With a sudden stop to the flood of Russian blog spam, I’d been feeling a little lonely this holiday season. But hey, Cyber Monday brought me a deal! UPDATED: Added links to articles on Bitcoin malware at end of post.
http:// www . amiricherthanyou . com / ec_recommended . php ?q=Oved&id=473535 arrived in my blog stats to assist me in feeling financially inadequate. Oh boy! Just what I wanted, more spam! Sarcasm aside, I was wondering why things had gotten so quiet lately. So firing up my trusty virtual machine and TOR, I checked out the link. Remember, don’t try this at home, kids. Never click on suspicious links or you will be sorry.
Surprise! The link took me straight to an ad for BitCoin trading. Yeah, that doesn’t look shady at all, does it? I’d have a better screenshot, but I forgot to maximize my browser and there was no quick way to get that site back – there’s a good reason for that I’ll go into later.
Clicking on “Skip Ad” brought me to the supposedly original destination which contains no links other than ads and the home page. Nowhere is my blog to be found. Most of the ads are for BitCoin services, of course.
So what’s on the main page? Well, it isn’t the get rich come on I expected. Instead, the site purports to be about gathering data on salaries across the globe. Looks innocent enough at first glance, I suppose. But anything gathering personal data has to be looked at with suspicion. Especially when there is very little about the site on search engines.
The “about” page doesn’t really offer much more information and really doesn’t give much of a motivation for Am I Richer Than You? existing. Non profit data gathering just for the sake of data gathering it the province of governments and universities, not individuals spamming their site. We do get a name, Gray Leo. Once again, not much can be found on him.
I tossed the disclaimer up for people to peruse. Basically it says the site isn’t responsible for anything, period. Next to it is the privacy policy, which is weasel worded in regards to sharing data with third parties. So much for keeping the data private, though it is not an unusual privacy policy.
So I decided to click on the recommended link at the bottom of the page, wondering if it would directly take me to the error page. Of course, it didn’t and there is code in place that serves rotating ads instead. Aha, this is why I couldn’t get that first ad back upon reloading. These ad involve BitCoins again and in this particular case a gambling site using them.
The whole thing is oriented around serving ads, mainly about BitCoins. That virtual currency was created in an idealistic attempt to create a truly neutral world currency, but has mainly been used in criminal transactions. Child pornography, gambling, malware extortion, drug dealing, money laundering, and every criminal activity you can think of has moved into using BitCoins.
At one point I thought of getting into the currency via “mining” or using spare computer cycles to generate the encrypted money, but I correctly foresaw that hacking and normal inflationary speculation would make it a dicey proposition. My advice to anyone involved in BitCoins is to get out as soon as possible and leave it to the criminals who now dominate it. Yes, that statement will offend a number of naïve idealists, but that’s the reality of the situation.
UPDATE:
Another thing to be aware of is that there are trojans that install BitCoin mining software on infected computers. Over at Symantec there is an article on their fighting the ZeroAccess botnet and how it works. Since that went up, Microsoft led the charge to take down the network by blocking IP addresses involved.
Please avoid Am I Richer Than You? like the bubonic plague.
3 comments:
You mentioned the use of a virtual machine and TOR when doing some recon about these spam websites. What exactly are virtual machines and TOR?
Virtual machines are software programs mimicking the hardware of a PC and allowing you to run another operating system under what you have on your computer. You can run Linux variants under Windows, or Windows under Linux, for example. VMWare and VirtualBox are the most common with the latter available for free. They are great for testing cross platform code or evaluating an operating system.
TOR is short for The Onion Router which is a free proxy service allowing people to hid their IP address. While used by blackguards for nefarious purposes, it is used by people in countries where the Web is censored to get information in and out covertly. If you don't want people snooping on your browsing, it is a very good tool though it will slow down page load times and video streaming.
I combine the two to keep my IP address and that of my provider out of the logs at the spam sites I investigate. No point in giving them more data to use for spamming!
Hope that explains things a little more.
Ok, thanks for the info.
Post a Comment