settles on this populist underground release, its potential users would once again return to their localized copies of web based botnet command and control kits.