The business model is known as pay-per-install (PPI), and profits by recruiting “affiliates” willing to facilitate malware installation on victims' computers.
According to a new report from the SecureWorks Counter Threat Unit titled "The Underground Economy of the Pay-Per-Install Business," the method begins when an affiliate interested in building a network of infected computers signs up to a PPI site and receives files from the PPI provider.
In the past, such sites typically served as the breeding ground for adware distribution, but now criminals are recruiting opportunists so they can receive more-pernicious malicious code.“People interested in getting into the business go to PPI sites, sign up and download executable files,” Kevin Stevens, a SecureWorks researcher, told SCMagazineUS.com Wednesday. “To make money, they install it on as many computers they can, using a variety of techniques, most of which are outlined on the PPI sites.”
The PPI sits contain methods and tools to help affiliates distribute the malicious files. Some of the options include distributing the malware through drive-by-download or peer-to-peer sites, or by using blackhat SEO methods, Stevens said.The affiliates earn money for every 1,000 installations they execute, though the compensation can vary widely.