Source of rogue malware tracked down

Share this article:
Cybercriminals have unleashed a blizzard of rogue anti-virus software to plunder naive users, and the amount of money involved is astounding. 

Joe Stewart, director of malware research at SecureWorks, said one leading set of fake AV programs is Antivirus XP 2008 and its more recent edition, Antivirus XP 2009. Both are rogue AV programs put out by Russian company Bakasoftware and sold to English-speaking computer users. 

Stewart discovered that top earners are likely making up to $5 million a year by controlling large botnets of infected computers and siphoning money into their own accounts, he told SCMagazineUS.com Thursday.

Even the nominal earner could make $50,000 to $200,000 a year on average, Stewart estimated.

“It was surprising to us how much money these guys are making,” he said.

Antivirus XP 2008 is the most prevalent rogue antivirus program right now, Stewart said.

Bakasoftware sells the product through a network of affiliates who are recruited in underground forums, Stewart said.

Affiliates distribute the product in different ways — some advertise the software on their websites, others send out spam, but the most effective method is controlling botnets, he said. With a botnet, affiliates can execute a command to potentially hundreds of thousands of computers at once.

Stewart came across on a Russian hacker forum revealing top Bakasoftware affiliate earners. The report was posted by a hacker using the alias "NeoN," who claimed that an acquaintance used SQL injection to hack into the Bakasoftware website, obtain the administrative password and get inside information about Bakasoftware profits.

According to the report, Stewart said, the top three earners made $158,568.86, $105,955.76 and $95,021.16. It is unclear how long it took them to make this.

A separate post from the supposed administrator of the site, an affiliate with the handle "Krab," shows additional earning statistics, which Stewart analyzed in his research:

“If these stats are to be believed, one affiliate was able to install 154,825 copies of Antivirus XP 2008 in 10 days' time and 2,772 of those copies were actually purchased by the victims,” Stewart wrote in his research. “This only represents a one-to-two percent conversion rate but with the generous commission structure, was enough to earn the affiliate $146,525.25 for that time period.”

Though a one-to-two-percent conversion rate is average, some affiliates are achieving up to a 75-percent conversion rate. These affiliates are likely maximizing their profits by using stolen credit card numbers to purchase the software and having the money credited to their affiliate ID — in other words, performing identity theft, Stewart said.

He said he hopes his findings illustrate that users have to be suspicious of things popping up unexpectedly, which would indicate fake anti-virus software.

“There's no legitimate virus software that's going to [unexpectedly] appear on your system and tell you're infected with hundreds of things,” Stewart said.

Attempts to reach Bakasoftware were unsuccessful.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

FBI to open Malware Investigator portal to security researchers

The portal is a virus analysis tool that examines suspicious files and shares information about them.

Android bug allowing SOP bypass farther reaching than initially thought

Researchers found that 42 out of the top 100 apps in the Google Play store with 'browser' in their names were vulnerable.

SUPERVALU and AB Acquisition LLC report being breached again

SUPERVALU and AB Acquisition LLC report being breached ...

The breaches involved different malware and both companies are investigating whether payment card information was stolen.