Click-fraud botnet infects 900K to earn money via Google AdSense

Captain Awesome

Level 23
Thread author
Verified
Top Poster
Well-known
May 7, 2016
1,285
A click-fraud botnet dubbed “Redirector.Paco Trojan” has infected 900,000 IPs worldwide and has the ability to reconfigure browser settings and network communications.

The malware's objective is help cybercriminals earn money from AdSense by redirecting traffic running through popular search engines - such as Google,Yahoo or Bing - and replace the results with others obtained from a Google custom search, according to a May 16 Bitdefender blog post.

The malware is spread via installers that are distributed through unscrupulous download sites and by exploiting web application vulnerabilities, Checkmarx Product Marketing Manager Amit Ashbel told SCMagazine.com via emailed comments.

To redirect traffic, the malware “modifies the 'AutoConfigURL' and 'AutoConfigProxy' values from the 'Internet Settings' registry key so that for every request a user makes, a PAC (Proxy auto-config) file will be queried,” the post said. The malware then tells the browser to redirect traffic to a different address.

Ashbel said the botnet has gone to great lengths to reconfigure browser settings and network communication configurations and the malware's ability to tamper with AdSense should worry Google.
Read Full Story:Click-fraud botnet infects 900K to earn money via Google AdSense
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top