Bot redirects Google traffic for 1 million IPs


Thursday, 19 May, 2016

Bot redirects Google traffic for 1 million IPs

Internet security software company Bitdefender has analysed a clickfraud bot that it says currently operates on nearly one million computers worldwide, tampering with internet configuration settings in order to forward searches from engines like Google and Bing to a third-party, malicious server controlled by cybercriminals.

The security software company said this server would fetch search engine results and inject adverts that are configured to bring money to the botnet operators, and by manipulating the ads, hackers get their publisher fee.

“This particular campaign is mostly detrimental for private companies that pay for ad impression and clicks. Google’s AdSense for Search program places contextually relevant ads on custom search results pages and shares a portion of its advertising revenue with AdSense partners,” wrote Bogdan BotezatuI, Senior E-Threat Analyst at Bitdefender, on the company’s blog.

“In this particular case, the bot operator is using multiple publisher identities to operate as a Google AdSense partner and collect the money from clicks on poisoned search links.”

BotezatuI said that the current generation of clickbots such as the Redirector.Paco Trojan burn through companies’ advertising budget at an unprecedented pace. He added that while the infected user will not directly lose money, their search results may be poisoned as per the proxy server’s instructions.

“Because the behaviour of the searches is mostly decided server-side, the cybercriminals could at any point manipulate results to include links to phishing pages, exploit kits or ransomware. Basically, the cybercriminals own the search results for the victim’s computer.”

Redirector.Paco has been active from September 2014. Since then it has managed to infect more than 900,000 IPs worldwide, mainly from India, Malaysia, Greece, USA, Italy, Pakistan, Brazil and Algeria.

For more detailed analysis and to find out how it all works, click here.

Image credit: ©lollo-Fotolia/Dollar Photo Club

Originally published here.

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.

Content from other channels on our network

Electron microscopy reveals colours of outermost electron layer

Theory reveals the shape of a single photon

Wearable generator powers electronics by body movements

Ion speed record holds potential for faster battery charging

New haptic patch transmits complexity of touch to the skin

2024–25 Thought Leaders: Tim Karamitos

Communication interoperability is vital to silo-free public safety comms

Nokia selected to deploy 4G and 5G equipment in India

Optimising RF connector selection: technical considerations for signal integrity

Govt funds mobile coverage boost for regional Vic, NSW

SA school staff to receive cybersecurity awareness training

Building secure AI: a critical guardrail for Australian policymakers

Streamlining ITSM does not require more staff: report

Shoalhaven City Council strengthens disaster recovery and security with Azure

DVA enlists TechnologyOne for digital transformation upgrade

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd