Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/23/2009
02:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Finjan Releases Cybercrime Intelligence Report

Report shows how rogueware affiliate networks use SEO techniques to distribute their rogue antivirus software for profit

San Jose, CA, USA, March 23, 2009 - Finjan Inc., a leader in secure web gateway products and the provider of a unified web security solution for the enterprise market, today announced that its Malicious Code Research Center (MCRC) managed to research one of the rogueware affiliate networks, where members make $ 10,800 a day. In the first issue of its Cybercrime Intelligence Report for 2009, Finjan shows how the rogueware was distributed using search engine optimization (SEO) techniques. Cybercriminals used SEO to optimize the distribution of their rogueware.

Typos and misspelled keywords (such as "obbama" and liscense") as well as trendy keywords taken from Google Trends system were abused to show compromised websites as top search results. Subsequently, the traffic volume to the compromised websites increased significantly luring masses of potential buyers to the rogueware offering.

The Cybercrime Intelligence Report covers the following: *Cybercriminals are professionally organized and operate affiliate networks to boost their malware and rogueware distribution *To promote their rogueware, they compromise legitimate websites by injecting SEO targeted pages which include repetitive popular search keywords with minor typos *Search engines indexed these injected pages and display them as top search results *This SEO targeted technique has proven to be very effective and yielded almost half a million Google searches to compromised sites, according to statistics found on the criminal's server during the research *1.8M unique users were redirected to the rogue Anti-Virus software during 16 consecutive days *Members of the affiliate network were rewarded for each successful redirection with 9.6 cents "a piece", which totals $ 172,800 or $10,800 per day

"As reported by Finjan before, cybercriminals keep on looking for improved methods to distribute their malware and rogueware. Since they make money by trading stolen data or selling rogue software, they are looking for new and innovative techniques all time. To increase the distribution reach of their rogueware, they successfully turned to SEO," said Yuval Ben-Itzhak, CTO of Finjan.

The report further details how the cybercriminals created "doorways" to redirect users searching the web.

The research is described in Finjan's first Cybercrime Intelligence Report released today.

To download the report, please visit www.finjan.com/cybercrime_intelligence

About MCRC Finjan MCRC specializes in the detection, analysis and research of web threats, including Crimeware, Web 2.0 attacks, Trojans and other forms of malware. Our goal is to be steps ahead of hackers and cybercriminals, who are attempting to exploit flaws in computer platforms and applications for their profit. In order to protect our customers from the next Crimeware wave and emerging malware and attack vectors, Finjan MCRC is a driving force behind the development of Finjan's next generation of security technologies used in our unified Secure Web Gateway solutions. For more information please also visit our info center and blog.

About Finjan Secure Gateway provides organizations with a unified web security solution combining productivity, liability and bandwidth control via URL categorization, content caching and applications control technologies. Crimeware, malware and data leakage are proactively prevented via patented active real-time content inspection technologies and optional anti-virus modules.

Powerful central management enables intuitive task-based policy management, excellent drill-down reporting capabilities and easy directory integration for all network implementation options. By integrating several security engines in a single dedicated appliance, Finjan's comprehensive and integrated web security solution enables quick deployment, simplified management and reduction of costs. Business benefits include real-time web security (no patches or updates needed), lower total cost of ownership (TCO), cost savings in administration efforts, lower maintenance costs, and reduction in loss of productivity. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, eWEEK, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan's award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21354
PUBLISHED: 2021-03-08
Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of "https://pollbot.services.mozilla.com...
CVE-2021-21362
PUBLISHED: 2021-03-08
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who uses ...
CVE-2020-4695
PUBLISHED: 2021-03-08
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.
CVE-2020-4903
PUBLISHED: 2021-03-08
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
CVE-2020-5014
PUBLISHED: 2021-03-08
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.