DollarRevenue Fined For 1M Euro.

Publicated on : 1198032767
Dollar revenue was fined today by dutch law. The dutch company exploited users by letting them install a trojan horse. What struck me most about it, is the method they used to infect over 250 million computers worldwide. Their site is closed, but I wanted to figure out what they exactly did. I hoped it was some v ery clever browser exploit, but it turned out that it was just another trick. When a user visits a site that has DollarRevenue, a large pop-up window appears, obscuring the user's view of the website beneath. This pop-up lists three steps that the user must take in order to close the pop-up ad:

Step01 - Click on the 'information bar'.
Step02 - Click on 'install ActiveX Control'.
Step03 - Click on the 'install' button.

The true nature of this installation is further obscured by the yellow shield icons that appear in the dialogue box, and which are identical to the yellow shield symbol that Internet Explorer uses in a number of its dialogue boxes and security warnings.

See where I'm getting at?

This clearly shows to me that security is dead. Why? well obvious there are 250 million noobs who did exactly what that website was telling them to do. We like to talk about browser vulnerabilities, server vulnerabilities and other high-end hacks, but in the end we try to protect - or hack, depending where you stand - a bunch of computer illiterates on a global scale.

Obviously security fails because those surfers are clueless, and click anything that moves around their screen. Further observation learns me that it's far more profitable to launch such phishing scheme than working months on some complicated browser hack that will be patched next week. It shows, most real life hacks are stupid, simple and brainless. Still, a lot of criminals monetize this in a very clever way. And there is nothing we can do about it in order to stop it. As I said it plenty of times; you can't stop this kind of phishing.