Bot redirects Google traffic for 1 million IPs
Internet security software company Bitdefender has analysed a clickfraud bot that it says currently operates on nearly one million computers worldwide, tampering with internet configuration settings in order to forward searches from engines like Google and Bing to a third-party, malicious server controlled by cybercriminals.
The security software company said this server would fetch search engine results and inject adverts that are configured to bring money to the botnet operators, and by manipulating the ads, hackers get their publisher fee.
“This particular campaign is mostly detrimental for private companies that pay for ad impression and clicks. Google’s AdSense for Search program places contextually relevant ads on custom search results pages and shares a portion of its advertising revenue with AdSense partners,” wrote Bogdan BotezatuI, Senior E-Threat Analyst at Bitdefender, on the company’s blog.
“In this particular case, the bot operator is using multiple publisher identities to operate as a Google AdSense partner and collect the money from clicks on poisoned search links.”
BotezatuI said that the current generation of clickbots such as the Redirector.Paco Trojan burn through companies’ advertising budget at an unprecedented pace. He added that while the infected user will not directly lose money, their search results may be poisoned as per the proxy server’s instructions.
“Because the behaviour of the searches is mostly decided server-side, the cybercriminals could at any point manipulate results to include links to phishing pages, exploit kits or ransomware. Basically, the cybercriminals own the search results for the victim’s computer.”
Redirector.Paco has been active from September 2014. Since then it has managed to infect more than 900,000 IPs worldwide, mainly from India, Malaysia, Greece, USA, Italy, Pakistan, Brazil and Algeria.
For more detailed analysis and to find out how it all works, click here.
Originally published here.
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
Bolstering AI-powered cybersecurity in the face of increasing threats
The escalation of complex cyber risks is becoming a pressing issue for those in business...
How attackers are weaponising GenAI through data poisoning and manipulation
The possibility for shared large language models to be manipulated through data poisoning...
