Bot redirects Google traffic for 1 million IPs
Internet security software company Bitdefender has analysed a clickfraud bot that it says currently operates on nearly one million computers worldwide, tampering with internet configuration settings in order to forward searches from engines like Google and Bing to a third-party, malicious server controlled by cybercriminals.
The security software company said this server would fetch search engine results and inject adverts that are configured to bring money to the botnet operators, and by manipulating the ads, hackers get their publisher fee.
“This particular campaign is mostly detrimental for private companies that pay for ad impression and clicks. Google’s AdSense for Search program places contextually relevant ads on custom search results pages and shares a portion of its advertising revenue with AdSense partners,” wrote Bogdan BotezatuI, Senior E-Threat Analyst at Bitdefender, on the company’s blog.
“In this particular case, the bot operator is using multiple publisher identities to operate as a Google AdSense partner and collect the money from clicks on poisoned search links.”
BotezatuI said that the current generation of clickbots such as the Redirector.Paco Trojan burn through companies’ advertising budget at an unprecedented pace. He added that while the infected user will not directly lose money, their search results may be poisoned as per the proxy server’s instructions.
“Because the behaviour of the searches is mostly decided server-side, the cybercriminals could at any point manipulate results to include links to phishing pages, exploit kits or ransomware. Basically, the cybercriminals own the search results for the victim’s computer.”
Redirector.Paco has been active from September 2014. Since then it has managed to infect more than 900,000 IPs worldwide, mainly from India, Malaysia, Greece, USA, Italy, Pakistan, Brazil and Algeria.
For more detailed analysis and to find out how it all works, click here.
Originally published here.
Emergency onboarding: what to do before and after a data breach
Organisations that have an emergency onboarding plan are better positioned to have their business...
Savvy directors are demanding more points of proof when cyber incidents occur
Pre-agreement on what a post-incident forensics effort should produce — and testing it out...
Cyber-attack prevention is better than a cure
Corporate and political decision-makers need to invest in areas that do a better job of...
