|
|
|
Bahama Botnet Discovered as Source of Click Fraud Surge
By: Brian Prince
2009-09-17
Article Rating: / 2
There are 0 user comments on this Network Security & Hardware story.
Click Forensics discovers a botnet behind a significant spike of click fraud traffic. As in the recent scam making use of NYTimes.com, attackers are using fake antivirus software to infect PCs.Click Forensics has found an unusually large spike in click fraud traffic
coming from a new botnet apparently eluding the filters of search engines,
publishers and ad networks alike.
Dubbed the "Bahama botnet," the network of compromised computers
is distributing malware while masking itself as a legitimate source of search
advertising traffic. According to Click Forensics, links to the malware behind
the Bahama botnet were found in Google search results for "Facebook Fan
Check virus."
The malware is extremely similar to the rogue
anti-virus program found the weekend of Sept. 12 in advertisements
on NYTimes.com. In both cases, cyber-scammers sought to trick users into
downloading malware posing as the solution to their supposedly infected systems.
However, the program was in fact a Trojan that would have enabled an attacker
to take control of the users' computers.
"During the past four years we've monitored billions of clicks for top
search engines, ad networks, publishers and advertisers. This scheme is one of
the most sophisticated we've seen," Paul Pellman, CEO
of Click Forensics, said in a statement Sept. 17. "The botnet is
effectively disguising the fraud it produces as 'good traffic' by altering the
interval and breadth of the attacks across legions of infected machines."
The Bahama botnet commits click fraud in a number of different ways,
according to Click Forensics. For one, it generates paid clicks by using normal
user behavior to transform an organic search into a paid click. It also uses
its network
of compromised machines to auto-generate paid clicks without any human
interaction.
The botnet got its nickname because when it was first detected it redirected
traffic through 200,000 parked domains located in the Bahamas.
Since then, the botnet has been reprogrammed to redirect traffic through
intermediate sites hosted in Amsterdam,
the United Kingdom
and San Jose, Calif.
It is believed to have infected thousands of computers at this time.
Click Forensics said it has reached out to security vendors, including Symantec
and McAfee, for help removing the malware. It is also cooperating with top ad
networks, search engines, advertisers and online publishers to identify traffic
from the botnet.
|
|
�������x}r8qռ�Fsw1E�)%[rmy-%L*�EB��%);}g}
_$x$3%�l�ݍF7?I�p4ô1f�%S�TI�}"I�~x�hC(~0`R)_rdx�BԲ|W�R�#Yخtj�5���5Gl$J~x#AT�{��j �xL9�uƜ}ٜjc7h2 X�m (�k�N�0�-Z P8"�h]
�\(�~&c1 [t�V�9v �*UN�8Spycf_0Hz5E�hD#|x\�{od3#L�=Vya/
w-m~D�M-G ؓ�ۭBx1�BP�#"F��τwG�Š匝o8Gd`jI:@�"4Ԙ���C2R!p�5�`p*�)ZH�tGL: fK>�P:x =3~bA2xFaIH'�l6XB�RN`^<\y�yN
.tvl(r~ƷPƞ3#2W p&XℍEZ'�>6O(�|@?�Au�ӱCģz�r$˚7�hewy�n�J|
bT9,�╇i�o쳉SugNoڻ(T�U-��/{W� �?
n04�h;\Cr�yMS!�eUc��^_�7D߀"0QYTi|/�Z@
��WP=��uN.kzQҏZ-/[�KE��KXOr�])2���,R8Df9O-Ҿoo:6OOn:3d̲5<�jUU�*�j�vb�!?ޛ:W۳5mս푳
i?vN=dO#t:�+?fV'Z-oz�O|muH<=|�kh2�`;�;RV>[dZ6�)I|[hr�
Ce)#8?�̓I��hJq�䰉cYSl �R捇B@N
XR�U��>I"E[fŢ˅B�!"x^3ˌE�!\J��!=!
g�|��8Jn.b?uK��ɻfuٜ҅%]We
oQ#LK�\z�c�gfMEzݫ^�?]{6LqJ�j�p�X.B2iKB0.pjjۛjr�ۍfv\��J���G'�-dj`q�aeJݠ#mf�yw?�Ӂ��NӦE|J
s6�5N<
E�C!ɠ��ڴb�\�f��4!>F�&MЀ/Qy4�ڭ�,%_� ><�)zN=��=H�6(Z�χ�`jc˦M@B9���ǻ�ޚB�<�Qҡ4|a���q�jQ?]�*~h3��-w= |
�wA�,�gs
6Gv64-0���3�٥6F\IQ��-�2(%łdhs�� 4.gP)AH �=k��� ���99�
�ŊI~ޑ�vR.%r��P.o=!ԑtጝR..gr)eb -d[b�~I�l�
eV&vϺZLboD��6�]�,�S�m�-m�uk�{T*�a�iқ�L݄%�1@.ϼ'32H�`0�HCb�;N-:� x9���1!v<9=%st0�fX�fZ1k`Ba�Ǻ@���s2iESӆ�'$rTDh���L˄r&�6=g\2'45�K�t;ıa|�d�Nk'p6?>y@L\n��|8$o4<3rGֶL/j�@~.&](LuΩ�J�J&��k*HX3�j-y6yBN{�r+kFM'W.r1r@@-T᧒r�H1g0d0Ќ{�Oq=18S�7R�tZ�C+>q^i.;[@�Oe]Zr{{#Uv/KƠ\>�?u�r@,�H�oh��m_Eڠ�eeLGyK-#��
IPצ�(X+e�zdxy��62�&Cä
7q��=��k�=0�¿�U.*rM�}d29ljeVI,Yv������(�M�$!z?VLl9K[׳�,֩w@��="�/I�NM-R9��3?&]dp܉DhQ�+ma�@ͤPL>kQ@/��ű`�a�{�7w�9pJ��k>uM^\�/V°+]59�e&@0o�"}QN4S�
ȴ`oZuik#2R��kH
+BQQbϓ�cs@M$ �g�2,rFe9�ٔA�ٜs��4]�ZJ\,��8��Q�Ro�>�U�\��!őMTb0vQؼ;(�1,4�ra,�?@��R�5V2Sgh�u魧;�[T+j[pfNP$!�5 ��dj>Ǿdo':�#H�u�~H�Lb����46�\,0�|,W*U�`n*Vѹ(�٩% 7]@�.�&Dtl?`�"'>Ѕڣ�ns�sa*/73g Z�ۏ�ZV,֪19P+R�js��3;f~~Ļ8
�i�ߥ: 9pF#~y6��w'~~�L4�/}*��-w~��w��^9Z3�:?�b�+�;0E�<&��{H�e�ߙCyVa/bҧJǦ8P�z0�o`!VP�ŖGasg�'��b�h���!.��~0 �X�=0�`6Yന�
9^QӲ�j�Ԉ@|��0+9!Nf�kӥ��e
֟Cn׃�Z`�zž+a֬Ӫ`b/EBc$�D!�
�2�:�е�%%���~pq㉉Z{XD&lڊ6͐*8e$Lb����R-�-e+
O"cIY^Goz2M�>Zȓ3Եpse%s�@B>RZC5�H�yV_-Lzef2��#B�h_�x�U-'P`x�L4J$F�A]o^c+o�4=2۠OFvX4F7(p�Z&�=̕[0Ad�r6g*|
z&:vi0v-0\]>w6EL 5#��"� ١
{Q!<�4`t,\Ů�vx�+mـyQ�䂲t`D]lУA$7v)P\�E�7DF$۽6�R>`�
sab]|*�J�,�H-ǯ �i3FɁ㚺/k3OS~Z+>N�ПBQ`�о(&w,��Ot@�~5}qy
V̶IRzgQW
m??"Em՞uYs��0�cfntx01�vy?:
?-5.�š�JV�G|L`MUK\6ߵp�C-tP2}�e'A)��pQ
:JfWKfչz'w�Y?�b`�^|�n߽�p.7:WKߧ
?vL.:Wm)�^{-y0W�䘠�^j^t]�<�d�0�sznބ�7b��`
xѤ��"̔cxHύ�"B�@I˸toZ�,�;�>XMr! }%��=Cɢkh�M؞{+^�WX���2k~��~�
I5:=.�Bp,�`�$X�)��XAU:]_4?E:KE�tP���^S
Q�W"R�Eh%I�A&ڧݛ&g
<�@&9NghUɉ��}KiV�
X
�x~mN��`
e܃�"�WVr[k':�I‐�
NAN��hs_,c�9e�n1�~KP -Mu?oSo4�jG�Yk�NE i�=O[�?�
�cd9�Ga��R)%Z)�
[4wiQEn%eє9r�tJ)SBt��(2H PU,O$e=l�I2 KBh%�bbVHG�o�wݼڞ6<1ޥ]ƙL廝ƗH�at>fKe
�Kq�kP�i"��+�`-�>�ϓ��gԢᬖ^}�y����D��R̅)�O��f�S�r/гO]*Ubw�!� �sgkS
{:`��
[ıp߆�ء�?O*yr�os7&_[�O&氎ʦ
jpt�g�PbxYa)~h8Sʹ�?꒫n4/�Ҽ?�5LN0�c,H~"�{#|$~>x�_GM>xuS棏G�
ڽ9�k3reݨ��{25Ktڗ_{vO�r<�]1ngfGlLcI"+WU7}\8%'�r{x`�,�hg�c,n�%�P2QY;pGҠc�mfO�\ϫ���@< b]_��I{O�z[��N
آWi�6^3�#A!{��zmC'*�X�r�4h�g�azc[ʹ�39a�d�OB%F[euw+[S�''Sc;H�F#%o&ORϱ�mG�@|Ր�g��;as*|�b��\<�e�+_M·⎭zgQyy�|x�|[q$[+o' g|o#�'M�nY�kN��g�Bc��J�i{\na�a0^�=�"�t�(ı��߂KdV:�F�L
ypl4
&Ň�&L�+�dXZc6$�41�W8� 06tol[S~3��KhЌ)!�s\�^bH2cv9jD5tmSw�3�bɵ���S�xo~c�H@��I��39��c<
#utg7
�I;kZ�DNy�1Ou}�}Fex/`@܂�c�וX���xL}����3 -��^堪��ǤIK�J_d�S1fj��?t����YЕuYFa��Ƞ3BlCd5nh��2Pq�O\3.eq"kr�<�$RGd$#3oz�_�*濘njPL ?�lt}Y��L@:8+a2�[%q�"6T FSK9Y3��7@AJ"~N&]3X
�kQ�t��^�OJRIg%6RJ^ rL�Xf#L⤣��6ۄl�f]0̗�7a
�c&J &�ti3CRR\*�G*?�� 4DC@�"�BE�d{;�j)��mmlYqfUW� )�I-N<�y7j)]0��Ћ%n�o*��oi
=�+j�l�& �@7�H"$�Ȳ`QY\�x{���
�*
�KbKù$/�BH@x����� /vA>{�\�݉ijLwe뮩fY!iSeCṈ�V�`tM}ixR;2F}IJBLx.��qں�4s>$@0�4�أIx;1_=ܖ#Α�_
&T[:���2�<<�%]}Y�![\g'VrR*۲BY{3R�H�'M30T=7͖bQQ3�C}pX"�+2C��^�L���nl_wwHm>կzfa\Q07(�n��H7ƥ� ��pC�ۚ�ܶ�7v��U*��KX)1sq�%�qwwwww���g�NJ+q�K3+Y 4�̖`u-Z�i��`V}�"4H8�ǝ�A!
ˠ^μMi�xn[ypٵ�3~1�N5ϛ6�i1r4$^�}�I�b7
]m�1x($G�<�Y�éH��Ti<-9g/![wRÕ䌘 ̅5,į�*DS�_}!ӰV ئ֖_zִ�sY�ӳ�-n27"0>v;\FA8�;Cb8h@8�$B�����;uCwC;o;o;o;o;o3%aOӣ҅3t�Xr}Aק�ĵc0�ss"�ρwɅ�TKmd;�0?U�ߤ�nYZ_BaG�� �B� !��ضK*�?�䣪z�gf��:@j́5"�62R ��K-ȡqW�FBhlyM8��K:"I1o}}oP)yZ* ӕ:3_:�'�Ln
�9�&�{5Fu%ڑWKgT��:]'m4/{Qјo?�Co7\�Gk֝taN����Xw�#;/oFoŷ
N0�Mx?�\co{���I_HcyG,a6vf2`�\�!W~[چ2nQ:~:fYi/Kxw ɿ28rO|k�nfvS{�D�L6Ew@B( Cmc,d;6=LIJ�~P}Aͽ>V4�U
nY�[`8N?Ƌ4p�OsA7*�G=]J:ec5�>KY2}6��zl^�Ji��f-e։5yV$��4$#*NhV\CP2aD�Ko�pB$hr�\ౚKş�v�,TOಈV�uvü�cno\VKZ%y[9?�Ra
)zdbq}sOt\d9_KǏ>HP.$�_jwP�'�M/(��pr+1w[
w- ra�ziv3%U �$0pև5o�
㽻�m%5D`#pNgv�BZt|юM-۠[.н"%&hP�jߛcG�?<�?�Rm{ι0��1l2;_@0̊�۲T�m5΅4� ¨ӔEJN`�srٚmj��6A�@C�"T75xG*%V¯R�_�f�VܞVk�<�
|Tbt/3Y=�$|͈Vs�%./<�OeB2)?Ϙ
\�TcЭ�B)˪M;InP}wY?e=`
�'24/xy�Bj8�ȚXh�t J KʹXE�Њo�?co«I XPp���UpP�(j55Fw�d�>���hTLґu
/a�< zS0,��ԓFp�۽S�;"!,E||z['AU}�H?Km1iIhb#3���F��P�0\Ǎm�ٹ WEo*<>wfMd���:�}GT�]�ڜnx|}1_�~TAxp�I<�R+�6�t��-='':�?�ra)?Eo9fkH� s);#7WaZԝ��8�`8�.gj9U%|&���P9
d�U
?M=�^I79k[ �45`B���RA~�9 26)mDR,��(���/5L[flFLN�P�N�J�0�(��-Ō��C�5Z(OBVB�BveX
&z(·��/'�͊G2VqЅ&JZ!�`x�zNRsdhhz?{���_�Ч�6#&D�`9�O{C&�'ӛuӽ"'-¶V-�J-�et[Nן:WU�3yx2Q慶��L%,C
rvռl3;eFq(gcͅfU�,x��j�E�^J>�M`:͞?Nb�D(/�* F:���Cfuljŵ�N��_L%KN�#C)�G�}uR�*'M&�ϦH8���SD^}'ݫv�n�"=(�(MfFy�ʻ�-AQ~
π>g�y�w�NqY_i�VF9?t2ʡ�{�埠���fe\��_�,@�^�}.3s _f y�2zG(Q~��e_BeF9U^\e�UuwAt3O�K7C\�\g5
M��^�=�@?֗�_�cV91�@�۬r�o3ڿ�\'I��73y�S.�rq/
苬 OY射:(?�}V)@y�J
,c3\)��e{�)�[?[vOBX\Jzp+Wg^i5�viA�m���{} yW��/"yeoRC��A)q.�
3l?V\[[,Oн�ۺ{�ϊ'NW4C�ﹲ�d^ Wsr>VD=՞bM�dG,DlG\%�f�/D�Xô͉(c#h�3.Ñp[_<2�z[�G$ZQB!=�P.�v�8)n7�NpK|�*SG0�%nsOkr>u"[~|^Y;yx߇
ߊD+,=}��e%�Hi0\��͇f<o�J�܌Ӄ:X�ڧ�n:Oi�i\5/�wmОMEA]a�GӠS7Us
!Qa�Ejo2x�s.ŁC�
;wC-=C�PN_�MW酆�.1�"q`�j@L� ;�J*V*r;qO+A"ð����/�K/�UV
rF*'�aT��,.g
�/(�@#غM{%}C3<8fȳRL�
u+K�%���@OÙx�,O�~�f+g�M���تG�ѨsciSr
O�?g)b|3S�7rɜB΄[4�п#s%(uL��Rؘ��,��ODQ�Y?g~ǭ�d<@T�6�rсwr$\C*c˃a.yCט`b9H�C3<0�;��V3.L-rD`a\m�8qAUx_¤-,'�N=X
v7i\L8Čk좀+$LOdT�§n3A ��~R��m
�o=ॠF��Fo"9�ţ*aс(Y�c{XnD8�9p<�y
x��_�-^e�
]��P3xX8
5�g[=Ǚ�PĚÕ]ݍ;SW�'Հ�&�g��2}�cm 5jx�Y��~1'~#�pIi/�0Sp�q?Jh"v]!6
�R�Ň%?0�=�w] p7�9}0�Da$|Ŷ�/�G?&�lM�z�#0ـħ�%NAf��2���_ mޱZo/TùLHd v"щ4��q+�DN焽�H�aC4�Ř2}jQwh}tJǚ �X?�Lm� ;�W1^{
#
E3dư�z/|{ƠC)�e �hD N_d�v�O~-�B��?M��,sD��?�>K:S1UOzĴ�v�Dl3%Yz#Io=Gmk_V�e�ńK�!z>��./�� H,��7�A)ȯ)0XP�yw4wm��?'.7M���C�z�j7;3
ˎ4)�
m'#8�4B�>ؼ�mQ%�76x��}�҄��O1S�u .Ы�v�l>cx Lw�s�C2z
l|$_Oxª~Saxr=&���gsx���m-I�S`i�/S�}^nT "+1��<&�Fߟ�2"�L�-� �ԢLSg(\*],1Ał?�vLwV��p"�Q��*Ԯ�^g�͜
ŧSW<2JP'jdV@8̝
-ӟ�~H�I
_�[0~OX��+ʕbA,\�n2?>Ş�i#|��@ =(ۉnFTt{
�%`GY�U`kr��-E6<]܈x?ƃfa@JY˳��3LN5'*lr=Vc�:pSz
���v�QmQ-নN�?X70(|N4u
|�e�#�FP1W�ov$п�9V0�|6,�l�p/>&G[�0tczc��Rd�GB L�n3m�^^kti�(�aa��X�!2D!6�xvyhEi{�CKxI�VP�- Q{jA0��}u\KVz�C%ȕ/g�2F#-<��tM��z'14mEg,3l�W'Rե{ol'�uE^8�%ܖmJPQ&s)#�M�W\b\)M�jS9Q��2kE�s+q�>tgLp�-�ͱeRZ`l/Z6?ؿI+��
|
Network Security & Hardware 
