This botnet has infected nearly a million devices since 2014

Shawn Knight

Shawn Knight

Posts: 15,296   +192
Staff member

One of the many ways that cybercriminals earn income is through affiliate advertising programs like Google’s AdSense. Rather than generate traffic through content creation, hackers figure out ways to trick advertising platforms into thinking a partner is sending them legitimate traffic. Not knowing they're being scammed, the advertising platform pays the partner for the referral.

Such is the case with a clickbot known as Redirector.Paco which Bitdefender Labs detailed on Monday.

According to the security firm, Redirector.Paco has been active in the wild since September 2014. On an infected system, whenever you perform a query on a popular search engine like Bing, Google or Yahoo, the search results are replaced with affiliate links which, when clicked, generate revenue for the hacker.

Bitdefender Labs says the malware is able to redirect traffic by making a few simple registry tweaks on the infected system which tells the browser to send the traffic to a different address. The malware attempts to make the search results look authentic although there are signs – like messages in the status bar referencing a proxy – that indicate something is amiss.

Lengthy load times are also an indicator of infection, Bitdefender Labs said.

The malware has infected more than 900,000 IPs worldwide, most of which are located in Algeria, Brazil, Greece, India, Italy, Malaysia, Pakistan and the US. The payload is typically injected into modified installers for trusted programs including Connectify, WinRAR, KMSPico, Start8, Stardock and YouTube Downloader.

Permalink to story.

https://www.techspot.com/news/64847-botnet-has-infected-nearly-million-devices-since-2014.html

 
If I need to download WinRAR, VLC Player or other such programs I always get them from the site itself, never from the apparently endless sites that offer them for you. Would my antivirus/internet security catch stuff like this if I didn't I wonder? Seriously, does anyone know?
 
Raoul Duke said:
If I need to download WinRAR, VLC Player or other such programs I always get them from the site itself, never from the apparently endless sites that offer them for you. Would my antivirus/internet security catch stuff like this if I didn't I wonder? Seriously, does anyone know?
Click to expand...

Downloading from reputable sites helps a lot. I cant' tell you how many time I've been told by users, "I wanted a game/song/program/etc so I googled a site to get it. But then it didn't give me the <file> instead I got this virus. It wont be too costly to fix right?"

The main weakness to any computer is the user. Too many users continue to use administrator accounts, either by lack of knowledge or by design, and don't read popups. AV's have different ways to detect malware. If the malware could be installed, run itself to change redirection, and then delete itself with an uncommon randomly generated name... there is a chance an AV wouldn't pick it up. Also thx to being in admin mode, they could tweak registry without much denial.

Registry imo, should be a pain to get in and tweak, even by the user. on average, how often to people actually go into the registry when they aren't setting up or troubleshooting? So there will be more prompts when installing software.. big deal. If Microsoft is hell bent on using registry, best they start protecting it from installation, on.

Diminish the chance of user interference to allow an unknown into the system. It's great that win10 looks prettier... but someone will still hit "ok" to the "scan your computer" popup from the internet, because they don't understand. Is pretty > security really?
 
cliffordcooley said:
Maybe we should block India, until they decide they want to do house cleaning.
Click to expand...

Not just India, read "Kerbs on Security"(or any other reputable security site). So many issues arise from other countries. While an embargo on a country's internet between us is a fair thought for security reasons... it could cause bigger problems economically.
 
Forebode said:
cliffordcooley said:
Maybe we should block India, until they decide they want to do house cleaning.
Click to expand...

Not just India, read "Kerbs on Security"(or any other reputable security site). So many issues arise from other countries. While an embargo on a country's internet between us is a fair thought for security reasons... it could cause bigger problems economically.
Click to expand...

Probably right, but I would certainly like the ability to pick and choose which countries I wanted to engage with. Being able to block the entire country MIGHT just be a good start for the individual users.
 
Uncle Al said:
Forebode said:
cliffordcooley said:
Maybe we should block India, until they decide they want to do house cleaning.
Click to expand...

Not just India, read "Kerbs on Security"(or any other reputable security site). So many issues arise from other countries. While an embargo on a country's internet between us is a fair thought for security reasons... it could cause bigger problems economically.
Click to expand...

Probably right, but I would certainly like the ability to pick and choose which countries I wanted to engage with. Being able to block the entire country MIGHT just be a good start for the individual users.
Click to expand...

Thats the beginning of internet censorship on a global level. If we did that then how are we different from China and North Korea?

If this is an opt in kind of thing, ok, more power to you but I certainly dont want someone dictating the level of freedom I get because someone doesnt understand how not to infect their systems.
 
lonetac said:
Thats the beginning of internet censorship on a global level. If we did that then how are we different from China and North Korea?

If this is an opt in kind of thing, ok, more power to you but I certainly dont want someone dictating the level of freedom I get because someone doesnt understand how not to infect their systems.
Click to expand...

Freedom is a fun word. Currently the internet is closer to an Anarchy. "Absence of government and absolute freedom of the individual, regarded as a political ideal." Outside of the internet, we have Federal Customs (in the US anyway). Would it be soo wrong to have similar on the internet? There's more reason to have some sort of authority on the internet as crime is much easier to propagate.

The web already does a good amount of censoring, to the extent that users will go to the dark web to do what they want. Censoring sounds like a scary word, but it shouldn't be. Some things should be censored. Considering how easy it is to get on the internet, that everyone and nearly any age can access the internet.. The idea that an adult site only needs to put up an age block or an acceptance barrier to waive responsibility should a minor go to their site, is silly.

Not all users are computer/internet savvy and there should be a precedence that allows most people to be relatively safe, within reason.
 
You must log in or register to reply here.

Similar threads

midian182
Google awarded $10 million in bug bounties last year, the second highest in the program's...
Replies
2
Views
147
toooooot
T
E
Another day, another FBI takedown of routers infected by malware
Replies
7
Views
227
p51d007
p51d007
Daniel Sims
Blizzard just gave us a hint of how many World of Warcraft subscribers remain (and it's still in the millions)
Replies
14
Views
248
lripplinger
lripplinger

Latest posts

Back