OFFICIAL SECURITY BLOG
April 10, 2014 | BY Adam Kujawa
When I was a teenager, you based your social status on the clothes you wore , the music you listened to or the toys you had (I thought the Tamagotchi was cool) and as a new generation has taken over, the same applies for how many social friends you have and maybe even the games you play.
Scammers have taken note of this and are using it to make themselves some cash, by using penniless gamers to spread survey spam in the hopes of earning FREE games.
The scam is pretty simple, setup a web site advertising a free copy of some game, then require the user to share a referral link with their friends to earn ‘points’ toward getting the free game.
Once they have enough referrals, the user will try to download the game and be directed to a download site, one that requires the completion of one or more surveys in order to download.
Usually these surveys are impossible to finish or require handing over personal information, CC info or actual cash.
At the end of the day, the scammer is paid for bringing people to the survey while the gamer is still gameless, and so are all of his buddies who fell for the same scam.
Also, doing a search for the website domain or title could reveal information about whether or not it is a scam.
I began my search with the knowledge that there is a new game coming out in a few months called WildStar, an MMORPG with space cowboys. I really didn’t need any more knowledge than that to know it was going to be awesome and that if I believed it was awesome, surely scammers and cyber criminals would think so too.
I began searching around for early access or BETA keys for the game (free of course), the results returned lots of possible leads but the fourth link down on the first page is what looked the most promising.
The page I was directed to was actually nicely designed, it was simplistic and very colorful, using graphics associated with the game. It also was very detailed, providing a video on what WildStar was and links to Wikipedia articles.
I decided to click the “Get Beta Key” button and see where it leads. It opened a new tab that lead me to information on how to obtain my free WildStar Beta key. However, the original tab was redirected to a site that looked more interesting at the moment:
So this site advertised using the point per referral system to not only get the keys for one game but for many games, as well as gift cards for Steam.
There is even a video that explains how to use the service, get referrals and then download the gift card codes. It mentions filling out surveys but claims it only takes “2 minutes”.
Following the video’s advice, I decided to give it a try. It took me a little while to use my anonymizing VPN software to earn enough referrals from myself, located all over the world but I got 15 and decided to try for the $15 gift card. When I clicked on the ‘unlocked’ button, I was redirected to the download site “Getfiles.co”.
I clicked on the ‘download’ button and was instantly given the option of numerous surveys I could choose to complete in order to download the file.
I spent the next hour or so trying to complete these surveys, offering up false information with names like ‘Joeno Body’, downloading PUPs left and right. I finally decided to give up, none of the offers were allowing me to download the file.
I investigated the Facebook presence to discover SGN had quite the following, the scam appeared effective.
In addition, I checked out the stats for the video, which showed that almost 19,000 people have watched it already.
Finally, I checked out the traffic stats for the site itself, based on webutation.org data:
Over 2 million hits, and lots of social media traffic. So it is clearly a problem and the guys running this scam must be making some cash. From a psychological point of view, if a user finds something “Free” and just has to fill out a survey to download it, they might overlook it. However, if they have put in the time and effort to earn “points”, well then maybe completing a survey isn’t a bother.
It was time I checked back in on the WildStar Beta Key offer, maybe they were not related and SGN was just an affiliate. I went back to the new popup and discovered a similar type of deal, this time I needed to refer 5 friends in order to get the key.
I fired up my anonymizing VPN one more time and got all five referrals within 10 minutes. I clicked on the now ‘unlocked’ beta key link and was brought to a confirmation and download page.
To my surprise, it actually started downloading a ZIP file for the Wildstar Beta key. There were two text files located in the archive, one that was the key and the other that was a Readme file.
I had my hopes up for a few moments before they were shattered with this ‘likely’ excuse. The included link lead me to, of course, another download site.
So now, solely based on the fact that SGN and this scam hosted on GamerButler use similar tactics, I believed they were created by the same people.
If you thought this post was already pretty crazy, you haven’t seen anything yet.
Chris Boyd pointed out to me an interesting find. When you actually navigate to the homepage of GamerButler, instead of presenting you with a nice web page, you get a listing of the server contents:
It looked like WildStar wasn’t the only hook these guys were using. I even found what I believe to be the true host of SGN due to a subfolder found in the index that pointed to the site. Here is a slideshow of the other scams I found while poking around:
I decided to do some searching through my new custom search engine, complete with ads gracefully provided by the PUP peddlers. I wanted to look up who owned this domain so I did a whois search for gamebutler.com:
I have a feeling that Banana BoyYo is not the real name of the person who owns this domain. In addition, blueangelhost.net is a known “offshore hosting solution” which means to me, they don’t mind scammers, peddlers and maybe even cyber criminals using their service.
I also noticed various scam pages from the index that I had seen before. Turns out the Vimeo account of the guy who made the SGN video, Loltak Pohuj, also included his series on Facehacker and other scams:
Some additional research revealed the SGN twitter account and even more videos. Eventually leading me to the Google+ account for xTonyRockzx.
TonyRockz had many videos listed on his page, including one he made for SGN, many of them pointing toward other GamerButler scams.
So are Banana BoyYo, xTonyRockzx and Loltak Pohuj the same person or just part of a group that push out these scams on the fly, trying to take advantage of gamers who can’t afford the games they so desperately want to play? I couldn’t say for sure but based on the amount of traffic these sites get and their massive social media presence, it is not impossible that gamerbutler is a group effort.
I mentioned in the beginning of this post that the best way to avoid these types of scams is to simply read around. The Terms of Service for SGN mentioned that it was not an actual game distribution site but rather just a ‘simulation’. Scammers do this type of thing to cover themselves when angry users start calling lawyers. I’ve seen it on sketchy websites as well as in the EULA for PUP software. It wasn’t so long ago that I wrote about a particular PUP that installed a cryptocurrency miner on your system and even included that fact in the EULA!
The general rule of thumb here is that if something appears too good to be true, it most likely is. Also, cyber criminals and scammers keep doing this stuff because it is effective, people fall for it and they get paid. The information you provide to the surveys is most likely being sold to advertisers and sketchy marketing firms, even added to e-mail lists that might be used for phishing purposes.
Your information, time and attention are valuable, so make sure to do your research before recommending something to your friends via social media or any other means. The scam I talked about in this post is just one of many that are happening constantly all over the internet and targeting folks all over the world. The referral points model is one scam in particular turns a user into a soldier or dealer, pushing products for real bad guys. Don’t get recruited!
BTW, just from downloading survey software and running a quick scan, I got 206 detections in my analysis VM. Just when you think they are harmless =P
Thanks for reading and safe surfing!