Forgot your password?
typodupeerror
Crime Security The Internet Your Rights Online

Hijacked Web Traffic For Sale 68

Posted by timothy
from the 1-crying-young-spying-young-viewer-for-sale dept.
mask.of.sanity writes "If you can't create valuable content to attract users to your site, Russian cyber criminals will sell them to you. A web store has been discovered that sells hacked traffic that has been redirected from legitimate sites. Sellers inject hidden iframes into popular web sites and redirect the traffic to a nominated domain. Buyers purchase the traffic from the store to direct to their sites and the sellers get paid."
This discussion has been archived. No new comments can be posted.

Hijacked Web Traffic For Sale

Comments Filter:
  • by Anonymous Coward

    Ten pence per page load!

  • Uhm... (Score:5, Informative)

    by martin-boundary (547041) on Monday January 30, 2012 @03:14AM (#38862699)
    Isn't this what websites do all the time with ads, and Facebook and Google+ buttons? It's not like I personally agree to send my traffic to Facebook when the button shows up on a random webpage, and visiting all those ad servers incidentally just slows down my web browsing for no good reason.
    • ?

      You only "send your traffic" to facebook, if you choose to click on the link to Facebook.

      all those ad servers incidentally just slows down my web browsing for no good reason

      The "free" content you like to browse costs money to produce.

      • Re:Uhm... (Score:5, Informative)

        by Pieroxy (222434) on Monday January 30, 2012 @04:56AM (#38863115) Homepage

        ?

        You only "send your traffic" to facebook, if you choose to click on the link to Facebook.

        Aaaaand, congratulations! You don't know how the Web works.

        Whenever you see the "Like" facebook button, you browser has made several HTTP request to facebook and run facebook hosted scripts on your page. And if you're logged in to facebook on that computer, facebook has recorded the fact that YOU went to that page.

        All of that without clicking on the button, courtesy of the website owner.

        • Re:Uhm... (Score:5, Interesting)

          by kainosnous (1753770) <kainosnous@lavabit.com> on Monday January 30, 2012 @06:42AM (#38863465) Homepage

          Very true. It's something that has bothered me for a while. I'd really rather not have Facebook and others tracking me all over the web, and yet, they usually do. Even while you're viewing this very page, there are icons for Twitter, Facebook, and Google which must be loaded from their site. IIRC, some of those ToS won't allow you to use their logo, so it has to come from their site. Even the website has a copy of the image, you still need to use their site for stats and other nifty functionality. In modern sites, that is almost always done by client side JavaScript which makes users send traffic to their site. All of that can be bypassed, but I don't know anybody who does for long.

          I think that people would be truly shocked to find out how much information they are sending about themselves, and how many sites collect it that they are unaware of. Most of that comes because of an ignorance about how the web works. What makes it sad is that most of them don't care as long as they get to chat with friends on their Facebook page.</rant>

          • Re:Uhm... (Score:4, Insightful)

            by somersault (912633) on Monday January 30, 2012 @06:56AM (#38863537) Homepage Journal

            Even while you're viewing this very page, there are icons for Twitter, Facebook, and Google which must be loaded from their site

            Actually, those images are loaded from http://a.fsdn.com/sd/commentshareicons.png [fsdn.com].

            Tinfoil hat fail.

            Yes, most of them don't care. I don't care either.

            • by Dan541 (1032000)

              How about;

              static.ak.fbcdn.net
              apis.google.com
              platform.twitter.com
              and google-analytics.com ?

              • Well, I only checked the icons since he said they "must" be loaded from Facebook, etc.

                Anyone who does care about such things could log out when they're not using those sites, or use a separate browser for social sites, or block those domains from being accessed when they're not on the relevant site, do some types of browsing via proxy, etc etc etc. If you don't want these guys collecting your information to make your advertisements (if you don't block them) more relevant, simply stop handing out the informa

              • by Maow (620678)

                How about;

                static.ak.fbcdn.net
                apis.google.com
                platform.twitter.com
                and google-analytics.com ?

                Use Ghostery add-on (Firefox & Chromium), perhaps with RequestPolicy Firefox add-on.

                Unrelated but I can't stand browsing without EasyGestures add-on for Firefox...

          • by ewanm89 (1052822)
            Worse still is google analytics, that one happens 100% hidden from the ordinary users view, no picture or anything.
          • by Anonymous Coward

            Just install Ghostery on your browser?

            Very true. It's something that has bothered me for a while. I'd really rather not have Facebook and others tracking me all over the web, and yet, they usually do. Even while you're viewing this very page, there are icons for Twitter, Facebook, and Google which must be loaded from their site. IIRC, some of those ToS won't allow you to use their logo, so it has to come from their site. Even the website has a copy of the image, you still need to use their site for stats and other nifty functionality. In modern sites, that is almost always done by client side JavaScript which makes users send traffic to their site. All of that can be bypassed, but I don't know anybody who does for long.

            I think that people would be truly shocked to find out how much information they are sending about themselves, and how many sites collect it that they are unaware of. Most of that comes because of an ignorance about how the web works. What makes it sad is that most of them don't care as long as they get to chat with friends on their Facebook page.</rant>

          • by houghi (78078)

            To prevent this I block everything from Facebook. I do this on a host level.. Used to add it to my hosts file, but now I have blocked it on my DNS server.

            Everything that is *.facebook.com (and facebook.com) is IP 0.0.0.0

      • Re:Uhm... (Score:5, Informative)

        by trancemission (823050) on Monday January 30, 2012 @06:02AM (#38863337)

        You only "send your traffic" to facebook, if you choose to click on the link to Facebook.

        ?

        Wrong. Many sites share information on their visitors to 3rd parties, this allows said 3rd parties to track and profile you. You do not have to click a link, it happens in the background.

        Use this to find out who the main players are: http://www.ghostery.com/ [ghostery.com]

        Ghostery sees the invisible web - tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.

        And obviously ad-block plus, NoScript at al...

        Facebook specific:
        https://addons.mozilla.org/en-US/firefox/addon/facebook-blocker/?src=userprofile [mozilla.org]

      • by ewanm89 (1052822)
        Accept the little picture was requested from facebooks' server?
    • http://sharemenot.cs.washington.edu/ [washington.edu]

      This should block those iframes.

    • and visiting all those ad servers incidentally just slows down my web browsing for no good reason.

      You don't use AdBlock [mozilla.org]? You'd be crazy to browse the web these days without AdBlock, NoScript, Flashblock and Ghostery. Unblock sites that you really care about if you must, but browsing without any protection is just nuts.

  • by gweihir (88907) on Monday January 30, 2012 @03:39AM (#38862803)

    It also shows the complete failure of law-enforcement when it comes to commercial hacking.

    • Yes. But on which side is the ridiculosity residing ? The law-enforcement's, as they can't do anything ? The engineering side ? Our side ? Yours, for making the more-than-obvious statement ?
      • by gweihir (88907)

        The only one I can be sure about is mine ;-)
        This is slashdot though, so I am fine with that.

        The rest looks a bit like moronic cops failing to catch moronic criminals defrauding moronic companies to deviate business from moronic customers. The complete human tragedy rolled into it. Reminds me a bit of of the movie "Fargo".

        • Funny that you should mention "the complete human tragedy". Reminds me of Barbara Tuchman's "The march of folly", on how humans repeat the same moronic behaviour through all of history.
      • by BrynM (217883) *
        Lots of the time, this happens on porn sites. It's the old "shame you into not reporting it" angle.
    • by znrt (2424692)

      It also shows the complete failure of law-enforcement when it comes to commercial hacking.

      it also shows the braindeadness of site value assessment based on traffic.

  • One more, in fact, there were already so many...
  • traffic generators are there for a while already.... but the question is , who are they trying to fool?
  • OMG (Score:4, Funny)

    by goldaryn (834427) on Monday January 30, 2012 @03:54AM (#38862875) Homepage
    Today I learnt

    1) There are hackers on the Internet

    2) Foreign capitalists also engage in criminal activity

    3) Noone cares about Australian click-throughs
  • by mehrotra.akash (1539473) on Monday January 30, 2012 @04:51AM (#38863095)
    Whats the point?
    • by Anonymous Coward

      Whats the point?

      Their account information and/or credit card information. Think phishing on a more ambitious scale.

  • Somebody please enlighten me on how this service works. If you are "injecting" inline frames that have a size of 0 width and 0 height, then how the heck does anybody click on it? I don't get it.
    • by MrAngryForNoReason (711935) on Monday January 30, 2012 @06:00AM (#38863325)

      Somebody please enlighten me on how this service works. If you are "injecting" inline frames that have a size of 0 width and 0 height, then how the heck does anybody click on it? I don't get it.

      The iframe loads in a line of javascript which initiates a redirect to the target site. The user doesn't need to click on anything as the javascript will run automatically.

      What this means in practice is that as soon as a user loads the page they will be redirected to the target site, probably so quickly that they don't realise. This is what makes it so dangerous as the user can be redirected to a page that is almost identical to the genuine one and then convinced to login to the site giving up their login or bank details etc.

    • Just because you, the end user, doesn't see something, doesn't mean that you aren't actively engaging it. Everytime you open a web page, your browser usually makes several requests to retrieve stylesheets, scripts, and every image on the page. There is nothing that requires those items to come from the site you think they do. If a rogue script is there, then it gets on your computer and likely has all the permission that you've allowed for the page you're on, possibly including cookie information. Also, a s

  • by Bob Ince (79199) <and@doxdesk.UMLAUTcom minus punct> on Monday January 30, 2012 @07:56AM (#38863765) Homepage

    Not sure why this is suddenly news, the Russian iframe traffic hubs have been running for over a decade now.

    The destination URLs are typically clickfraud, exploits, and iframes to other traffic redirectors.

    The domain registrar mentioned in the article (DirectI) is notorious for high levels of abuse from the Russian-language sploit/AWM community.

  • I wrote about this in 2003. Well, sort of [slimeware.com]. Back then I created a site which was a sort of satire about the seedy side of internet money making, and this sort of traffic diversion tactic was one I came up with. It only took 9 years for real life to catch up..

Life would be so much easier if we could just look at the source code. -- Dave Olson

Working...