Regular readers of this blog will be familiar with those wonderful CPA Lead popups, which typically hide content until you fill in a survey. Well, here we have an interesting development in fake hacking program land. Shall we take a look?
Click to Enlarge
Above, you can see a huge dumping ground of files, directories and executables. It’s a bit of a maze, but generally speaking anything listed as a .htm page will contain an embedded Youtube video and an attempted download of an executable related to the Youtube content (in this case, “credit card generators”) from bestlinkfree(dot)com.
All of the Youtube videos appear to come from one account that currently has 141 hacking programs advertised:
Let’s fire up one of the many programs on offer and see what they do.
This one claims to be able to hack any Twitter account. As you fire it up, a browser window opens up telling you to “connect to your victim account from here”. Enter a Twitter name into the box of the main application, hit the “Crack pass and email” button and your traffic will suddenly look like this:
Fake hacking programs that pop a CPA Lead survey for you to fill in before the “hack” completes? Oh my.
All of these programs do exactly the the same thing – reach the halfway point of a non existent hack, then pop a survey or tell you to do one to get your hands on a database:
I’d imagine building these survey popups into the fake applications would fool quite a few people.
Of course, it’s a touch surreal if anyone actually believes a “VISA card software verification” requires you to fill in a survey but stranger things have happened.
In total, we collected fifteen of these files and they claim to hack everything from Twitter and Myspace to Facebook and online poker games:
It’s a huge scam, so of course we detect them all – however, things are a little lonely in detections land right now. VirusTotal is a little overloaded this morning, but currently the highest detection rate I can find is 3/42 for one of the Myspace programs. Hopefully those numbers will continue to rise – for now, it’s best to avoid all of the above files.
Christopher Boyd