A sophisticated botnet has made its owners at least $6.2 million ($4.09m) by forcing infected machines to click on ads.
The Chameleon botnet consists of over 120,000 bots, which are running on infected Windows PCs, sucking up traffic by running sessions in the background, clicking on ads from 202 selected websites, said London-based Spider.io.
Criminals will become an affiliate of advertising networks such as Google Adwords so they can ensure their sites will serve ads of significant marketers. It’s only the marketers who lose out, as they pay both the publisher and the tricksters without gaining any benefit.
Indeed, there is a chance Chameleon is not a new threat from the perspective of other AV vendors. It could be something like ZeroAccess, but with a different name. Spider.io had not responded to a request for comment at the time of publication.
Chameleon is still a sophisticated malicious network, however. Its niftiest trick is to avoid detection by carrying out actions designed to resemble a human user. Instead of just pummeling ads with clicks, the bots carry out non-profit making activities, as a normal user would, such as visiting non-target sites.
“Individual bots run Flash and execute JavaScript. Bots generate click traces indicative of normal users,” Spider.io wrote in a blog post.
“Bots also generate client-side events indicative of normal user engagement. They click on ad impressions with an average click-through rate of 0.02 percent; and they surprisingly generate mouse traces across 11 percent of ad impressions.”
You can see how dispersed clicks are from the following diagrams:
The bot browsers also report themselves to websites as being Internet Explorer 9.0 running on Windows 7.
“If they [the Chameleon operators] can generate a large number of clicks without the advertising network realising the clicks are fraudulent then there is potential to make a large amount of money. In many ways a botnet is ideal for generating a large number of clicks,” Graham Cluley, senior technology consultant at security firm Sophos, told TechWeekEurope.
“Hopefully the attention being given to the Chameleon botnet will wake some users up to the need to check their computers for infection, but it wouldn’t be a surprise to see even more clickfraud malware in the future.”
Are you a security pro? Try our quiz!
US widening lead over China on AI development, as UK places third in Stanford index…
Amazon to invest a further $4bn into AI start-up Anthropic, doubling its investment as it…
The demand for tech skills is surging, driving economic growth but revealing challenges. Financial costs,…
US Supreme Court tosses Meta's appeal over Cambridge Analytica-linked investor lawsuit, meaning case must proceed
Uber reportedly seeks $10m stake in Chinese autonomous driving firm Pony AI via US IPO,…
iPhone maker reportedly developing next-generation AI large language model for Siri for spring 2026 as…