Chameleon clickfraud botnet costs advertisers $6 million a month

Matthew DeCarlo

Posts: 5,271   +104
Staff

Researchers at Spider.io have detailed the discovery of a clickfraud botnet that is purportedly causing at least 70 times more financial damage than the Bamital network Microsoft and Symantec killed in early February. By its estimates, the security outfit says the "Chameleon" botnet is costing advertisers more than $6 million per month.

Spider.io has been tracking the network's behavior since last December and believes it must be highly sophisticated to have evaded display advertisers, which use various algorithms to monitor site activity. The malware targets Windows PCs and uses them to access webpages with a Flash-enabled Trident-based browser.

Currently, more than 120,000 host machines have been identified with 95% of them located in the US. The midwest, southwest and west coast seem to have the highest concentration of infected systems, particularly California, Hawaii and Texas, which each have 10,000 or more computers that have been affected by Chameleon.

The botnet-controlled machines are directed to generate views for at least 202 websites, though more could be discovered. Spider.io says about 14 billion ad impressions are served across those sites and Chameleon is responsible for a whopping 9 billion or more of them, as well as 7 million distinct ad-exchange cookies.

The researchers say the bots produce click traces and generate engagement activity similar to normal users and they can run Flash and execute JavaScript. However, the network is less impressive on a macro level as all the bots show up as running IE9 on Windows 7 and they repeatedly visit the same sites with little variation.

Spider.io has provided a blacklist of 5,000 IP addresses for the worst of Chameleon's bots, but we haven't seen any information about shutdown and cleanup efforts. Perhaps that's underway and the researchers simply chose not to reveal anything yet. If not, this seems like a prime candidate for Microsoft's next takedown.

Permalink to story.

 
Its because every windows computer will have ie installed by default even though they might not use the browser themselves.
 
Back