Most web attacks are fairly simple and straightforward, though the components of these simple attacks are arbitrarily complex. Some attacks, however, are more complex in nature and include the passing of information to ‘grey’ sites as well as installing malware. These complex attacks are reminiscent of the type of links we would see were we to analyse a revenue-generating/ advertising/pop-up network. These affi liate-based links look to all intents and purposes like a ‘legitimate’ network with the added bonus of delivering malware.
This paper will attempt to show some straightforward affiliate networks, with more detailed analysis of some affiliate malware delivery systems.
This paper was presented at Virus Bulletin in 2008.
By Paul Baccas, Senior Threat Researcher, SophosLabs UK, 2008