A new traffic distribution system for malware is being offered as a service on the Dark Web and is promoting itself as an affordable way to deploy exploit kits and malware. The traffic distribution system (TDS) is being called BlackTDS by the Proofpoint researchers that found it.
Traffic distribution systems act as brokers that both buy and sell traffic from one site to another. They add value by filtering traffic based on a user’s browser, IP address, geography and user agent data. When a user clicks on a link that is part of a TDS chain they are silently redirected to a malicious web page based on their profile. TDS systems are notorious for aiding criminals in distributing web-based malware via exploit kits and fake downloads.
What Proofpoint found was a TDS-as-a-service offering going by the name Cloud TDS on the Dark Web.