X
Tech

Spyware pushers tricks of the trade or how to trash a machine with one bundle of spyware

I often hear questions asked about why do spyware pushers trash machines with their large bundles of garbage-ware and how do they do it.  Last year I wrote about Spyware Tricks, including the money trail.
Written by Suzi Turner, Contributor

I often hear questions asked about why do spyware pushers trash machines with their large bundles of garbage-ware and how do they do it.  Last year I wrote about Spyware Tricks, including the money trail. Nearly all of the top 10 spyware tricks of 2005 involved affiliate's distributing spyware through illegal means without notice or consent through channels like BitTorrent, Windows Media files, AIM and IRC. We've recently seen more cases spyware and adware pushed through botnets -- read VitalSecurity's write up here. The answer to why? is simple. It's always about M O N E Y

A few days ago I blogged at SpywareWarrior about two affiliate programs that are pushing adware and spyware in large bundles, typically through exploits at unsavory sites.  They are GimmyCash! and DollarRevenue. Note that GimmyCash pays well:

$0.40 per United States & Canadian install!
$0.20 in 16 other countries! United Kingdom, France, Germany, Netherlands, Ireland, Austria, Belgium, Denmark, Spain, Sweden, Switzerland, Finland, Gibraltar, Greece, Norway, Italy & $0.02 Rest of the world.

DollarRevenue isn't far behind.

USA $ 0,30
Canada $0,20
United Kingdom $ 0,10
China $ 0,01
Other countries $ 0,02

Here's what makes these programs particularly attractive to rogue affiliates. GimmyCash! says:

You can choose to promote GimmyCash by:
Software bundles -> combine your software with Gimmy.
Advertising our free GimmyGames concept into your site.
Advertising our free GimmySmileys concept into your site.

DollarRevenue says:

1) ActiveX This solution works well for webmasters with a content website. Once you have added our code to your page(s), an ActiveX window will pop up and prompt the surfer with the choice of installing our software. If the surfer clicks "Yes", the software will be installed and that’s how you get paid.
2) Software bundle (exe) You own a software application and like to keep it for free? DollarRevenue is what you need! You can easily combine your software applications with the DollarRevenue application and make money with every install.

So guess what? Since these affiliates can bundle GimmyCash and DollarRevenue with other software, they go whole hog plus the postage and make huge bundles that include downloaders for other goodies like Webhancer, Newdotnet, SurfSideKick, Command Service, Look2Me, Virtumonde, sometimes a rogue anti-spyware app or two, like SpySheriff or SpyFalcon, and more. Here's a HijackThis log from one victim of this nonsense. Affiliates are making big $$$ from these kinds of bundles that may start with one trojan downloader, such as the one used by DollarRevenue, called DrSmartload because the files are named DrSmartload.exe and variations thereof. Sophos' description here and McAfee's here.

Of these two, DollarRevenue and GimmyCash!, DollarRevenue seems to be the worse offender by far, but the GimmyCash! people get their licks in. Files named gimmygames.exe and gimmysmileys.exe get installed with these large bundles, too, and many vendors attribute these files to DollarRevenue. It's odd because as many times as I've seen the gimmy files come down in a large infestation, I've yet to see the actual programs installed. When installed from the GimmyCash! website, the Gimmy apps install Zango. I have a suspicion that I can't prove, which is that the Gimmy affiliates are perhaps cheating on their program by downloading gimmy files that never install the apps.

And now you know why spyware often comes in large bundle$. You can see the screenshots of GimmyCash! and DollarRevenue's sites and read more at SpywareWarrior.

Editorial standards