MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

3.9.10

Circuit membership for the dissemination of NoAdware rogue

Malware hides behind a business. Without a doubt, I believe that no one denies this claim. Day by day is an important flow of malicious code that, while general purpose have a story in its activities, seeking final feedback on the business behind through fraudulent mechanisms and strategies.

One of the most popular business models is to pay a percentage of money given to those who successfully promote rogue. The model is known as affiliate programs, while the facility payment system is called Pay-Per-Install.

This is the case of rogue NoAdware, a malicious code that operates widely available for several years through different coverages.

Home NoAdware
From this website you download the official binary of "economic resource" for the system of affiliates and partners

Using common strategies imposed by this style websites, such as false certificates and testimonies that try to convey confidence in the potential victims, promote the installation of an alleged security solution that is actually malware.

Affiliate program usually provide only the executable to spread, which many criminals spread it through some  crimeware type exploit pack, and to a lesser extent, only spread by a page that is created and hosted at your own risk .

The system behind NoAdware, facilitates this issue by providing the ability to select a template and then just upload to the hosting affiliate. Thus, when a potential victim visits this site, is redirected to the homepage of NoAdware, and each member, in theory, get 75% of money for each installation. The sales of rogue (mimicked in security program) is for $47.00.

However, other values are also managed directly related to the number of licenses:
  • 2 Computers ($67.00)
  • 3 Computers ($87.00)
  • 5 Computers ($117.00)
  • 10 Computers ($197.00)
  • 25 Computers ($417.00)
  • 50 Computers ($767.00)
Site selection to propagate NoAdware
The process involves two steps: select the template and download. This web site traffic routed to the home page of NoAdware

NoAdware also promoted under the name Adware Professional 2010. It's exactly the same application to install malicious reports against the system that is behind NoAdware.

Hypothetically speaking, suppose a partner (affiliate/delinquent) successful installation per day for 30 days (one month). 75% of $47 is $35.25 (this is what would win one day and successful installation of malware). Accordingly, this partner would have a theoretical gain of $1057.5 monthly.

This affiliate program works with a payment system via the Internet, legal, called ClickBank, especially whose main trade is that a large number of rogue malware type is done through this system.

HopLink for NoAdware
This page directs traffic to the official website of NoAdware, while sending information to the payment affiliate log into your account

The address is to the URL with the following syntax: noadware.net/?hop=[PARTNER-NICK]

This will record the payment of a percentage of money as a commission for each of the members to serve on the circuit of this rogue.

Affiliate System Circuit
The graph shows the different stages that runs a conventional affiliate

One of the evidences that reflects the rate for ClickBank by criminal groups to secure economic transactions "safe" is the important flow of affiliate systems, many of them promote malware, which are under his roof. Some of them are:
This brief list is just a small sample, because the volume of malware that are promoted through this medium is very large.

Related  information
AntiSpy Safeguard with new social engineering approach

5 comentarios:

MysteryFCM said...

Just an FYI, it's also at;

noadware.com

DL:
hxxp://www.noadware.com/download/nans.exe

Jorge Mieres said...

Hi bro, thanks for the data ;)
Cheers!

Mike said...

How are you sure that NoAdware is rogue? Just because it has an affiliate program :) Even Amazon.com have an affiliate program. What are the FACTS you have? If the first link is the technical data pls explain that... I'm interested. I can't understand it: noadware.exe (e407db8a983f8960c4378b3b00c29c32)

KS said...

It's funny to see you saying things that are useless... clickbank has thousands of products and there are around 100,000 affiliates - noadware is only one in thousands of products that are promoted by affiliates. Probably you just want to add content on your blog. You're saying products that allow people to become affiliates are rogue. Ridikuli.

Anonymous said...

NoAdware is this... an adware program men! The post focuses on the strategy used by NoAdware. What has to do what you say?

you need to read things better haha

Post a Comment