One of the content monitoring services that I subscribe to is Google Alerts, which only provides content from the Google search engine itself. I use a combination of RSS and email alerts, generally set to deliver as it happens. I tend to pay a great deal of attention to alerts that come from sources that lack professional credentials. My specific area of concentration is with affiliates who participate in the distribution of harmful or bogus applications, otherwise known as rogueware.
A general template for many rogueware-affiliates is to offer a catchy title that will pique your interest. A recent Google malware email alert was titled: “What Malware And Grayware Are And What You Can Do About Them.”
The affiliate article will likely give you accurate and timely security-related information. The writer will also hook you into believing that the author knows what she or he is talking about, while sporting juicy paragraphs such as this:
“The more sophisticated kinds of rootkits will actively prevent you from deleting them. It may, for instance, duplicate itself several times, and replace those copies whenever they’re removed, making it difficult to get rid of them all and also harder to identify the original problem files.”
Then the affiliate will add a highly credible source to the article content:
“Since it is virtually impossible to prevent malware from installing itself on your system, it is best to create a routine check on your system for malware by using an anti-malware system such as Microsoft’s Malicious Software Removal Tool. This program is compatible with Windows Vista, Windows XP, Windows 2000 and Windows Server 2003, and can determine the nature of specific malware installations while also being able to assist you in removing them from your system.”
This particular rougeware-affiliate marketing plan is highly versed in SEO and Google page ranking placement:
Both McAfee SiteAdvisor and W.O.T. (Web of Trust) have security concerns with Spyware Removal Doc. It is also listed at hp-hosts as FSA, otherwise known as: sites engaged in the selling or distribution of bogus or fraudulent applications.
Spywareremovaldoc[]com is currently on the auction block for 15K USD with a current bid of $100 USD. You won’t be able to download their “free software” until you complete one of the trial options over at trialpay.com.
The current marketing plan is exceptionally cunning. I can credit them with some pretty ingenious and well thought out social engineering techniques too. They also have a number of first page rankings with Google and are able to market their product as highly credible to those who are not well versed in the realm of security software.
In a 2009 PandaLabs Report The Business of Rogueware, PandaLabs reveals “how the rogueware business works. Not unlike a traditional business, the rogueware business model consists of two major parts: program creators and distributors. The creators are in charge of making rogue applications, providing the distribution platforms, payment gateways, and other back office services. The affiliates are in charge of distributing the scareware to as many people and as quickly as possible.”
- Cybercriminals are earning approximately $34 million per month through rogueware attacks
- Approximately 35 million computers are newly infected with rogueware each month
- Rogueware is being distributed through Facebook, MySpace, Twitter, Digg and targeted blackhat SEO attacks –PandaLabs
I believe that 2010 is going to introduce a few additional components to the distribution module of the rogueware business model:
- Rogue marketing plans will include pairing(bundling) rogueware with credible software that people trust.
- More rogueware will cease to become directly down-loadable and will be featured “behind-the-scenes” at third-party sites that have solid SEO reputations.
Until next time — Stay safe online!
