With affiliate networks continuing to represent among the few key growth factors of the cybercrime ecosystem, it shouldn’t be surprising that cybercriminals continue introducing new services and goods with questionable quality and sometimes unknown origins on the market, with the idea to entice potential network participants into monetizing the traffic they can deliver through black hat SEO (Search Engine Optimization), malvertising, and spam campaigns.
In this post, I’ll profile a recently launched affiliate network selling iPhones that primarily targets Russian-speaking customers, and emphasizes the traffic acquisition scheme used by one of the network’s participants.
Be wary the next time you enter your passcode into your iPhone on the bus – someone could be shoulder surfing. In fact, a team of researchers from the University of North Carolina has developed a system to watch you pecking out characters on your phone, analyse the video, and produce a pretty accurate guess of what you were typing.
When people talk about key loggers, they’re usually thinking about malware that sits on a computer and surreptitiously monitors what keys people are pressing. But these university researchers are applying an entirely different approach to key logging. Instead of putting software on computers, they are investigating ways to monitor the text that people input into their mobile phones. They do it by taking video of your phone, either directly (over your shoulder or from the side), or simply by reading the reflections of your phone’s screen in your glasses.
The researchers developed a mechanism for looking at mobile phone screens using cheap, mobile videocameras. The cameras record video of people typing on ‘soft’ keyboards, such as those used by Apple’s iPhone. These keyboards commonly use ‘pop out’ animations, in which the key being pressed gets bigger when pressed, to confirm to the user that they have selected the right letter. The pop-out animation makes it easier to see which keys are being pressed in the video.
Mobile cameras have increased dramatically in quality lately, making them far more capable of capturing reflected keyboard images. These cameras are embedded in smartphones, of course, or if you wanted to get even techier, you could buy one of these.
On December 11, 2009, users of Twitter submitted questions to Webroot’s Director of Threat Research, Jeff Horne, as part of a live Q&A session. Webroot’s Twitter followers asked questions about connecting safely to the Internet while traveling during the holidays. A variety of questions came in live, with some others through direct messages in advance, and one non-twitter user asked a question via Webroot’s Facebook page. The interview was tracked using the #webroot hashtag, which has been omitted from the tweets to make them easier to read. We’ve posted a transcript of the Q&A on the following page.