Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Operating Systems Software Windows Security The Almighty Buck Your Rights Online

Russian Firm Pays to Infect PCs with Adware 266

Jaidev writes "Information week is reporting that a Russian site (IframeDollars) is paying web developers 6 cents for each machine they infect with spyware or adware. One security expert estimates that iframeDollars could collect as much as $75,000 annually from the adware it placed on the infected machines during the third week of May, which cost approximately $12,000 in payments to place"
This discussion has been archived. No new comments can be posted.

Russian Firm Pays to Infect PCs with Adware

Comments Filter:
  • by LiquidCoooled ( 634315 ) on Saturday June 11, 2005 @03:36PM (#12790536) Homepage Journal
    Never know if the article publisher itself is an affiliate ;)
  • by Anonymous Coward on Saturday June 11, 2005 @03:36PM (#12790539)
    Eat this, open source zealots.

    This story proofs once againe that MS is delivering an infastructure on which other companies can thrive.

    Thank you MS!
    • It didn't answer the question: "Where do I sign up?". I've got a couple of thousands of windows users to teach a lesson to, and if I can make some moolah in the process, so the better!
    • All of these exploits have been patched by Microsoft already. It is the responsibility of the end-user to keep their OS up-to-date. For those too inept, Windows XP SP2 "automatic update" feature is decent i've heard.
      • And when your car has recall-worthy defects several times a week, it's your responsibility to scan the newspapers for the alert notices. And spend several hours a week in your mechanic's garage, while they fix them with you. It's all OK, because it's on the automaker's tab, right?
    • Aside from the fact that he can't spell worth spit, and as much as I want to flame the crap out of that AC, he does have a point. Now before you all start to flame me, I am a die hard gentoo user, a recent convert from MS Windoze. I switched due to the reasons in this article (spyware/adware). Now to my point. Yes Microsoft should have done better, but the fact is they don't care. As long as they keep putting out a new OS, and removing backwards capability and "legacy" features from the newer versions, t
  • by Anonymous Coward
    This is Microsoft enabling yet another business to succeed in the ever changing technology marketplace.
  • by nyxon ( 551439 ) on Saturday June 11, 2005 @03:37PM (#12790542) Homepage
    They've already infected my machine! I keep getting pop-ups for penis enlargements! Help!
    • by cr3ative ( 881393 ) on Saturday June 11, 2005 @03:38PM (#12790548) Homepage
      The good old targeted advertising must be working then ;)
    • They've already infected my machine! I keep getting pop-ups for penis enlargements! Help!

      It's a sick sad world when you go online looking up camera shops trying to price the cost of enlargements and all you get is viagra, cialis, misc herbs and spices related to penis, smiling bob, and double polaroids.

    • by bluGill ( 862 )

      At least in my area that would be considered sexual harassment. Get a lawyer and sue them. The only downside is you have to live with every radio station in the world (or at least the US) telling everyone that you have a small penis and are offended by it. If you are happily married this shouldn't be a problem. (though a good marketing weasel could sell smallness to the girls)

  • by maharg ( 182366 ) on Saturday June 11, 2005 @03:37PM (#12790543) Homepage Journal
    spyware pays you to infect it
  • by Anonymous Coward on Saturday June 11, 2005 @03:37PM (#12790545)
    it needs to be dealt with in a very obvious and unsubtle fashion. The owners if iFrameDollars should be killed, publicly and very bloodily as should anyone who works for the company. This might not satisfy strict due process guarantees (OK, it doesn't) but on the other hand these guys are scum and it's not as if we need a trial to prove this. Killing everyone at iFrameDollars will have the salutary effect of making other idiots who are considering this sort of thing think twice, or perhaps even three or four times about it, before they embark on something so odious.

  • Amateurs! (Score:5, Funny)

    by serutan ( 259622 ) <snoopdougNO@SPAMgeekazon.com> on Saturday June 11, 2005 @03:38PM (#12790549) Homepage
    6 cents per machine? Hah! Our outsourcing group could get it done for 4 cents.
    • by John Seminal ( 698722 ) on Saturday June 11, 2005 @03:54PM (#12790650) Journal
      6 cents per machine? Hah! Our outsourcing group could get it done for 4 cents.

      But your help hotline would be in India. No thanks!

      Spammer: Hello, this is 30 year old shit in parents basement calling. I have infected 4,000 machines but only credited with 500.
      CallCenter: One moment, very sorry, read off sheet. Okay. Thank you so very much for using SpamInfect. We can help you.
      Spammer: Okay, about those machines I was not credited with.
      CallCenter: So very sorry. Very, very, very sorry. I sure it fixed soon.
      Spammer: So, are you going to credit my account or what?
      CallCenter: Yes, we credit right now. Right now. All better. Now you go to www.infectspammertoo.com for your reward.

    • Yeah, it's pretty amateurish because they don't have a WebTrust seal, unlike MarketScore.
  • by MikeDX ( 560598 ) * on Saturday June 11, 2005 @03:38PM (#12790550) Journal
    # Everyone is welcome to join the iframeDOLLARS.biz partnership program
    # Earn $0.055 ($55.00/1000 installs) and more for each unique iframe installs
    # You only put the short one line iframe code on your page(s) and start to MAKE MONEY
    # WITHOUT any Active-X console or any pop-ups...It means that you will not lose your unique visitors with our iframe!
    # The best percentage of installs (10-40% from the total traff or it's $4-$15 FOR 1000 UNIQUE VISITORS)
    # DAILY updated soft
    # We have 3 reliable servers with excellent speed
    # Payments every Tuesday
    # Real-time statictic of your work
    # Payment via: Fethard, Webmoney, Wire and E-gold
    # More than 150 webmasters work with us
    # Friendly support service
    # Everybody who works with us is satisfied.

    Does this "everybody" include the people whos pcs get infected with this shit? How long before this becomes more widely known or more common place... and will joe public do anything or care? no. The only chance we have is when the next windows "more money, better computer needed edition" comes out..
  • by Anonymous Coward on Saturday June 11, 2005 @03:39PM (#12790555)

    SANS Internet Storm Center reported this issue [techtarget.com] more than a fortnight ago.

  • Tracking? (Score:4, Insightful)

    by Mad Merlin ( 837387 ) on Saturday June 11, 2005 @03:39PM (#12790562) Homepage
    How do they track this? I guess their malware/adware calls home as soon as it strikes a target. Perhaps there's a possible weakness in this in that you could just keep infecting a VM and then restoring it to a good image again. Think they'd be smart enough to notice something odd about a million infections from the same IP?
    • It probably just uses the referre log. For those unaware, most websites can see where their traffic comes from in their logs in a field known as "referrer".
    • Re:Tracking? (Score:4, Insightful)

      by mikael ( 484 ) on Saturday June 11, 2005 @05:20PM (#12791112)
      They would probably consider one IP address as a single sale.

      You could try spoofing false IP addresses, but they would probably be smart enough to have a three stage handshake to make sure the IP address actually existed. Not forgetting checksums to ensure that the whole package was installed. They would probably have this happen every time the machine was switched on/off, in order to know which systems were available for use. And they would probably wait a whole week until they were certain the malware was installed successfully.
  • by AtlanticGiraffe ( 749719 ) on Saturday June 11, 2005 @03:40PM (#12790565) Homepage
    The price of your hours spent trying to get rid of that annoying adware from your mother's WinXP box:

    6.1 cents.
  • by Anonymous Coward on Saturday June 11, 2005 @03:40PM (#12790566)
    1. Code up a cool extension
    2. Throw in some code for this
    3. Spread it around
    4. Profit!
  • First post.... (Score:2, Interesting)

    by Anonymous Coward
    This is the kind of thing that should be illegal. I mean, it's just blatantly...evil *puts on flame retardant suit* (as for mispellings, I've been up for 45 hours). When are people just going to all in all make these things illegal? (and no I don't mean some crappy worthless legislation, I mean a point where if adware/spyware is what your company profits from, youre done, DONE). There has to be SOME common sense...come on...please? People have to stand up and give these companies the big middle finger. I'm
    • Re:First post.... (Score:4, Insightful)

      by Alex Belits ( 437 ) * on Saturday June 11, 2005 @04:13PM (#12790749) Homepage
      1. US government passes a legislation that destroys a profitable business model.

      2. Saudi Arabia develops a housing program that involves building a large number of igloos.

      I would rather bet on the second one.
      • Re:First post.... (Score:3, Insightful)

        by Tsunamio ( 465339 )
        I'll take that bet. The US (or any other) government doesn't like profitable business models that attack other, even more profitable business models. Napster may have been making a profit, but that doesn't mean the folks in Washington liked it. And that was something that most voters approved of!

        The US government really doesn't like profitable business models from other countries that depend on slowing down our economy (say, by installing malware on all our computers).
  • Prevention (Score:4, Informative)

    by kschawel ( 823163 ) <slashdot@nospAm.li.ath.cx> on Saturday June 11, 2005 @03:40PM (#12790570)
    First of all, this exploits holes that already have patches on Windows systems:

    The code exploits a number of patched Windows and Internet Explorer vulnerabilities, including some that go back as far as 2002. Systems that haven't been updated would be vulnerable to the exploit.

    So patch and you'll be fine. Second, if you don't want to patch, you can just block this company's IP:

    According to the Internet Storm Center, companies can prevent the downloading of adware and spyware from iframeDollars' servers by blocking the IP address 81.222.131.59.
    • According to the Internet Storm Center, companies can prevent the downloading of adware and spyware from iframeDollars' servers by blocking the IP address 81.222.131.59

      Blocking? That's kid's stuff. I'm willing to pay standard rates for successful installation of my DDOS client...
    • Re:Prevention (Score:5, Informative)

      by Baron_Yam ( 643147 ) on Saturday June 11, 2005 @04:31PM (#12790843)

      So what if everyone here started clicking here [81.222.131.59]?

      Is it morally acceptable to launch a preemptive strike when you absolutely, positively know the bastard is attacking you? Given that I get a timeout when I click on that link, I'd guess many people have already said, "Yes".

      • Re:Prevention (Score:5, Informative)

        by Baron_Yam ( 643147 ) on Saturday June 11, 2005 @04:39PM (#12790884)
        Oh, and since going to iframedollars.com or iframedollars.biz [iframedollars.com] takes you to 195.95.218.170 and not the address mentioned in the parent post, you might want to click on the link above a few times as well.
        • Re:Prevention (Score:4, Informative)

          by radish ( 98371 ) on Saturday June 11, 2005 @05:29PM (#12791177) Homepage
          Judging by what's happening for me right now, putting a bogus id in the form to the left of that page hits their server rather hard. Hasn't come back yet and it's been over a minute. Doesn't increase their hosting costs, but maybe we can cause a meltdown in the database ;)

          Oops, I appear to have just started 20 request threads on their app server. My mistake.
          • Warning: mysql_numrows(): supplied argument is not a valid MySQL result resource in /home/bestc/dl/stats.php on line 16

            Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/bestc/dl/stats.php on line 23
            Today is: 12 June 2005 03:00
            adv11890
            DAY

            UNIQS

            LOADS

            LOADS %

            UNIQ LOADS

            UNIQ LOADS %

            DOLLARS

            Íîâîñòè:

            Ñ 2 ìàÿ ïîâûøåíà öåíà çà 1ê
          • If load is your goal, then rather than a bogus ID, it seems slightly more amusing to enter "%" - the SQL "match everything" wildcard.

            Looks like the contents of that field are thrown directly into a query string. Takes quite a while to come back with;
            "Warning: readfile(http://213.159.117.133/dl/stats.php?adv= a dv0 [213.159.117.133]): failed to open stream: Connection timed out in /home/users/81.222.131.59/stats.php on line 47"
          • use Reload Every [mozdev.org] with a custom reload setting of 1 second, type in a fake ID (as the parent said), and tell Reload Every to resubmit the post data every request.

            I love this.
      • Re:Prevention (Score:3, Interesting)

        by brxndxn ( 461473 )
        Why don't we just take this to the next level and have us Slashdotters patrol the web like ants.. Any time there's a verified site doing crap like this, we all hack it, bring it down, track the people involved, torture them, kill them, donate their bodies to science, take their money, and donate it to open source-related initiatives?

        And, we'll have it be anonymous.. so we'll see threads like 'Anonymous Cowerd +5 Informative: Ya, found the bastard and poured gasoline all over him and lit him on fire. He sho
  • by kingofalaska ( 885947 ) on Saturday June 11, 2005 @03:41PM (#12790574) Homepage Journal
    The question I thought of is: how much will be paid for adware/spyware removal tools, and who will profit?

    I say this because just last week I helped a friend set up his new HP machine, and noticed that it came bundled with 30 day trials of Norton firewall/AV, some anti-adware, and some antispyware. I replaced all three with free/OS versions. But many users don't know about this, don't know where to get it, and don't know how to use them. In fact, removal of these 'trials' was a pain, even for me.

    KOA

    Anchorage, Alaska Will Host National Policy Meeting on Technology [blogspot.com]

    • I think I speak for all of us (at least, all the people not affiliated with this) when I say:

      FUCK! Stop it, you lecherous thieving bastards! Enough already!

      This has been a cry of impotence. Thank you for your attention.
      • This has been a cry of impotence.

        Well clearly someone isn't getting the ads....

        As a service to the slashdot community I have included what I feel to be the best spyware removal tool out there. Please install the following attachment, it will remove all of your spyware and make your computer a friendly place again!

        Have a nice day!

        [attachment deleted: virus safely removed]

        NO CARRIER
    • Why do you think Microsoft is getting into the anti-virus business? First they single-handedly created a multi-billion dollar market for anti-virus software by creating an OS that's about as secure as cheesecloth, and now they're going to jump in and make more profit by selling anti-virus software.

      It's like a contractor building a house with a leaky roof, and then selling you a tarp to put over it.

      I wish the internet backbone sites would all block traffic to and from IframeDollars. Hmmm, but that's
  • Hey look! The free market, Russian style.

  • If adware and spyware is not illegal (although nobody here would argue it is ethical), and there is some monitary value for each PC infected, it was only a matter of time that offers like this would become public. Hopefully market competition will force down the value of each infected PC, making these schemes less inviting.
  • That's lowball.... (Score:4, Interesting)

    by kawika ( 87069 ) on Saturday June 11, 2005 @03:55PM (#12790658)
    The going rate for a US computer is more like 15 to 20 cents [cash4toolbar.com]. Other countries go for as little as 1 or 2 cents. Cash4Toolbar is installing its stuff through some blogspot.com blogs [blogspot.com] (IE users beware) and some really cute social engineering, but several others are seeding infected files on BitTorrent.

  • As a tech support agent that works to remove this crap from the machines of those brave enough to call me, I have to hate these bastards with a virulence that borders on psychotic.
    But I also have to thank them for the job security, afer all if they did not do this I would be uneeded and would have to go get a real job.
  • Where to now ? (Score:2, Insightful)

    by morcego ( 260031 )
    I was wondering where we are going from here.
    SPAM, Pay-for-xploit. 99% of the web content is pretty much useless.

    Is it possible to claim back the Internet ? Somehow, I don't think so.
    • "Is it possible to claim back the Internet ?"

      Yes, eliminate anonymity on the Internet. Stop allowing spoofed IP, MAC, and e-mail addresses.
    • You might be interested in the latest DailyDave mailing list traffic--there was a pretty long discussion about exactly this--essentially an exploit auctioning and licensing model.
    • 99% of the web content is pretty much useless.

      That may be, but you don't visit 99% of sites, and you don't visit them randomly. The thing with the web isn't how much crap it has, but how much good stuff it has: amazon for buying stuff, cnn.com and myriad others for news (slanted any way you like), and a bazillion cool toys that you can find with google.

      So basically I'm not certain the Internet is in any need of being reclaimed. Yeah, there are an awful lot of jerks out there. Most of them stay away, pub
  • If so, I sincerely hope they sign up, and pass the savings on to me.

    They already install all sorts of expensive crap I don't want on my machine (windows, office, etc) - at least if they installed this, they could pass on the savings (instead of the cost) to me.

  • by NathanBFH ( 558218 ) on Saturday June 11, 2005 @04:15PM (#12790759)
    This isn't really all that suprising. Business is business, whether it's black, gray, or white market. Affiliate programs work, why wouldn't adware businesses use this method to spread their product? It's interesting to see some estimates on their revenue, however. At first I read the slashdot summary and thought they were talking about $75,000 revenue annually and was surprised that anyone would even bother making adware for such pittly money. But the 'Aha!' moment came when I reread it and saw that's the estimated revenue for one-weeks worth of business. Damn, not too shabby.
  • Not only in Russia (Score:2, Insightful)

    by AwenAnam ( 550971 )
    Recently I was contacted by a friend of mine in the United States who wanted to hire me as a programmer to develope an email borne virus with a certain advertisement payload for one of his clients.

    I graciously declined the offer.
    • Recently I was contacted by a friend of mine in Nigeria who wanted to hire me as an intermediary to help him claim one million dollars from his father's bank.

      I graciously declined the offer.
    • Good friends you got there.
    • Bill will probably contact you again. He has the cash.

    • It is illegal in the US to misuse a computer. I'm not sure what the exact details are, but that isn't your problem. It is illegal to enter into a contract to do something illegal. Depending on circumstances, it might be illegal to know someone is attempting to commit a crime, and not tell the police. For all of the above reasons you should inform the police about this. They might not do anything, but you should get some file number so you can prove you tried anyway.

      In some cases they will ask y

  • I will pay (Score:5, Funny)

    by Anonymous Coward on Saturday June 11, 2005 @04:19PM (#12790775)
    I will pay 6 cents for every employee of this Russian company you murder.
    • Re:I will pay (Score:2, Informative)

      by Anonymous Coward
      they are actually a canadian company 180solutions who own CDT who own loudmarketing who own windupdates.com whos software is the actual stuff that gets installed, iframedollarz is just a middleman

  • Honeypot browser (Score:5, Interesting)

    by tgibbs ( 83782 ) on Saturday June 11, 2005 @04:40PM (#12790890)
    So what we need is a "honeypot browser," that represents itself to a website as an old, unpatched copy of IE--but doesn't actually install the spyware. Then we could log in over and over, costing the spyware company money each time.
    • "we" have it. It's called VMWare.
    • From what I've read, the spyware has to actually be installed and call home for people to get credit.

      So what you're describing can still be done, but it's trickier.

      First, get VMware, a vulnerable copy of Windows, VNC, and a VNC record/playback program like rfbproxy.

      Install a vulnerable version of Windows onto a VMware machine, with at least host-only networking. Install VNC with *no password*. Shut down the virtual machine. Change the virtual machine's disk to an undoable disk. While you're at it, ch
  • Make sure you edit out any mentions of Russia from article summaries. That can only lead to at least half of the comments being lame Soviet Russia jokes.
  • by Ph33r th3 g(O)at ( 592622 ) on Saturday June 11, 2005 @05:59PM (#12791334)
    Follow the money. Find out who's receiving the payments, extradite them if they're outside the U.S., slap them in irons, put them on trial, and off to pound-me-in-the-ass prison. This sort of problem won't be solved without a credible deterrent.
  • And this is why things like the Can Spam Act will never work, and are merely wastes of taxpayer dollars.
  • it's the big town bazar...
    for every way to make a buck, there will be some who are willing to exploit
    it's got nothing to do with the form of government or business
    Enron, the restaurant that doesn't charge sales tax on cash purchases, adware-spyware, ...that's life. Even the good old CCCP had its share of off books trading at all levels of 'controlled' production. Does anyone remember the nicked IBM XT and AT boards that were sneaking out of reclamation?

"The medium is the message." -- Marshall McLuhan

Working...