Hackers make fortune selling fake software

A hacker can make more than £7,400 a day by redirecting people to rogue security software sites and getting them to pay for the malware.

Security firm Finjan said the criminals are compromising web pages on legitimate sites in order to direct traffic to their malware and, by using scare tactics, are making people download and buy the bogus software.

The company’s research, published in its Cybercrime Intelligence report for 2009, showed that not only were the criminals professionally organised and operating profitable affiliate networks, but the operations could easily be run by one or two people who had relatively little technical knowledge and skill.

Yuval Ben-Itzhak, Finjan chief technology officer, said: "Everything is being done automatically. They're using automatic tools to compromise the website and it isn't hard to find keywords. You don't need to have a PhD to set this up, and that is why it is so successful."

Finjan monitored a single operation for 16 consecutive days and estimated that during this time, the sales generated a haul of around $191,000 (£131,000) from 1.8 million unique users who were misdirected to the rogue anti-virus software.

To get people to the site hosting the rogue software, the cybercriminals were using search engine optimisation techniques. They injected misspelled keywords such as "liscnese" or "obbama" into web pages on compromised websites. Search engines indexed these pages and displayed them as top search results. Once the victim had been lured to a compromised site, they were redirected to the site offering the bogus software.

Of the 1.8 million visitors who were redirected, between seven and 12 per cent downloaded and installed the software, and roughly 1.79 per cent paid the £34 fee. Members of the affiliate network were paid 9.6 cents for each successful redirection, which totalled $10,800 or £7,452 per day.