TechSpot

This botnet has infected nearly a million devices since 2014

By Shawn Knight
May 16, 2016
Post New Reply
  1. One of the many ways that cybercriminals earn income is through affiliate advertising programs like Google’s AdSense. Rather than generate traffic through content creation, hackers figure out ways to trick advertising platforms into thinking a partner is sending them legitimate traffic. Not knowing they're being scammed, the advertising platform pays the partner for the referral.

    Such is the case with a clickbot known as Redirector.Paco which Bitdefender Labs detailed on Monday.

    According to the security firm, Redirector.Paco has been active in the wild since September 2014. On an infected system, whenever you perform a query on a popular search engine like Bing, Google or Yahoo, the search results are replaced with affiliate links which, when clicked, generate revenue for the hacker.

    Bitdefender Labs says the malware is able to redirect traffic by making a few simple registry tweaks on the infected system which tells the browser to send the traffic to a different address. The malware attempts to make the search results look authentic although there are signs – like messages in the status bar referencing a proxy – that indicate something is amiss.

    Lengthy load times are also an indicator of infection, Bitdefender Labs said.

    The malware has infected more than 900,000 IPs worldwide, most of which are located in Algeria, Brazil, Greece, India, Italy, Malaysia, Pakistan and the US. The payload is typically injected into modified installers for trusted programs including Connectify, WinRAR, KMSPico, Start8, Stardock and YouTube Downloader.

    Permalink to story.

     
  2. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,559   +2,900

    Maybe we should block India, until they decide they want to do house cleaning.
     
  3. Raoul Duke

    Raoul Duke TS Guru Posts: 930   +354

    If I need to download WinRAR, VLC Player or other such programs I always get them from the site itself, never from the apparently endless sites that offer them for you. Would my antivirus/internet security catch stuff like this if I didn't I wonder? Seriously, does anyone know?
     
  4. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,519   +2,060

    Bing & Yahoo are popular search engines? I had no idea. I've never met anybody who uses them.
     
  5. Forebode

    Forebode TS Booster Posts: 81   +7

    Downloading from reputable sites helps a lot. I cant' tell you how many time I've been told by users, "I wanted a game/song/program/etc so I googled a site to get it. But then it didn't give me the <file> instead I got this virus. It wont be too costly to fix right?"

    The main weakness to any computer is the user. Too many users continue to use administrator accounts, either by lack of knowledge or by design, and don't read popups. AV's have different ways to detect malware. If the malware could be installed, run itself to change redirection, and then delete itself with an uncommon randomly generated name... there is a chance an AV wouldn't pick it up. Also thx to being in admin mode, they could tweak registry without much denial.

    Registry imo, should be a pain to get in and tweak, even by the user. on average, how often to people actually go into the registry when they aren't setting up or troubleshooting? So there will be more prompts when installing software.. big deal. If Microsoft is hell bent on using registry, best they start protecting it from installation, on.

    Diminish the chance of user interference to allow an unknown into the system. It's great that win10 looks prettier... but someone will still hit "ok" to the "scan your computer" popup from the internet, because they don't understand. Is pretty > security really?
     
  6. Forebode

    Forebode TS Booster Posts: 81   +7

    Not just India, read "Kerbs on Security"(or any other reputable security site). So many issues arise from other countries. While an embargo on a country's internet between us is a fair thought for security reasons... it could cause bigger problems economically.
     
  7. Uncle Al

    Uncle Al TS Evangelist Posts: 1,684   +790

    Probably right, but I would certainly like the ability to pick and choose which countries I wanted to engage with. Being able to block the entire country MIGHT just be a good start for the individual users.
     
  8. lonetac

    lonetac TS Rookie

    Thats the beginning of internet censorship on a global level. If we did that then how are we different from China and North Korea?

    If this is an opt in kind of thing, ok, more power to you but I certainly dont want someone dictating the level of freedom I get because someone doesnt understand how not to infect their systems.
     
  9. Forebode

    Forebode TS Booster Posts: 81   +7

    Freedom is a fun word. Currently the internet is closer to an Anarchy. "Absence of government and absolute freedom of the individual, regarded as a political ideal." Outside of the internet, we have Federal Customs (in the US anyway). Would it be soo wrong to have similar on the internet? There's more reason to have some sort of authority on the internet as crime is much easier to propagate.

    The web already does a good amount of censoring, to the extent that users will go to the dark web to do what they want. Censoring sounds like a scary word, but it shouldn't be. Some things should be censored. Considering how easy it is to get on the internet, that everyone and nearly any age can access the internet.. The idea that an adult site only needs to put up an age block or an acceptance barrier to waive responsibility should a minor go to their site, is silly.

    Not all users are computer/internet savvy and there should be a precedence that allows most people to be relatively safe, within reason.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...