Virus spoofing pages for site promotion
“Yandex” warns that a virus has appeared in RuNet, which replaces content in the browser. In particular, the virus is able to change links on web pages, as well as redirect the user to another site.
The virus modification now widespread replaces the results of all search engines that are popular in RuNet - Yandex, Google, Rambler and MSN (Live).
You can infect your computer with a substitution virus in various ways, for example, by installing the BitAccelerator file download accelerator from the Letitbit.net file sharing service. Along with this program is distributed hidden library. Even if you remove BitAccelerator, the library remains on the computer.
')
The spread of the virus in RuNet is quite large. According to Yandex, now we can talk about hundreds of thousands of infected computers.
The page spoofing virus is used to steal and sell traffic - with its help, you can get, by the most conservative estimates, several hundred thousand hops per day. User transitions are sold to advertisers as contextual advertising.
The scheme of work scam looks like this.
An advertiser orders an ad for a site using certain keywords. These words are transmitted to the program running on the remote server of the attackers.
When a user enters a search engine from an infected computer and enters a query in the search bar, the virus is activated and sends a request to the fraudsters server. If this request is contained in the program, the address of the site that is substituted for the search engine is returned.
The user follows a false link and leaves, deciding that the search engine gave him an irrelevant answer. At the same time, the virus modifies the HTTP request in such a way that the transition from the advertising network of fraudsters is recorded in the logs of the visited site - so the advertiser will pay for this transition.
Until recently, antivirus companies have classified page replacement viruses as adware, which does no harm or good. As a result of joint discussions and research with us, most antivirus companies have come to the conclusion that such programs pose a clear threat. Now almost all common antiviruses automatically detect and remove substitution viruses.
The virus modification now widespread replaces the results of all search engines that are popular in RuNet - Yandex, Google, Rambler and MSN (Live).
You can infect your computer with a substitution virus in various ways, for example, by installing the BitAccelerator file download accelerator from the Letitbit.net file sharing service. Along with this program is distributed hidden library. Even if you remove BitAccelerator, the library remains on the computer.
')
The spread of the virus in RuNet is quite large. According to Yandex, now we can talk about hundreds of thousands of infected computers.
The page spoofing virus is used to steal and sell traffic - with its help, you can get, by the most conservative estimates, several hundred thousand hops per day. User transitions are sold to advertisers as contextual advertising.
The scheme of work scam looks like this.
An advertiser orders an ad for a site using certain keywords. These words are transmitted to the program running on the remote server of the attackers.
When a user enters a search engine from an infected computer and enters a query in the search bar, the virus is activated and sends a request to the fraudsters server. If this request is contained in the program, the address of the site that is substituted for the search engine is returned.
The user follows a false link and leaves, deciding that the search engine gave him an irrelevant answer. At the same time, the virus modifies the HTTP request in such a way that the transition from the advertising network of fraudsters is recorded in the logs of the visited site - so the advertiser will pay for this transition.
Until recently, antivirus companies have classified page replacement viruses as adware, which does no harm or good. As a result of joint discussions and research with us, most antivirus companies have come to the conclusion that such programs pose a clear threat. Now almost all common antiviruses automatically detect and remove substitution viruses.
Source: https://habr.com/ru/post/26334/
All Articles