A sophisticated botnet has made its owners at least $6.2 million ($4.09m) by forcing infected machines to click on ads.
The Chameleon botnet consists of over 120,000 bots, which are running on infected Windows PCs, sucking up traffic by running sessions in the background, clicking on ads from 202 selected websites, said London-based Spider.io.
Criminals will become an affiliate of advertising networks such as Google Adwords so they can ensure their sites will serve ads of significant marketers. It’s only the marketers who lose out, as they pay both the publisher and the tricksters without gaining any benefit.
Indeed, there is a chance Chameleon is not a new threat from the perspective of other AV vendors. It could be something like ZeroAccess, but with a different name. Spider.io had not responded to a request for comment at the time of publication.
Chameleon is still a sophisticated malicious network, however. Its niftiest trick is to avoid detection by carrying out actions designed to resemble a human user. Instead of just pummeling ads with clicks, the bots carry out non-profit making activities, as a normal user would, such as visiting non-target sites.
“Individual bots run Flash and execute JavaScript. Bots generate click traces indicative of normal users,” Spider.io wrote in a blog post.
“Bots also generate client-side events indicative of normal user engagement. They click on ad impressions with an average click-through rate of 0.02 percent; and they surprisingly generate mouse traces across 11 percent of ad impressions.”
You can see how dispersed clicks are from the following diagrams:
The bot browsers also report themselves to websites as being Internet Explorer 9.0 running on Windows 7.
“If they [the Chameleon operators] can generate a large number of clicks without the advertising network realising the clicks are fraudulent then there is potential to make a large amount of money. In many ways a botnet is ideal for generating a large number of clicks,” Graham Cluley, senior technology consultant at security firm Sophos, told TechWeekEurope.
“Hopefully the attention being given to the Chameleon botnet will wake some users up to the need to check their computers for infection, but it wouldn’t be a surprise to see even more clickfraud malware in the future.”
Are you a security pro? Try our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…