Welcome to our
Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Affiliate System Drops ZeroAccess.
published on 2013-12-17 17:31:00 UTC by Trojan7MalwareContent:
I was recently looking around on darkode and I found this affiliate. This affiliate was recently covered by @kafeine here. I began talking to the owner/operator of this affiliate system and after a few edits to cracked Blackhole (lol) i sent him my faked stats and I was quickly accepted.
Whats an affiliate?
An affiliate is a system were a content owner pays person/people/group to distribute the content in return the person/people/group are paid. It needs to be made clear that there are legitimate affiliates that distribute mainly versions of adware style programs. As always blackhats realise this is a good way to distribute their malware.
Lets take a look at this very widespread campaign.
Firstly, huge OPsec fail. No login or authorisation just visit a link and you have access to the traffic link,stats and payout.
Link to traffic:
Link to visitor stats:
List to payout rates:
The exploit kit link is now currently down. Whilst it was up I managed to discover it was Sweet Orange exploit kit. When a user visits the infected site they become infected with ZeroAccess and/or Cryptolocker.
How much is someone paid to do this?
Here is the message the owner sent me. In Russian first then English;
Russian version
привет.
Европа трафик $ 500 за 1к успешных нагрузок. Соединенные Штаты $ 600 за 1к.
English Version
hello.
europe traffic is $500 per 1k successful loads. united states is $600 per 1k.
The rates are pretty average. For anyone who does not understand loads means infections. So, 1000 computers from America is worth $600.
Who owns this?
The domain in the traffic picture is divided into sub-domains. The domain swsadsdr(.)org has this whois record.
Registrant Contact Information:
Name: Perr Pettersson
Organization: N/A
Address 1: 87b Kristinelundveien
City: Oslo
State: Oslo
Zip: 0125
Country: NO
Phone: +47.98959694
Email:
@gmail.com
Administrative Contact Information:
Name: Perr Pettersson
Organization: N/A
Address 1: 87b Kristinelundveien
City: Oslo
State: Oslo
Zip: 0125
Country: NO
Phone: +47.98959694
Email:
@gmail.com
Technical Contact Information:
Name: Perr Pettersson
Organization: N/A
Address 1: 87b Kristinelundveien
City: Oslo
State: Oslo
Zip: 0125
Country: NO
Phone: +47.98959694
Email:
@gmail.com
Lets search the names and email provided and see if we get a hit!
The email address perr.pettersson@gmail.com is related to the following domains.
1. grandtraffbiz,com
2. restofthebesta,com
3. swsadsdr,org
4. xwaveplatform(.)com
This email was also spotted by here by @stopmalvertisin
Whats an affiliate?
An affiliate is a system were a content owner pays person/people/group to distribute the content in return the person/people/group are paid. It needs to be made clear that there are legitimate affiliates that distribute mainly versions of adware style programs. As always blackhats realise this is a good way to distribute their malware.
Lets take a look at this very widespread campaign.
Firstly, huge OPsec fail. No login or authorisation just visit a link and you have access to the traffic link,stats and payout.
Link to traffic:
Link to visitor stats:
List to payout rates:
The exploit kit link is now currently down. Whilst it was up I managed to discover it was Sweet Orange exploit kit. When a user visits the infected site they become infected with ZeroAccess and/or Cryptolocker.
How much is someone paid to do this?
Here is the message the owner sent me. In Russian first then English;
Russian version
привет.
Европа трафик $ 500 за 1к успешных нагрузок. Соединенные Штаты $ 600 за 1к.
English Version
hello.
europe traffic is $500 per 1k successful loads. united states is $600 per 1k.
The rates are pretty average. For anyone who does not understand loads means infections. So, 1000 computers from America is worth $600.
Who owns this?
The domain in the traffic picture is divided into sub-domains. The domain swsadsdr(.)org has this whois record.
Registrant Contact Information:
Name: Perr Pettersson
Organization: N/A
Address 1: 87b Kristinelundveien
City: Oslo
State: Oslo
Zip: 0125
Country: NO
Phone: +47.98959694
Email:
@gmail.comAdministrative Contact Information:
Name: Perr Pettersson
Organization: N/A
Address 1: 87b Kristinelundveien
City: Oslo
State: Oslo
Zip: 0125
Country: NO
Phone: +47.98959694
Email:
@gmail.comTechnical Contact Information:
Name: Perr Pettersson
Organization: N/A
Address 1: 87b Kristinelundveien
City: Oslo
State: Oslo
Zip: 0125
Country: NO
Phone: +47.98959694
Email:
@gmail.comLets search the names and email provided and see if we get a hit!
The email address perr.pettersson@gmail.com is related to the following domains.
1. grandtraffbiz,com
2. restofthebesta,com
3. swsadsdr,org
4. xwaveplatform(.)com
This email was also spotted by here by @stopmalvertisin
http://trojan7malware.blogspot.com/2013/12/affiliate-system-drops-zeroaccess.html
Published: 2013 12 17 17:31:00
Received: 2024 03 20 04:23:50
Feed: Trojan7Malware
Source: Trojan7Malware
Category: Cyber Security
Topic: Cyber Security
Views: 2
