Hotlinking Case Study: Malware Site Exposed

Case Study HA-3-08

HotlinkALARM Detects 284 Hotlinks, Exposes Malware Site Upon Installation

This Case Study Also Is Available As A PDF

The Basics

Note: Information for Case Study HA-3-08 was provided by a HotlinkALARM customer. Included is a summary of facts, as related by the customer, a private business person.

This Case Study concludes with a statement in the customer's own words.

Customer's Purchase Date: January 13, 2008

Customer's Installation Date: Although the customer purchased the product through a special pre-launch promotion on January 13, he did not install HotlinkALARM until February 7.

Customer Profile: This HotlinkALARM customer is a relative newcomer to online commerce. He has owned an online business since March 2007 and considers himself a beginner/intermediate webmaster.

His business involves heavy use of graphics, with dozens of images commonly appearing on the pages of his website. The website also makes heavy use of video, particularly wmv files.

Much of the website traffic originates in Europe, although the site is well-indexed by Google and also receives substantial traffic from North America.

The site has averaged about 4,400 visitors per day in the past few months, and the HotlinkALARM customer regularly provides fresh content for visitors. According to the customer's research, his visitors enjoy the site's colloquial writing and crisp, clean graphics.

Customer's Goals: To forge a strong bond with loyal website visitors by continuing to provide innovative, quality content.

Customer's Business Model: The customer uses content to drive sales of Affiliate products. He has a shared hosting account with a popular hosting company.

Customer's Reason For Purchasing HotlinkALARM: To monitor hotlinking of graphics and videos, protect his intellectual property and ensure that bandwidth thieves are not using his server to deliver images and videos to their sites and increasing his costs.

Narrative In The Customer's Own Words:

"Graphics, photos, video and audio content are our business – period. That's what we do and that's what we promote, and needless to say, protecting them is always one of the first orders of business. Problem always was, though, that we weren't programming wizards, so even though we always had the latest plug-'n-play virus protection, hotlinking remained a problem we were feeling somewhat powerless to solve.

"Then we learned about Hotlink Alarm, and we had our answer to this problem.

"We watched a couple of the instructional videos narrated by Patrick and read the sales page and it sounded pretty good, and pretty straight forward to use, so we went for it.

"We were at the time in the midst of website remodeling, so we didn't install it until our new look was in place. In hindsight, we now wish we'd gone ahead and installed it immediately, now that we know how vulnerable our property actually was. We knew there was some hotlinking going on, but the fact is our site was under attack.

"Installation of Hotlink Alarm was easy, no problems, and as soon as it was up and running it became obvious we'd made the right choice.

"Right out of the gate we received some 284 emails notifying us of hotlinking in-progress, and we were stunned to discover that we'd been that vulnerable. It was unnerving to say the least, but our jangled nerves were calmed as soon as we discovered what Hotlink Alarm is capable of when it's on duty.

"One of the sites stealing our graphics and photos and videos turned out to be a malware site.

"This angered us greatly. Not only were we victims of digital theft, our company logo was now on a site, along with a lot of our graphics, where unsuspecting visitors suddenly found themselves subjected to malware and heaven knows what else.

"It made us cringe to think that our website logo had been on that page, directly implicating our business. The visitors could have easily concluded that we were delivering the malware.

"Hotlink Alarm put this malicious website in its place as soon as it came on duty, and it did it 283 more times the first day. Now our Alert emails have slowed to a crawl, and we know it's because Hotlink Alarm has us covered, and is seeing to it that our graphics, photos, video and audio files are posted where – and only where – we want them to be.

"Hotlink Alarm has given control of our products back to us, and we feel more secure. Hotlink Alarm is superb, absolutely essential software for online merchants who insist on total control of their businesses."

[ ### End Of Customer's Statement ###]

UPDATE: On February 10, 2008, the customer reported TWO more HotlinkALARM saves from malware purveyors. The malware operators are opening free Blogger blogs, scraping content and code (including image URLs of logos and graphics) from webpages, and trying to offload malware at the free Blogger sites. In cases reported Feb. 10, the thieves' URLs all had blogspot.com in common and were formatted as noted below.

http://SubdomainNameChosenByMalwarePurveyor.blogspot.com

Most Bloggers are honest, of course. But ones who are scraping content in this fashion to deliver malware – and using proprietary content and images such as proprietary logos and graphics to do it – pose a significant threat.

Case Study HA-3-08 Conclusions

  • The customer is pleased with his purchase of HotlinkALARM.
  • The software detected 284 hotlinks upon installation.
  • The customer was unaware of the extent of his hotlinking problem.
  • One of the detected hotlinks was on a site delivering malware while displaying the customer's logo and other graphics.
  • The HotlinkALARM software successfully replaced the hotlinked graphics in all 284 cases of detected hotlinks.

BlinkListblogmarksdel.icio.usdiggFarkfeedmelinksFurlLinkaGoGoNewsVineNetvouzRedditYahooMyWebFacebook

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License