- May 7, 2016
- 1,311
A click-fraud botnet dubbed “Redirector.Paco Trojan” has infected 900,000 IPs worldwide and has the ability to reconfigure browser settings and network communications.
The malware's objective is help cybercriminals earn money from AdSense by redirecting traffic running through popular search engines - such as Google,Yahoo or Bing - and replace the results with others obtained from a Google custom search, according to a May 16 Bitdefender blog post.
The malware is spread via installers that are distributed through unscrupulous download sites and by exploiting web application vulnerabilities, Checkmarx Product Marketing Manager Amit Ashbel told SCMagazine.com via emailed comments.
To redirect traffic, the malware “modifies the 'AutoConfigURL' and 'AutoConfigProxy' values from the 'Internet Settings' registry key so that for every request a user makes, a PAC (Proxy auto-config) file will be queried,” the post said. The malware then tells the browser to redirect traffic to a different address.
Ashbel said the botnet has gone to great lengths to reconfigure browser settings and network communication configurations and the malware's ability to tamper with AdSense should worry Google.
Read Full Story:Click-fraud botnet infects 900K to earn money via Google AdSense
The malware's objective is help cybercriminals earn money from AdSense by redirecting traffic running through popular search engines - such as Google,Yahoo or Bing - and replace the results with others obtained from a Google custom search, according to a May 16 Bitdefender blog post.
The malware is spread via installers that are distributed through unscrupulous download sites and by exploiting web application vulnerabilities, Checkmarx Product Marketing Manager Amit Ashbel told SCMagazine.com via emailed comments.
To redirect traffic, the malware “modifies the 'AutoConfigURL' and 'AutoConfigProxy' values from the 'Internet Settings' registry key so that for every request a user makes, a PAC (Proxy auto-config) file will be queried,” the post said. The malware then tells the browser to redirect traffic to a different address.
Ashbel said the botnet has gone to great lengths to reconfigure browser settings and network communication configurations and the malware's ability to tamper with AdSense should worry Google.
Read Full Story:Click-fraud botnet infects 900K to earn money via Google AdSense
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
