Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Pay Per Install – The New Malware Distribution Network

Created: 09 Apr 2010 07:44:43 GMT • Updated: 23 Jan 2014 18:28:24 GMT
Ashwin Athalye's picture
+1 1 Vote
Login to vote

Do you want to earn a few extra bucks by spreading malware? A lot of users have been doing just that, especially when they are welcomed by the profitable malware world to share their revenue! Malware is no longer written for fame and notoriety. It is all about money these days and guess what—it is also covered by a strong business model.

Malware distribution techniques have undergone a major transformation over the years. In the early days, worms self-propagated while exploiting server-side vulnerabilities that would allow propagation without any user interaction—simply requiring the computers to be on and connected to the network. Once the worm infected the computer using the vulnerability, it would scan for other vulnerable computers on the network and the process would start all over again.

Over the years these types of server-side vulnerabilities dried up and the focus quickly turned to client-side attacks and classic social engineering. Most client-side attacks exploit vulnerabilities in client applications such as browsers and browser plug-ins. Both client-side vulnerabilities and social engineering require some sort of user initiation, which means that the victim needs to visit an infected website, click on a malicious link, or open an email attachment. So the question is, how does one propagate malware on a large scale using client-side vulnerabilities?

To solve this problem, malware authors have come up with a distribution model dubbed “pay-per-install.” This is not a new online concept and has roots in the online advertising and pornography industries. This model entices users to join the network by paying them for installing malware. They also have a strong built-in referral system for rewarding the affiliates and thus are able to scale their malware distribution. The image below shows one of the most prominent pay per install followers. You can see the lucrative benefits and schemes that are offered to attract partners.
 

We take an under-the-hood look at how this business model operates in a newly released whitepaper entitled Pay Per Install – The New Malware Distribution Network, which discusses the distribution model, affiliate recruitment, financial model, and after-market tools and services of malware distribution networks.