Driven by strong financial incentives and using widely available malicious code software packages, “affiliations” are being created that promote infections using a “hosted” model for the malicious code.
In this scheme, the malicious code is usually located on a dedicated malicious code server (or a site that has been hacked to host the malicious code), while the participants in the affiliation insert a reference to the malicious code in various websites. The website owners are paid according to the number of infected visitors to the site.
Finjan’s findings attest to the growing magnitude of these affiliation networks, which have been used to compromise highly popular websites and even government domains. Trojan keylogger log files show that the malicious code is being used to steal sensitive financial and personal information, such as bank account details, credit card numbers and social security IDs, for which e-criminals are willing to pay top dollar.
A Finjan report includes statistics and maps showing how a single malicious code server operated by just one hacker has infected thousands of legitimate websites worldwide. As hundreds of hackers are already using this technique, this implies that the magnitude of this problem is already having a global impact.
“Many sites are getting hit by stealthy attacks that leave no visible damage and simply insert a line of HTML code that points to malicious code on an external server,” stated Ben-Itzhak. “The upshot is that any visitor to such a website may be jeopardizing his/her personal identity, bank account details and credit card numbers to the e-criminals behind these operations. Business users that rely solely on signature-based anti-virus or URL filtering solutions might be left vulnerable to these types of attacks.”