Affiliate web-based malware

Paul Baccas Sophos

Corporate stream: Wednesday 1 October 2008, 15:40 - 16:20.

For the past year researchers at SophosLabs have been tracking malicious websites with our technology partners and via product-based reporting.

Most web attacks are fairly simple and straightforward in nature, though the components of the attack are arbitrarily complex. However, some attacks are more complex in nature and include the passing of information to 'grey' sites before installing malware. These complex attacks are very reminiscent of the links we would see were we to analyse a revenue-generating/advertising/pop-up network. These affiliate-based links look to all intents and purposes like a 'legitimate' network with the added bonus of delivering malware.

This paper will attempt to show some simple attacks with a more detailed analysis of some affiliate malware delivery systems.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘Always fantastic and memorable, VB is still small and intimate (e.g. vs RSA), yet has the ambience and professionalism of a big budget conference - a perfect balance.’

Poll

Should anti-virus software be free for personal use?

Leave a comment
View 21 comments

Jobs

In Virus Bulletin's jobs pages among others:

System Administrator (m/f) (Tettnang, Germany)
Product Manager (m/f) (Tettnang, Germany)

Virus Bulletin currently has 143,011 registered users.

Fighting malware and spam