Blog Archive

Friday 16 July 2010

Fake hacking programs jump on the survey bandwagon

Regular readers of this blog will be familiar with those wonderful CPA Lead popups, which typically hide content until you fill in a survey. Well, here we have an interesting development in fake hacking program land. Shall we take a look?

fake programs website
Click to Enlarge

Above, you can see a huge dumping ground of files, directories and executables. It’s a bit of a maze, but generally speaking anything listed as a .htm page will contain an embedded Youtube video and an attempted download of an executable related to the Youtube content (in this case, “credit card generators”) from bestlinkfree(dot)com.

youtube vid

All of the Youtube videos appear to come from one account that currently has 141 hacking programs advertised:

fakes galore

Let’s fire up one of the many programs on offer and see what they do.

fake twitter hack
Click to Enlarge

This one claims to be able to hack any Twitter account. As you fire it up, a browser window opens up telling you to “connect to your victim account from here”. Enter a Twitter name into the box of the main application, hit the “Crack pass and email” button and your traffic will suddenly look like this:

traffic


popups here we come
Click to Enlarge

Fake hacking programs that pop a CPA Lead survey for you to fill in before the “hack” completes? Oh my.

All of these programs do exactly the the same thing – reach the halfway point of a non existent hack, then pop a survey or tell you to do one to get your hands on a database:

fill this in, please
Click to Enlarge

I’d imagine building these survey popups into the fake applications would fool quite a few people.

fake visa creator

visa app popups
Click to Enlarge

Of course, it’s a touch surreal if anyone actually believes a “VISA card software verification” requires you to fill in a survey but stranger things have happened.

In total, we collected fifteen of these files and they claim to hack everything from Twitter and Myspace to Facebook and online poker games:

exes galore

It’s a huge scam, so of course we detect them all – however, things are a little lonely in detections land right now. VirusTotal is a little overloaded this morning, but currently the highest detection rate I can find is 3/42 for one of the Myspace programs. Hopefully those numbers will continue to rise – for now, it’s best to avoid all of the above files.

Christopher Boyd

No comments:

Post a Comment