On January 18th, 2012, the Kyoto Prefectural Police’s cyber police division announced an arrest for suspects charged with violating the Cybercrime Law in Japan. The violation allegedly involves the creation and use of one-clickware in one-click billing fraud schemes. Initial reports say that 6 people were arrested and that damages amount to approximately JPY12,000,000 (around US$148,800).
The one-click billing fraud scheme tricks victims into registering and paying for a certain service after being falsely led to a specific website. We reported about a similar attack recently in the Malware Blog.
According to the announcement, the suspected cybercriminals set malicious programs which they promoted to users. Upon visiting certain websites, including sites with adult content, users who click on the ‘play’ button to display a movie end up executing a file instead.
There are 118 confirmed sites related to the one-click billing fraud. We cannot give any more details than what the Kyoto Prefectural Police announced, however, we collaborated with them to analyze the program used in this attack.
Problems with One-Click Billing Fraud and What the Future Holds
There seems to be no end to one-click billing fraud. Today, doing a quick search on Google using the keyword “one-clickware” leads you to more than a million pages talking about this malware. One of the reasons for its recent prevalence is that it is easy to modify files in one-clickware to avoid being detected by security software. Cybercriminals behind one-click billing fraud are able to check if security companies can detect their programs and modify these files accordingly
This then sets the cat-and-mouse chase between the police and cybercriminals once more. Unfortunately, it seems that the bad guys are taking the lead here. Traditional security software that rely on pattern matching technology would find it difficult to defeat this game effectively. In the same vein as targeted attacks, cybercriminals utilizing the one-click fraud are advantageous as the files are easily modified. All they need to do is change a few lines of code and then AV software won’t be able to detect it anymore.
Using the new technology such as reputation and cloud can definitely help remedy this situation. But is there any real fundamental solution to stop this endless game of cat and mouse?
Hopefully the arrest will serve as a warning for cybercriminals and make them reconsider conducting such attacks. As for the users, we think one possible solution to help stop the rampancy of one-click fraud is for people to be educated about it, so as to avoid being victimized.