Executable files on the Ya!Bucks pay per install program are spreading a range of malware including the Rustock and Pushdo spam bots and fake anti-virus.
Writing on the Marshal8e6 TRACElabs blog, Gavin Neale claimed that affiliate or pay per install programs such as Ya!Bucks, reward people for installing malware on a victim’s PC or by redirecting browsers to landing pages where users may be asked to download software or be exposed to exploits.
Once a user is registered with Ya!Bucks, members can download an executable file that they will then spread to victims’ PCs via their own methods. Ya!Bucks members get paid if the victim purchases the software that was installed (often illegally) on their PC.
Neale claimed that affiliate programs such as this are one reason why there is a constant stream of malicious web pages being created to install software on people’s computers.
“There is also a section of available landing pages where members can redirect traffic from their own web pages to. This is often seen in search engine optimisation schemes where web pages are made to appear in search engine results to attract visitors who are then redirected to an affiliate program-landing page. The landing page used by Ya!Bucks is a typical fake anti-virus page designed to trick users into installing the fake AV software,” said Neale.