The use of a multi-click rotation script and traffic sharing between partner’s websites becomes common these days; this method is not necessarily being used to spread malware, it can be used for legitimate purposes as well. A user can go to a specific site, click on an image and will be redirected to another site (which offers pay-per-click revenue…for example, Google Ad-Words) on the first click on the images. In case the user is persistent enough to hit the browser “back” button and click the original thumbnail picture or a completely different thumbnail, he will be redirected to another website that has partnered with the original site to exchange traffic.
The malicious use of a multi-click rotation script is done as follows. There are many sites on the internet that have a large number of thumbnail pictures that lead visitors to other sites to see free movies, photos or offer many other related services. When a user clicks on a thumbnail photo, he is redirected to another website as expected, however, when returning to the original site and selecting a second thumbnail photo (could be the same one), he will be redirected to a site that tries to install Fake Antivirus software.
The behavior of a Fake antivirus is well known already:
Fake AV claims to ‘scans’ the user’s machine and presents fake detection results at the end of the scan, the user is immediately offered a “free” removal tool.
Usually, the payload is installed and infects the machine in about 3 stages:
1. Following the offer of the free removal tool, the installation of the Fake AV will initiate…
2. Following the installation, the Fake AV claims to have detected additional malware…
3. At this point, in order to remove the threats, the user is requested to buy a license of the “security software” which obviously does not remove any “nonexistent threats”. This is the most common technique that hackers use to make money on the web.
• Be careful out there. Pay attention where you surf on the web, especially when “shady” websites are concerned.
• Keep your Anti Malware software enabled and up-to-date!!!
Scammers are out there, be aware that “All that GLITTERS isn’t gold”, not all “security software” is really security software.