Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Affiliate System Drops ZeroAccess.

published on 2013-12-17 17:31:00 UTC by Trojan7Malware
Content:
I was recently looking around on darkode and I found this affiliate. This affiliate was recently covered by @kafeine here. I began talking to the owner/operator of this affiliate system and after a few edits to cracked Blackhole (lol) i sent him my faked stats and I was quickly accepted.

Whats an affiliate?
An affiliate is a system were a content owner pays person/people/group to distribute the content in return the person/people/group are paid. It needs to be made clear that there are legitimate affiliates that distribute mainly versions of adware style programs. As always blackhats realise this is a good way to distribute their malware.

Lets take a look at this very widespread campaign.
Firstly, huge OPsec fail. No login or authorisation just visit a link and you have access to the traffic link,stats and payout.

Link to traffic:


Link to visitor stats:

List to payout rates:

The exploit kit link is now currently down. Whilst it was up I managed to discover it was Sweet Orange exploit kit. When a user visits the infected site they become infected with ZeroAccess and/or Cryptolocker.

How much is someone paid to do this?
Here is the message the owner sent me. In Russian first then English;
Russian version
привет.
Европа трафик $ 500 за 1к успешных нагрузок. Соединенные Штаты $ 600 за 1к.

English Version
hello.
europe traffic is $500 per 1k successful loads. united states is $600 per 1k.

The rates are pretty average. For anyone who does not understand loads means infections. So, 1000 computers from America is worth $600.

Who owns this?
The domain in the traffic picture is divided into sub-domains. The domain swsadsdr(.)org has this whois record.
Registrant Contact Information:
    Name: Perr Pettersson
    Organization: N/A
    Address 1: 87b Kristinelundveien
    City: Oslo
    State: Oslo
    Zip: 0125
    Country: NO
    Phone: +47.98959694
    Email: @gmail.com

Administrative Contact Information:
    Name: Perr Pettersson
    Organization: N/A
    Address 1: 87b Kristinelundveien
    City: Oslo
    State: Oslo
    Zip: 0125
    Country: NO
    Phone: +47.98959694
    Email: @gmail.com

Technical Contact Information:
    Name: Perr Pettersson
    Organization: N/A
    Address 1: 87b Kristinelundveien
    City: Oslo
    State: Oslo
    Zip: 0125
    Country: NO
    Phone: +47.98959694
    Email: @gmail.com

Lets search the names and email provided and see if we get a hit!

The email address perr.pettersson@gmail.com is related to the following domains.
1.  grandtraffbiz,com
2.  restofthebesta,com
3.  swsadsdr,org
4.  xwaveplatform(.)com

This email was also spotted by here by @stopmalvertisin






Article: Affiliate System Drops ZeroAccess. - published almost 11 years ago.

http://trojan7malware.blogspot.com/2013/12/affiliate-system-drops-zeroaccess.html   
Published: 2013 12 17 17:31:00
Received: 2023 03 31 23:02:33
Feed: Trojan7Malware
Source: Trojan7Malware
Category: Cyber Security
Topic: Cyber Security
Views: 2

Custom HTML Block

Click to Open Code Editor