Select Page

Rogue researcher S!Ri (blog here) just blogged about catching some rogue affiliate web sites ripping off his content to boost their search engine rankings. The game is a good glimpse into the rogue security software distribution world.

Rogue creators put up web sites, just like legitimate businesses, to sell their fake security products online. They use Trojans in spam email attachments and other nefarious means to frighten victims into believing that their machines are infected, then offer to sell their products (which really do nothing) to fix the bogus problems.

In the web advertising world, one can post advertising for other businesses on one’s site and be paid for visitors who “click through.” These are called “affiliate” sites. Just like legitimate businesses, there are affiliate sites that drive business to pages that sell rogue security products.

These affiliates use search engine optimization to drive up their ratings to draw unsuspecting web browsers, posting content about rogue security products. They may have hundreds of web sites that draw browsers looking for information about rogue products then pass those visitors along to rogue download sites and make money for their pass throughs. To attract visitors, they need content related to rogues, so, they pull content from S!Ri’s research blog.

On Friday, S!Ri invented a rogue name — “Secure Shield” — made a fake graphic of a user interface and posted it on his blog (here.) Today he blogged about how quickly the affiliates scraped his content and put it on their pages: ten minutes in one case. (Blog entry here.)

His blog has seven screen shots of affiliate pages carrying his invention.

Yea, it’s like Chinese boxes or Russian dolls: a fake on a researcher’s site that is stolen by an affiliate site that sends traffic to a site selling (fake) security software.

Thanks S!Ri. Thanks Patrick.

Tom Kelchner


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34