Cybercriminals have copied the technique of search engine optimization (SEO), by which legitimate websites use key words to boost their rankings on Internet searches, to hatch a scheme that rakes in as much as $10,800 a day, according to a Web security company.
In a cybercrime intelligence report (pdf) produced by Finjan Inc.’s Malicious Code Research Center, security researchers analyzed a cybercriminal network that tricks users into giving up their payment card numbers by inserting Web pages with SEO keywords into legitimate sites that redirect people to a Web page where “rogueware” is installed.
Rogueware is fake software that doesn’t do what it pretends to do, says Ophir Shalitin, director of marketing for Finjan. In this case, the rogueware purports to be legitimate antivirus software.
The SEO injected Web pages include popular misspelled keywords, such as "Obbama" and "Gogle," as well as words taken from Google Trends Labs.
"By adding these pages to the compromised Web site, cybercriminals are trying to have search engines index them," the report explained. "This way, they will show them as top results whenever a user makes a typo or searches for a trendy term on the Web."
This method has significantly increased traffic to these injected Web pages, Shalitin says.
Here's how it works: when users click on an infected search result, artificially bolstered by SEO, they are redirected to a Web page where a pop-up warns victims that their computer is infected with malware. The message then tries to trick users into downloading fake antivirus software for $50. If users buy the fake software, they have unknowingly just provided their payment card number to cyberthieves.
Finjan found that the rogue software’s installation rate is between 7 to 12 percent while almost 2 percent of the victims paid $50 for the bogus antivirus program.
The cyber-sleight-of-hand led 500,000 Google searches to compromised Web sites in a single day, while 1.8 million unique visitors were redirected to the antivirus software during a 16-day period, according to the report.
There are two parts to this “criminal affiliation network,” as the report dubs the cyberthieves. The first part of the network is the rogueware designers. Second, are its members, who promote the rogueware by using SEO techniques to drive unsuspecting victims to pages carrying the rogueware. Members of the cybercriminal affiliate network are richly rewarded for their work, receiving 9.6 cents for every successful redirection.
“If we calculate it per day,” the report notes, “it translate to a whopping $10,800 for one day of criminal activity.”
Do it for a year, and a cybercriminal could receive over $2 million worth of compensation for her efforts.