Click Forensics discovers a botnet behind a significant spike of click fraud traffic. As in the recent scam making use of NYTimes.com, attackers are using fake antivirus software to infect PCs.
Click Forensics has found an unusually large spike in click fraud traffic
coming from a new botnet apparently eluding the filters of search engines,
publishers and ad networks alike.
Dubbed the "Bahama botnet," the network of compromised computers
is distributing malware while masking itself as a legitimate source of search
advertising traffic. According to Click Forensics, links to the malware behind
the Bahama botnet were found in Google search results for "Facebook Fan
The malware is extremely similar to the rogue
found the weekend of Sept. 12 in advertisements
In both cases, cyber-scammers sought to trick users into
downloading malware posing as the solution to their supposedly infected systems.
However, the program was in fact a Trojan that would have enabled an attacker
to take control of the users' computers.
"During the past four years we've monitored billions of clicks for top
search engines, ad networks, publishers and advertisers. This scheme is one of
the most sophisticated we've seen," Paul Pellman, CEO
of Click Forensics, said in a statement Sept. 17. "The botnet is
effectively disguising the fraud it produces as 'good traffic' by altering the
interval and breadth of the attacks across legions of infected machines."
The Bahama botnet commits click fraud in a number of different ways,
according to Click Forensics. For one, it generates paid clicks by using normal
user behavior to transform an organic search into a paid click. It also uses
of compromised machines
to auto-generate paid clicks without any human
The botnet got its nickname because when it was first detected it redirected
traffic through 200,000 parked domains located in the Bahamas.
Since then, the botnet has been reprogrammed to redirect traffic through
intermediate sites hosted in Amsterdam,
the United Kingdom
and San Jose, Calif.
It is believed to have infected thousands of computers at this time.
Click Forensics said it has reached out to security vendors, including Symantec
for help removing the malware. It is also cooperating with top ad
networks, search engines, advertisers and online publishers to identify traffic
from the botnet.