Source of rogue malware tracked down

Share this article:
Cybercriminals have unleashed a blizzard of rogue anti-virus software to plunder naive users, and the amount of money involved is astounding. 

Joe Stewart, director of malware research at SecureWorks, said one leading set of fake AV programs is Antivirus XP 2008 and its more recent edition, Antivirus XP 2009. Both are rogue AV programs put out by Russian company Bakasoftware and sold to English-speaking computer users. 

Stewart discovered that top earners are likely making up to $5 million a year by controlling large botnets of infected computers and siphoning money into their own accounts, he told SCMagazineUS.com Thursday.

Even the nominal earner could make $50,000 to $200,000 a year on average, Stewart estimated.

“It was surprising to us how much money these guys are making,” he said.

Antivirus XP 2008 is the most prevalent rogue antivirus program right now, Stewart said.

Bakasoftware sells the product through a network of affiliates who are recruited in underground forums, Stewart said.

Affiliates distribute the product in different ways — some advertise the software on their websites, others send out spam, but the most effective method is controlling botnets, he said. With a botnet, affiliates can execute a command to potentially hundreds of thousands of computers at once.

Stewart came across on a Russian hacker forum revealing top Bakasoftware affiliate earners. The report was posted by a hacker using the alias "NeoN," who claimed that an acquaintance used SQL injection to hack into the Bakasoftware website, obtain the administrative password and get inside information about Bakasoftware profits.

According to the report, Stewart said, the top three earners made $158,568.86, $105,955.76 and $95,021.16. It is unclear how long it took them to make this.

A separate post from the supposed administrator of the site, an affiliate with the handle "Krab," shows additional earning statistics, which Stewart analyzed in his research:

“If these stats are to be believed, one affiliate was able to install 154,825 copies of Antivirus XP 2008 in 10 days' time and 2,772 of those copies were actually purchased by the victims,” Stewart wrote in his research. “This only represents a one-to-two percent conversion rate but with the generous commission structure, was enough to earn the affiliate $146,525.25 for that time period.”

Though a one-to-two-percent conversion rate is average, some affiliates are achieving up to a 75-percent conversion rate. These affiliates are likely maximizing their profits by using stolen credit card numbers to purchase the software and having the money credited to their affiliate ID — in other words, performing identity theft, Stewart said.

He said he hopes his findings illustrate that users have to be suspicious of things popping up unexpectedly, which would indicate fake anti-virus software.

“There's no legitimate virus software that's going to [unexpectedly] appear on your system and tell you're infected with hundreds of things,” Stewart said.

Attempts to reach Bakasoftware were unsuccessful.
Share this article:

Sign up to our newsletters

More in News

Goodwill investigates compromise of credit, debit card info

Credit card and debit card data may have been compromised at several Goodwill locations around the country.

Vice.com hacked, possibly The Wall Street Journal website too

Vice.com hacked, possibly The Wall Street Journal website ...

A reported Russian hacker group known as W0rm tweeted on Monday that it had hacked Vice.com and The Wall Street Journal website.

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.