Tag: hackers

4850

Posted on

How Russians Hijacked P-rnHub Ads to Infect Users With Malware

Cyber criminals based primarily in Russia hijacked ads on Pornhub to infect viewers’ computers with malware, causing millions of dollars in damages, according to a US indictment.

Eight men – six from Russia and two from Kazakhstan – have been charged with cyber crimes. Three are awaiting extradition, while the others remain at large.

According to the unsealed indictment, businesses were left paying out more than $29m for ads which were never viewed by real human internet users.

Also unsealed were seizure warrants allowing the FBI to take control of 31 internet domains and take information from 89 computer servers to shut down the botnet globally.

The cyber criminals’ activities were detailed by information security firm Proofpoint, which explained how the attack on Pornhub worked.

Web browsers which navigated to Pornhub’s website were shown a fraudulent pop-up telling them to install an update to their web browser, or the Adobe Flash plugin.

But instead of a genuine update the downloaded file took control of the victim’s computer and began to run a hidden process clicking on ads which the criminals hosted on a fake web page.

Advertising fraud is a serious issue for web giants Facebook and Google, which generate the overwhelming bulk of their revenues by telling advertisers that their ads are reaching real people.

The use of bots to provide fake impressions is so prevalent on the internet that some advertisers only receive $0.01 for every $1 of impressions they pay for.

According to the justice department, the conspiracy required extensive efforts from the criminals to conceal that the ad impressions were computer generated.

“To create the illusion that real human internet users were viewing the advertisements loaded on to these fabricated websites, the defendants programmed the data centre servers to simulate the internet activity of human internet users,” it said.

This meant the servers were programmed for “browsing the internet through a fake browser, using a fake mouse to move around and scroll down a web page, starting and stopping a video player midway, and falsely appearing to be signed into Facebook”.

Details about browsers are all stored in cookies, which advertisers can check to gain more information on users.

The 13-count indictment charges eight men with various cyber crimes, including wire fraud.

Posted on

Alert: Illegal Ransomware Affiliate Network Launched!

Ransomware is considered by most to be one of the biggest threats to individuals and businesses today.  The basic way that ransomware works is that a computer is infected through normal channels (email links, corrupt websites, ect) and the software takes all the files (including pictures, documents, videos, ect) and encrypts them using advanced encryption methods.  Once encrypted, the software will notify the user that all their files have been encrypted, and they will only be given the key to unencrypt if they pay a ransom.

Unlike other types of virus or malware that use the computer’s processing and can therefore be removed without too much trouble, the ransomware can’t be undone by an anti-virus or anti-malware program.  If the users have backups of their files, they can format their PC and restore their files.  Sadly, however, most people do not have this type of backup done.  This means that users are forced to choose between either losing all their files, or paying the ransom.

While there are no guarantees that paying the ransom will actually get your files unlocked, most of the cyber criminals conducting this type of activity have actually been delivering on their promises.  From a marketing point of view, it makes sense.  If people are confident that they will get their files back, they are more likely to actually make the payment.

This ransomware issue has gotten worse recently, and research that was conducted by Check Point Software Technologies is helping to show just how bad it really is.  Specifically, they looked at a ransomware affiliate network that actually pays people to infect users.  The network works just like traditional affiliate networks where the developer of the software (in this case, Cerber malware) gets a portion of the money made, and the individual who gets computers infected and does the rest of that type of ‘work’ gets the rest.

The affiliates who do the actual infecting have access to a modern dashboard where they can keep track of their earnings, how many people they have infected, and much more.  If it weren’t for the fact that they are extorting computer users and breaking numerous laws, this would seem like a very well run affiliate network.

According to the report, people who work with this affiliate network use email and websites to infect computers with the ransomware.  Once done, the infected computers demand 1 Bitcoin (about $565 today) and that doubles if the computer owner doesn’t pay within a week.  If they do pay, the money goes to the developer of Cerber (who runs the affiliate network).  He or she then runs the bitcoins through a mixing service, which is essentially digital money laundering.  When done, he or she keeps about 40% of the money, and pays the affiliate 60% of it, all through Bitcoin.

CheckP Point estimates that Cerber’s author has made close to one million dollars over the past year, and in just July 2016 will bring in about $195k, indicating that the issue is only growing.  They also estimate that only about .3% of infected victims end up paying the ransom, but when infecting people is fairly easy, that can add up very quickly.

South Korea computer users are currently the biggest victims, followed by those in the US.  Interestingly, the report found that computer users in Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine, and Uzbekistan are not effected by Cerber at all.  This is a strong indication that the malware is being developed in Russia or one of the other listed countries.

Getting infected with this type of ransomware can be devastating to individuals and businesses, especially digital marketers who make a living online.  Even if files are backed up, restoring computer systems takes a significant amount of time and effort.  With this in mind, all marketers (and all computer users) should really take some time to make sure their computers are protected using effective anti-virus and anti-malware systems that are proven to be able to detect and prevent Cerber and other ransomware from taking hold in their systems.

Posted on

Olympics Exposing Many to Hackers & Other Digital Threats

A report was recently released from FastCompany that looked at some of the threats that the Olympics are bringing to many unsuspecting people.  While most of the news has been talking about physical threats like terrorism, theft, and things like that, a potentially bigger risk involves digital threats.  Brazil is estimated to account for 2% of all internet related crimes that occurred in 2015, and the country was listed as the 8th biggest source of bot-enabled cybercrimes.

With millions of dollars being spent on advertising, the cybercriminals are undoubtedly working overtime to cash in as much as they can.  In addition, many people are attempting to watch the Olympics online, which gives cybercriminals the ability to attempt to scam them using a variety of techniques.

Since many people will be turning to the Internet for live sports for the first time, the criminals simply have to make a fraudulent offer or set up infected websites and bring them in.  Having major events like the Olympics can certainly influence people’s behavior, and in many cases, cause them to take risks that they otherwise would not have.

Anyone who is looking to do any type of marketing or advertising related to the Olympics will want to take extra care to ensure they do not fall victim to theft, malware, or other crimes.

You can read the report from FastCompany HERE.