NEWS FROM THE LAB - Friday, March 20, 2009

Trafficconverter.net Going Down Posted by Mikko @ 14:22 GMT

One of the more notorious pay-per-install programs, Trafficconverter has been taken down today.

These sites work like this:

1.  Trafficconverter develops a "rogue" antivirus product
2.  The product will find viruses even on clean systems
3.  It won't "clean" those viruses unless you register the product
4.  Trafficconverter does not market their software at all
5.  Instead, all the marketing is done through affiliates
6.  Affiliates have existing botnets of thousands of infected computers
7.  They remotely install these rogue products to those computers
8.  Confused end users see warning messages about viruses on their screens
9.  …and register the rogue product for $50 to "fix" their machine
10. Affiliates get $30 per customer, Trafficconverter get $20
11. ???

So, it's good to see these guys going offline.

Here's the front page of trafficconverter2.biz yesterday:

Traffic converter

Same page today:

Traffic converter

Kudos to Brian Krebs!