MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

11.8.10

Pay-per-Install through VIVA INSTALLS / HAPPY INSTALLS in BKCNET “SIA” IZZI

One of the most profitable businesses in the area computer crime, what are the affiliate programs. These are systems which adhere offenders an economic return for a commission, as in this case, for each successful installation of malware that takes place through the system distributed. 

VIVA INSTALLS, belonging to the same criminal group that is facing HAPPY INSTALLS, is one of them. This system is "protected" under the AS6851 to BKCNET "SIA" IZZI (ATECH-SAGADE) in the IP address 91.188.59.51, which resolves the domain happyinstalls.com. This AS is known for its high incidence in fraudulent activities, and because it's also used for the propagation of Koobface.


The system promotes a concerned member of the malicious code more known rogue type: A-fast Antivirus.

The fake antivirus business generates several veins, regardless of the number of successful installations. On the one hand, the cost of this rogue is USD 69.65, which all those unprepared to "buy the malware" will be fueling the business. 

At the same time, for the purchase you must complete a form, which should specify the information of credit card, which gives the offender more data to fraudulent activities. Without describing in detail the information in your credit card will fill in the fields of any database, which then also sold. 

How is the circuit of infection?
The affiliate system provides its "customers" the URL from which to download the malware, warning that not verify the integrity of the executable through public services, such Virustotal. In this case it is the setup.exe file and exe.exe (971eab628a7aac18bb29cba8849dff61), the downloader which acts as a link for the download of A-fast Antivirus.

While the system is at 91.188.59.51 members, download the rogue is from 91.188.59.112, domain a-fast.com. This maneuver, although common, shows that BKCNET "SIA" IZZI is home to a large volume of criminal activity.


How is the process of registration?
Particularly access to the circuit of the members of business means having the necessary requirements. Basically, an activation code that is issued by the affiliate system based on the recommendation of another member of "trust" that is, an offender who is already actively in the circuit and load with a period of recognized activities.

How much does the affiliate for each successful installation?
A topic of interest around the affiliate systems is how much is paid in this case, for installation?

While affiliate systems share the same business model, the cost they pay for installation is the same for each of them. In the case of VIVA INSTALLS/HAPPY INSTALLS, prices are as follows:

    • USD 0.30 per installation in U.S.
    • USD 0.20 per installation in Canada, Australia and England.
    • USD 0.01 for installation in other countries.
In short, VIVA INSTALLS / HAPPY INSTALLS dedicated only for the moment, promotion and distribution of only one of many (hundreds) rogue circuit forming part of the offense.

0 comentarios:

Post a Comment