Digital Spy

Search Digital Spy
0

Tech News

Chameleon botnet earning over $6m from 'ad clicks'

By
A botnet has been discovered that comprises a network of over 120,000 infected machines helping to earn cyber criminals more than $6 million (£4m) a month from advertisers.

Spider.io, a security researcher, said that the Chameleon botnet is notable for "the size of its financial impact".

Understood to be costing advertisers as much as $6.2 million per month, the botnet is at least 70 times more costly than the Bamita botnet that was taken down by Microsoft and Symantec in February.

© Spider.io

Map of US IP address infected by Chameleon botnet.



Chameleon is said to be made up of over 120,000 host computers running Windows, with 95% of these machines accessing the web from residential US IP addresses (see above map).

The botnet targets a cluster of 202 websites, hitting them with at least nine billion of the total 14 billion ad impressions they are receiving each month.

Advertisers are then charged 69 US cents per impression to serve display ads to the botnet, in the belief that the impressions are from legitimate web surfers.

Botnets generally keep away from online display ads, as advertisers employ sophisticated programmes for analysing activity to judge if they are successful.

But Spider.io notes that Chameleon is able to make infected bots appear as though they are real web users.

Infected machines run Flash and execute JavaScript, meaning they "generate click traces indicative of normal users", Spider.io said.

"Each bot often masquerades as several concurrent website visitors, each visiting multiple pages across multiple websites," the researcher added.

"When a bot crashes the concurrent sessions end abruptly; upon restart the bot requests a new set of cookies. These crashes and idiosyncratic site-traversal patterns are just two of the many bot features that provide for a distinctive bot signature."

However, Chameleon is revealed at the macro level due to the "highly homogenous" traffic generated by the botnet.

"All the bot browsers report themselves as being Internet Explorer 9.0 running on Windows 7. The bots visit the same set of websites, with little variation," Spider.io said.

"The bots generate uniformly random click co-ordinates across ad impressions and the bots also generate randomised mouse traces."

You May Like

Comments

Loading...