By Domesticus in Malware

The SUTRA TDS has been associated with a scam that has compromised nearly five thousand servers. This dangerous landing page will usually be accessed through a malicious link included in phishing scams or embedded within an email attack. Typically, there are two kinds of landing pages associated with these malicious links; one containing a fake anti-virus scan and promoting rogue security programs and another which is a Traffic Direction System page, also known as TDS. Usually, these kinds of pages are used to direct traffic according to the visitor's operating system kind and version of browser, and location. While a TDS page can be used for legitimate purposes (such as directing visitors to a website containing different versions of the web page that are optimized for certain languages or browsers), the SUTRA TDS is designed to direct visitors to websites containing rogue security programs or to websites with the Black Hole Exploit Pack. When directed to this last location, a computer system will usually become compromised and infected with a dangerous Trojan – typically, some version of the Zeus Trojan. To date, most victims of the SUTRA TDS are located in the United States and have used some version of the Windows operating system.

Statistics and Characteristics of the SUTRA TDS

The SUTRA TDS has a log of each visitors' location, which SUTRA TDS records based on that visitors Internet Protocol address. From a sample containing nearly 195 million hits, about one fourth of the total traffic is from the United States. This is followed by India, Mexico and Germany. An overwhelming majority of visitors to the SUTRA TDS were using some version of the Windows operating system, although about seven percent were using Mac OS. One aspect of this statistic that attracts attention is the fact that many visitors that visited SUTRA TDS were using a PlayStation 3 console or an iPad. Criminals will typically target visitors using Mac OS with advertisements, although the SUTRA TDS also can direct victims to a fake anti-virus website specifically designed to scam Mac users. According to ESG security researchers, the main advantage that criminals gain from using a Traffic Directing System, such as the SUTRA TDS, is that they can effectively infect more victims with their malware. Traditional malware scams will typically miss a percentage of their victims because of operating system incompatibility, or because their Internet browser cannot be exploited. However, by using the SUTRA TDS, criminals can direct victims vulnerable to the Black Hole Exploit pack to the criminal's desired website while sending other victims to websites containing rogue security programs or malicious advertisements. Due to the sheer volume of traffic that this malicious website has received, there is no doubt that the criminals behind SUTRA TDS have already created a substantial illegal profit from these kinds of attacks.


Most Viewed