Advertising Botnet Steals Millions

1380007_75870024A computer network generating millions of fake advert viewings has been discovered by British web analytics firm Spider.io.

The network nicknamed “Chameleon” is made up of 120,000 home pc’s and costs advertisers around $6m per month.

Spider.io reports that Chameleon simulated clicks on adverts on over 200 sites and said the botnet was responsible for up to nine billion false ad views every month.

Sites that show a display ad receive money when an ad is viewed, in what is called pay-per-impression advertising.

It works by money being paid when an ad is viewed, and advertisers selling a product or a service pay the website owner a fixed amount each time their ad is viewed.

These are relatively small amounts of money such as fractions of a cent but when viewed hundreds of millions of times add up to huge sums. The advertisers software ensures one computer can not make multiple requests so the high-tech criminals used other peoples computers to make the requests.

The infected PC’s are mostly based in the US and a map of the geographical layout is shown below: (map courtesy of spider.io)

Tiro Security is a leading provider of Penetration Testing in Los Angeles. With over 25 years of Infosec experience we’ll find the holes before the hackers do.