Site Hacks, Fake Security Rakes in Serious Cash

March 23, 2009, 4:12 PM — Here's a recipe for illicit online riches:

1. Hack a Web site to insert pages full of keywords to popular terms.
2. Redirect the millions of people who click on the search result links to the fake pages to a site selling rogue antivirus software.
3. Sit back and collect affiliate fees from the rogue software seller, to the tune of up to US$10,000 a day.

Web security company Finjan gathered details on this kind of operation after gaining access to a traffic management server used by the bad guys. The redirection that started with a poisoned search link went through the traffic servers on the way to rogue AV sites, allowing Finjan to observe the process.

The company found that crooks were hacking legitimate Web sites to insert parasite pages stuffed full of search terms pulled from the Google Trends system, along with others with minor typos from real terms like Gogle or Obbama.

These fake pages, designed to get search engines to find and display the pages in online searches, would redirect anyone who clicked on them to a site selling rogue AV software. Pushing the fake apps has become a popular profit-making technique among online crooks, and for good reason.

Finjan found that affiliate programs from the crap software pushers pay hackers 9.6 cents per redirection to the software-selling sites. That adds up to serious cash when you're talking about 1.8 million unique user redirections in 16 consecutive days, as Finjan observed.

Of those 1.8 million users, 1.79 percent of them paid $50 for the fake AV software. The software sellers used those profits to pay a total of $172,000 - or $10,800 per day - to affiliates.

With numbers like these, it's no surprise that rogue antivirus is becoming more common. And its spread doesn't just hurt those who get conned out of $50 or more for the software. Search engines will typically penalize sites that they believe are trying to game the system by stuffing pages full of random search terms, Finjan says. So the legitimate sites that get hacked may be penalized and see their real pages drop in search engine rankings.