Re: CWSandbox vs. Click-Fraud Trojans

[Nick FitzGerald <nick () virus-l demon co uk>]

fergie wrote:

> Via Honeyblog.
>
> [snip]
>
> Business Week had an interesting story about click fraud recently (also
> at /.). This seems to be a really lucrative business and there is of
> course also malware that helps the attacker to automatically generate
> clicks on websites.
<<snip>>

Such things have been around since the mid-late 90's (i.e. close to a 
decade), tracking the development of pay-per-view and pay-per-click 
webvertising.  The first one I recall analyzing in any depth was 
installed instead of a warez FTP ("pubstro") site if the dropper/ 
downloader doing the install decided that the local network connection 
speed was too slow (done by timing the download of a large-ish file 
from a well-connected site -- IIRC, one of the older AOL installers 
around the 1-1.5MB size from an AOL site).  Thus, the warez servers 
ended up on fast cable and DSL machines, generally with rather stable 
IPs, while the dial-up victims with their slow, but ephemeral IP, 
connections got ad-clickers.

And here's a thing some of you (especially Gadi!  8-) ) will find hard 
to believe -- "back then" it was often difficult to get AV vendors to 
add detection of such things...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.