Malicious Monetization

Stephen Yagielowicz
Perhaps you can blame the declining economy as the culprit behind the escalating bad behavior being exhibited throughout certain segments of cyberspace, where everything from fraudulent billing to extortion and beyond awaits the unwary surfer with increasing regularity — a situation that sometimes hits too close to home.

For example, a recent XBIZ News story detailed a German federal Office for Information Security (BSI) report of the "growing and persistent array of online threats that continues to outwit even the savviest of users."

"The situation is serious — it is even more catastrophic than we feared," said Hartmut Isselhorst of the BSI. "We are all being attacked. As soon as we go online, we become the target of attacks."

And right they are.

I've been a heavy Internet user and webmaster since 1993, and in that time, I have had one website hacked (damn kids in Amsterdam deleted my site and put a photo of a bong on my homepage …) and had my workstation disabled by KAK, which left me freaked out by it shutting down and displaying a notice that "kagou anti krosoft says not today!"

But that was a long, long time ago, and my security has dramatically improved since then to the point that I don't get too worried about visiting some of the, shall we say, "shadier" online neighborhoods that my work sometimes finds me in.

Until now, that is.

What has me concerned is two recent attacks that hit within a matter of days of each other — events about which I'm still dealing with the fallout.

First up was an infection that left me with a copy of Spyware Protect 2009 on my system, displaying its ominous "Warning! You have spyware on your computer — click here to purchase our tool to remove it!" dialog boxes and Windows system-like behaviors to make it look "official." The folks behind this did a great job of presenting their offer, and the persistent little bugger took quite a bit of effort (and bad language) to remove — being entrenched in my browser, task bar and throughout my system's files.

As part of this attack, a host of other nasty mutants compromised some of my anti-virus and firewall protection in an attempt to "pry the door open" for further attacks, which was a most disheartening experience as I watched my fortress' walls crumbling.

As a side note, for the many people who doubtless bought into this software scam, far from removing the threat, the Spyware Protect 2009 installation would simply heap even more digital atrocities onto the hapless user's computer.

Did I pick something up on an adult site? Maybe, but I visit at least as many mainstream websites, and they often are more attractive to hackers.

Regardless of where the actual attack took place, those initiating these attacks are online extortionists who seek to use fear as a weapon to drive sales. And while I didn't make a purchase, I was scared — scared at the thought of losing all of my data (how current are those backups?) and of the loss of any sensitive information of value to identity thieves or other criminals. What else was my computer doing now — things that I didn't even know about — like launching "zombie" attacks on other computers?

It took a lot of Googling to get things straightened out, plus the use of some new tools such as Malwarebytes' Anti-Malware solution, as well as the loss of a few hours and a lot of stress to overcome this infection, which was far more sophisticated in its attack than the previous KAK virus that I had. Bastards.

And you'd think that I'd learned my lesson and would be more wary, but you'd be wrong — and so it was that two days after cleaning out my system I found myself upgrading an old WordPress installation on my server to the latest version, which has a nifty FTP client to upload and install plugins. But plugins by whom, from where — and how safe are they?

The one I installed that day using said fancy admin panel asked for my FTP username and password — not the first piece of software I've installed to do so. And you might have guessed it, but the next morning, all of the index pages on all of the sites on that server (and their subdirectories) had malicious commie code embedded in them, trying to send my visitors unknowing-like to domains that ended in .ru.

Encoded HTML redirects placed in my <head>s using JavaScript and "eval" commands, plus encrypted scripts injected into the PHP contained in my <body> tags. Had they done it by hand and gone back to check the pages, they could be wreaking havoc on anyone who landed on one of my pages. Sloppy hackers and their automation — stray snippets of their malicious code were left visible on some of my pages, and if not for this glaring red flag, I might not have noticed the attack — at least for some time.

Changing my FTP password stopped them, but once again, hours are lost and sleepless nights spent restoring corrupted pages from backup files and scouring folders for other signs of attack.

While malicious website attacks are nothing new, this apparent increase in the incidence and severity of these attacks doesn't bode well for e-merchants, mainstream or adult, who rely on a customer's trust factor when dealing with virtual entities.

At a time when every sale counts, marketers and others using malicious tools to further their means and bottom lines are a threat to all operators — and a threat that must be confronted and addressed.

For my part, I'm going to beef up security and push ahead.

More Articles


Webmasters Shouldn’t Wait for Disaster to Hit

Cathy Beardsley ·

Hefner’s Legacy Lives On in the Industry

Juicy Jay ·

Privacy Notices Shouldn’t Be Treated as an Afterthought

Corey D. Silverstein ·

Legal Issues Pop Up When Filming Sex in Public

Lawrence G. Walters ·

A Road Less Traveled: Accepting Alternative Payment Solutions

Stephen Yagielowicz ·

Credit Card Processing Today: Decline or Dominance?

Stephen Yagielowicz ·

Shifting Regulations: Keeping on the Straight and Narrow

Stephen Yagielowicz ·

Putting Your Best Foot Forward: Billing's Best Practices

Stephen Yagielowicz ·

PornDoe Premium — 35 Network Sites and Counting

Rhett Pardon ·

Q&A: White Label Dating’s Steve Pammenter Expands Horizons

Alejandro Freixes ·
Show More