Security Bytes: Russian cybercriminals target H1N1 Swine flu fears

Researchers at security vendor Sophos’ Canadian-based research labs have released a report outlining how some Russian cybercriminals are making millions off the H1N1 flu by pushing counterfeit Tamiflu through well organized affiliate programs.

The cybercriminals have created an affiliate network to make it more difficult to track them down by distributing responsibility for different spam tasks while increasing advertising space to gain visibility and more potential victims. It’s been an evolving process and today there are literally hundreds of malicious affiliate networks touting everything from phony dating websites, porn and pharmaceuticals such as Tamiflu.

Rather than direct spam campaigns that flood inboxes, the cybercriminals use Web marketing campaigns and drive potential victims to partner affiliate websites using a mixture of spam, search engine results (search engine optimization), blogs and forum posts, the report finds. Each affiliate gets a small cut but most of the profits go to cybercriminal gangs in Russia:

"Many organize expensive parties for their members, send generous gifts for holidays, run lotteries where a top producer wins a luxury car, and the list goes on. In some cases, the war between different partnerkas turns ugly, where one portal may get DDoS’ed by a competing gang."

Read the rest of the article here:
Security Bytes: Russian cybercriminals target H1N1 Swine flu fears

And here is the complete report (as PDF)