back to article Botnet farmers play the international exchange game

Spyware authors are prepared to pay botnet farmers or webmasters much more for infecting PCs in the UK or Australia than machines in continental Europe. Selling "installs" is a common practice in the cyber-underworld, the most notable example being in 2005 when Jeanson Ancheta was arrested for building a 400,000-strong botnet …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Need to make up a phony trojan

    Just make up a fake one that emulates lots of real malware but doesn't send anything of interest back to the "mother ship". Then they send you $$$ (am I dreaming?) and they get nothing.

    Just the ticket. Malware for the malware people. Similar to click fraud on Google, I suppose. You want botnets, we got botnets. Do they do anything? No, but we got botnets.

    If it were only true! (*SIGH*)

  2. Anonymous Coward

    "... a shortened version of its name ..."

    " The site is loaded with malware and for that reason we'll refer to it by a shortened version of its name, "

    That's not shortened at all, that's the exact full name.

  3. ImaGnuber

    Humour 2.0

    "cybercrime 2.0."

    Love it. Very funny. Hate them though.

  4. Spleen

    Why pay to install spyware in the UK?

    Just get a job at Phorm...

  5. Anonymous Coward

    Re "... a shortened version of its name ..."

    No its not! theres a bit before the .installscash and its not www.

    oh and thanks for telling us all you use Firefox, nice to know.

  6. Anonymous Coward

    Re "... a shortened version of its name ..."

    What's also interesting is that Google has not flagged that site with as it usually does...

    For those without FF+ABP+NS or those not game to have a look, here's a rundown:

    The site itself looks very slick... The English is well written with no spelling or grammatical errors that I could find, and some time has been spent on the graphics and layout, it has a very typical shiny-glass 2.0 look to it. Pages accessible from the front page are Home, Terms, FAQ (!), Sign Up, About Us, Rates and a Login button. You could be forgiven for thinking it was a legitimate business site at first glance!

    Looking at the source, I can't find any suspect Javascript but it does try to run a Flash object - which is almost certainly where the malware comes from. I couldn't find any iframes or external script calls on the pages I looked at. The site uses PHP to display its pages, and the HTML is not W3C compliant; no DOCTYPE, some HTML tags are uppercase, and it uses deprecated elements and attributes.

    Interestingly, the WHOIS turns up two names and addresses in Iowa City, USA. A little email to the FBI is in order, methinks...

    Finally, that "phony trojan" is a fantastic idea, and I'll be passing that along to some friends who will be able to make good use of it...

This topic is closed for new posts.