Cyber criminals have opened an online store offering website operators increased traffic by hijacking other websites.
The Russia-based web shop injects hidden iframes into pages of legitimate, unsuspecting websites to redirect visitors to a buyer's URL.
Integrated frames (iframes) split pages into parts that can be used to embed elements such as advertising or windows from a single website or redirect to other sites. When an iframe's height and width is set to zero, it becomes invisible to users.
Customers can purchase 1000 visitors throgh the new online store from any nominated country for an average of $US4 ($A3.75).
Regional traffic prices purchased under "countries packs" vary; 1000 Dutch visitors cost $US18 ($A16.90), while the same number of hijacked web users from Australia can be purchased for $US8 ($A7.50).
The shop also offers to purchase redirected traffic from others. Sellers can inject their own iframes into websites and funnel the traffic through the shop where it is purchased by customers.
Its operator boasted on an underground cybercrime forum that allowed customers to use the service for any purpose without being monitored.
In a translated post, they said "our servers do not record your IP … no one will ban your accounts and we do not care what you are promoting".
The shop can adjust prices automatically based on supply and demand, the operator said.
Though initally created for personal use, the operator said “after talking with colleagues who would also like to use this system, I decided, 'why not?'".
The website is listed under Indian domain registrar Directi.
Another search engine optimisation website offered to redirect its own visitors to customer sites as part of a premium package.
It also offered a lower price package to host customer sites on its page using iframes, which would not redirect customers.