The Web site marketing the 'Google kit' has the name and look-and-feel of a featured article from a legitimate online newspaper. More research into this reveals a network of hundreds of template Web sites holding the same theme and doing the same thing - we use the description "template" because we see a lot of them, all without any reputation. These sites mainly hold themes of news Web sites and personal blogs, a trick used to give a more reputable and trusted look to the site. The 'news article' or 'blog' talks about how easy it is to make money with the featured Google Kit and how the financial lives of those who did changed for the better. The templates used all have the same look and feel, but the actual source code behind these Web sites is often changed from one to another to avoid easy detection. This is very similar to methods used in email spam, such as Nigerian scams that have been changing forever but have the same goal.How does it work?
Taking a closer look at this campaign shows aggressive marketing tactics which are typical for services with non-existent or low reputations. This is how it works: the average Internet user browses to a legitimate and reputable Web site - it could be a favorite site or favorite social network - when they see an advert or a pop-up that leads to a scam site based on the Google Kit template. You can imagine that seeing the site below for the first time, the user would most likely be very interested:
For those users who might be looking for a job or an additional source of income, it looks very convincing: after all, it's from a "newspaper"! The user reads the article and might be impressed by the reputable theme and story - it all adds up nicely and to a very decent price of usually around $1-$3. Clicking on the link to buy the kit redirects to a Web site where the product can be purchased with a credit card:
Some more examples of different Web sites all using the same templates:
The primary way of propagation and to increase exposure of those kits is through legitimately-bought advertising space. It's there and available for a price and can be used to infiltrate legitimate social networks or Web sites - check our predictions for 2010. This works perfectly. Using legitimate advertising space along with Google's brand name got one of the most advertised template Web sites, news3insider.com, to an amazing Alexa rank of 643! (For comparison, the NY Daily news site has a 644 rank.) This is pretty impressive for a site that was registered only three months ago, on 9th September 2009. The marketing of the fake kits is designed to work with affiliates. The entrepreneurs or the 'brains' behind the kits and the whole campaign supply the templates which are used by the affiliates. For every sold kit the affiliate gets a cut. This helps to propagate the kit tremendously and opens a run for the user's buck. The kits have been spammed through mail, Web-spammed and also used by Malware to get more exposure. Those methods suggest the nature of the product, the entrepreneurs behind it, and their affiliates. As the old saying goes: 'tell me who your friends are and I can tell you who you are'.
The next video shows how a template of these scams is served through a pop-up when browsing to a popular lyrics searching site:
Now that Google has showed that it bites, scammers are moving fearlessly to exploit other brands such as Yahoo, Microsoft, Dell etc. The phenomenon confuses the average Internet user when he sees promises for a job or money from famous brand names and he might find himself at great loss as the small fine print mentions additional charges. Ironically Adsense used to serve those kinds of ads but Google took care of that and it's not supposed to do so anymore.
Meanwhile, the non-stop aggressive propagation of these scams through advertising in legitimate networks isn't just restricted to 'money making kits'; the templates are also used for other 'health products' like body-building enhancements and weight loss aids. These sites are piggy-backing on the reputations of well-known celebrities:
In the attached link you can find hundreds of Web sites that use these templates - beware.
Security Researcher: Elad Sharf