In this post, I’ll look at an affiliate program that pays people for the mass installation of programs that turns botnet silent bitcoin mining machines into bitcoin mining bots. Bitcoin is a decentralized, virtual currency, and bitcoins are created by large numbers of CPU-intensive cryptographic calculations. This Google-translated version of the site shows the builder for the installer. I gained access to an affiliate account and was able to grab a copy of the mining program.
At the same time, the affiliate program’s Web site includes a graphical tool that helps affiliates create a custom installer program that can install silently and be disguised with a variety of program icons that are similar to familiar Windows icons. Also, the administrator demands that new users demonstrate the ability to garner hundreds to thousands of installs per day. Here is a copy of the affiliate list, complete with their corresponding bitcoin wallets. It appears to be the work of two guys from Ukraine, who apparently are named Igor and Andrei. Beerlin, a German-styled pub in Kharkov, Ukraine! Directions to the affiliate meting on July 18, 2013, at Beerlin in Kharkov, Ukraine. This entry was posted on Thursday, July 18th, 2013 at 12:14 am and is filed under A Little Sunshine, Web Fraud 2.
You can follow any comments to this entry through the RSS 2. I promptly submitted the file to Virustotal and found it was flagged as a trojan horse program by at least two antivirus products. Wait until Norton, F-Secure, Malwarebytes, ESET, Bitdefender, and G Data include these files in their malware lists. Also, the administrator demands demands that new users demonstrate the ability to garner hundreds to thousands of installs per day.