Date Added: Jun 2011
Recent years have seen extensive diversification of the "Underground economy" associated with malware and the subversion of Internet-connected systems. This trend towards specialization has compelling forces driving it: miscreants readily apprehend that tackling the entire value-chain from malware creation to monetization in the presence of ever-evolving countermeasures poses a daunting task requiring highly developed skills and resources. As a result, entrepreneurial-minded miscreants have formed Pay-Per-Install (PPI) services - specialized organizations that focus on the infection of victims' systems. In this paper, the authors perform a measurement study of the PPI market by infiltrating four PPI services. They develop infrastructure that enables one to interact with PPI services and gather and classify the resulting malware executables distributed by the services.