The recent wave of search engine optimised web attacks is netting a huge cash haul for hackers and malware vendors, according to researchers.
Security firm Finjan claimed that a single hacker can make as much as $10,800 (£7,400) a day by embedding compromised web pages with links to attack sites and lists of popular search terms.
Finjan chief technology officer Yuval Ben-Itzhak said that the company recently observed a single attack operation involving a set of compromised pages that redirected to a site pushing a rogue anti-virus program.
The attackers had compromised a series of pages which were then embedded with lists of popular search terms collected from services such as Google Trends or current news items. The same pages were then injected with obfuscated code that redirected to the attack page, which used fake alert boxes to convince the user to download and purchase the bogus security software for $50 (£34).
Over a period of 16 days, Finjan recorded some 1.8 million hits from the infected pages. Between seven and 12 per cent of the victims actually downloaded and installed the software, and roughly 1.79 per cent paid the $50 fee.
Finjan estimated that the sales generated a haul of around $191,000 (£131,000) from a single attack operation. Using common referral rates of roughly 1.6 cents each, Finjan also estimated that the cut of the profits being paid to the hackers was $172,000 (£118,000) over the course of 16 days.
Perhaps most troubling is the ease with which these operations can be performed. Ben-Itzhak said that the operation his company observed was likely to have been run by one or two people, and required relatively little knowledge or skill.
"Everything is being done automatically. They're using automatic tools to compromise the web site and it isn't hard to find keywords," he explained. "You don't need to have a PhD to set this up, and that is why it is so successful."
The current economic crisis has led many security experts to worry that cyber crime will surge in the coming months and years, as users turn to the web for job opportunities and bargain shopping.
Other reasons for the growth in cyber crime are increasingly sophisticated attack techniques, and the availability of easy-to-use tools which enable criminals to make quick money.
"These numbers clearly indicate why cyber crime continues to grow," said Ben-Itzhak. "You can see the numbers, you can see how successful it is, and there is no reason to think it will die."
See also:
Safari, Firefox and IE all fail in hacking competition 19 Mar 2009
New Apacs figures show card not present fraud totalled £328m in 2008 19 Mar 2009
Bogus 'bomb scare' emails add unsuspecting users to Waledac botnet 16 Mar 2009
A collection of online annoyances we all could do without 15 Mar 2009
Lost productivity costing the average company £130,000 a year, says McAfee 09 Mar 2009All Hacking Tags: Finjan, Hacking, Malware, Google-trends, Threats, Internet, Security, Software
del.icio.us
Digg this
reddit!
