platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Affiliate System Drops ZeroAccess.
published on 2013-12-17 17:31:00 UTC by Trojan7Malware Content:
I was recently looking around on darkode and I found this affiliate. This affiliate was recently covered by @kafeinehere. I began talking to the owner/operator of this affiliate system and after a few edits to cracked Blackhole (lol) i sent him my faked stats and I was quickly accepted.
Whats an affiliate?
An affiliate is a system were a content owner pays person/people/group to distribute the content in return the person/people/group are paid. It needs to be made clear that there are legitimate affiliates that distribute mainly versions of adware style programs. As always blackhats realise this is a good way to distribute their malware.
Lets take a look at this very widespread campaign.
Firstly, huge OPsec fail. No login or authorisation just visit a link and you have access to the traffic link,stats and payout.
Link to traffic:
Link to visitor stats:
List to payout rates:
The exploit kit link is now currently down. Whilst it was up I managed to discover it was Sweet Orange exploit kit. When a user visits the infected site they become infected with ZeroAccess and/or Cryptolocker.
How much is someone paid to do this?
Here is the message the owner sent me. In Russian first then English;
Russian version
привет.
Европа трафик $ 500 за 1к успешных нагрузок. Соединенные Штаты $ 600 за 1к.
English Version
hello.
europe traffic is $500 per 1k successful loads. united states is $600 per 1k.
The rates are pretty average. For anyone who does not understand loads means infections. So, 1000 computers from America is worth $600.
Who owns this?
The domain in the traffic picture is divided into sub-domains. The domain swsadsdr(.)org has this whois record. Registrant Contact Information: Name: Perr Pettersson Organization: N/A Address 1: 87b Kristinelundveien City: Oslo State: Oslo Zip: 0125 Country: NO Phone: +47.98959694 Email: @gmail.com
Administrative Contact Information: Name: Perr Pettersson Organization: N/A Address 1: 87b Kristinelundveien City: Oslo State: Oslo Zip: 0125 Country: NO Phone: +47.98959694 Email: @gmail.com
Technical Contact Information: Name: Perr Pettersson Organization: N/A Address 1: 87b Kristinelundveien City: Oslo State: Oslo Zip: 0125 Country: NO Phone: +47.98959694 Email: @gmail.com Lets search the names and email provided and see if we get a hit!
The email address perr.pettersson@gmail.com is related to the following domains. 1. grandtraffbiz,com 2. restofthebesta,com 3. swsadsdr,org 4. xwaveplatform(.)com
This email was also spotted by here by @stopmalvertisin