Million-Machine Botnet Manipulates Search Results for Popular Search Engines

Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Content source
http://news.softpedia.com/news/million-machine-botnet-manipulates-search-results-for-popular-search-engines-504108.shtml
million-machine-botnet-manipulates-search-results-for-popular-search-engines-504108-4.png


Researchers from Romanian security firm Bitdefender have revealed today the presence of a massive click-fraud botnet, which they named Million-Machine and hijacks search results pages using a local proxy.

As with every other botnet, it all begins with the infection point. For Million-Machine, this happens when users download and install tainted versions of popular software programs, such as WinRAR, YouTube Downloader, Connectify, KMSPico, or Stardock Start8.

Paco malware responsible for the rise of this botnet
The malware responsible for this botnet's rise is called Redirector.Paco. Once it reaches and infects a computer, Paco will modify the computer's local registry keys, adding two entries disguised as "Adobe Flash Scheduler" and "Adobe Flash Update," which will make sure the malware starts after every PC boot-up.

Additionally, the malware also modifies Internet Explorer proxy settings, adding a PAC (Proxy Auto Configuration) script that hijacks all Web traffic through a local proxy server on port 9090.

This redirection allows the malware to sniff all Web traffic originating from the PC. Paco will look for queries made to popular search engines like Google, Bing or Yahoo, and show fake Web pages in their place, mimicking their real UI.

Malware comes with its own certificate to disguise HTTPS traffic
A local certificate allows the malware to avoid showing HTTPS errors in the user's browser, but if the user has the presence of mind to press the lock icon in their address bar, they'll see the true source of their certificate being different from what it is supposed to be.

After the user enters their search queries, the malware will return fake search results that replace many of the real links with others obtained from a Google custom search.

"The goal is to help cyber-criminals earn money from the AdSense program," said Bitdefender's Alexandra Gheorghe. "Google’s AdSense for Search program places contextually relevant ads on Custom Search Engine’s search results pages and shares a portion of its advertising revenue with AdSense partners."

Read more: Million-Machine Botnet Manipulates Search Results for Popular Search Engines
 
  • Like
Reactions: Jrs30, harlan4096 and Alkajak
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler
Replies
0
Views
1,212
News Archive
[correlate]
[correlate]
oldschool
    • Like
    • +Reputation
New Update Brave Unveils New Privacy-Focused AI Answer Engine, Set to Handle Nearly 10 Billion Annual Queries
Replies
1
Views
503
Brave
oldschool
oldschool
vtqhtr413
    • Like
    • +Reputation
Security News TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service
Replies
4
Views
1,358
Security News
Jonny Quest
Jonny Quest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top