More than 120,000 Windows-based computers running Internet Explorer 9 are infected in the U.S., researchers say.
Security researchers say they have identified a botnet that steals more than $6 million per month by generating fake customer clicks on online display ads.
Dubbed Chameleon, the botnet has infected more than 120,000 Windows-based computers in the U.S., mimicking human behavior on select Web sites to generate billions of ad impressions and fraudulent income for its creators, according to security firm Spider.io.
Click fraud costs Web advertisers in lost revenue by making them pay for illegitimate clicks. Spider.io reported that advertisers paid an average of 69 cents per one thousand impressions generated by the botnet. Researchers estimate Chameleon was responsible for two-thirds of the 14 billion ad impressions served by the 202 affected Web sites, nearly all of which are located in the U.S.
Researchers said all the bot browsers report themselves as being Internet Explorer 9.0 running on Windows 7. Chameleon accesses the Web through a Flash-enabled Trident-based browser that executes JavaScript.
"Each bot often masquerades as several concurrent website visitors, each visiting multiple pages across multiple websites," Spider.io reported, noting that the bot's heavy load on infected machines caused frequent crashes and restarts.
The crash causes sessions to end abruptly and, upon restart, the bot will request a new set of cookies. This provided a distinct signature pattern that allowed researchers to track the malware and compile a blacklist of 5,000 IP addresses associated with the worst botnet behavior.
Read more: http://news.cnet.com/8301-1009_3-57575269-83/chameleon-botnet-steals-$6m-per-month-in-click-fraud-scam/
