Monday, 25 July 2011

Tracking Cyber Crime: Zip Archive Affiliate (Hoax SMS/Fake Installer)

Zip Archive is an affiliate who do business with Fake Installers.
In this post, EP_X0FF resume perfectly the system:


Generally, Fake Installers emulate some activities with a progress bar (it install nothing and do nothing, it just fill the progress bar) at the end it ask you one, two, sometime three SMS to continue the installation.
And this for softwares such as VLC, Skype, ICQ, Anti-virus programs, Winrar, Opera, Shockwave, etc...
Users are fooled and pay by SMS to finish the installation.
Codes to continue installation are checked in intern on the Zip Archive server, here we go.


ICQ Numbers belong to 'Dmitriy'

Dear partner !

Zip-archive.com Paid archives.
Launch in beta version of a new affiliate program.
Standard scheme:
1) packs your archives.
2) places on our or your hosting
3) Get paid for unpacking archive Receive SMS (MO)

When logged on Zip Archive:

Application download (we will see that later)

Invitations code:

Zip-Archive News:

Payements - [ID|Date|Account number|Sum|Comment]:

SMS - [Date|Time|Country|Operator|number|Archive|Income|Fraud]:

Registered archives - [ID|Date Created|Name|Allowed $ SMS|Discoveries|Unpack|% Unzip it|File|Envelope $ / 1000 unlocked|Income|Fraud|Total]:
Green text: V - Archive packed with the latest version of the archiver
Red text: X - archive is outdated, you need to repack

Statistics - [Date|Open|Number of SMS|Amount of SMS|Amout of rebills|Hold|Hold,%|Amout 1000|Ex.SMS|Subscriptions|Formal replies|Rebills|Referrals|Result]:

Top Users (daily):

Zip Archive provid two file on the download page.

1) "ZipHTML_Test"


'Examples' dir contains html packages of fake installers interface:


Second download is the ZipArchive Hoax maker:







Builded Hoax:

Simulate unpacking activities:

oh no!

Statistics go updated after that.

Details for the fake Installer builded:

Related ~
Tracking Cyber Crime: Ready to Ride v3 Win32/Cycbot Affiliate (14 July 2k11)
Tracking Cyber Crime: PharmIncome and CigIncome Drugstore affiliates (10 July 2k11)
Tracking Cyber Crime: Severa and Black Software AV Affiliates (28 June 2k11)
Tracking Cyber Crime: Gagarincash AV Affiliate (19 June 2k11)
Tracking Cyber Crime: Inside the FakeAV Business (14 Jun 2k11)

No comments:

Post a Comment