|
|
|
Bahama Botnet Discovered as Source of Click Fraud Surge
By: Brian Prince
2009-09-17
Article Rating: / 2
There are 0 user comments on this Network Security & Hardware story.
Click Forensics discovers a botnet behind a significant spike of click fraud traffic. As in the recent scam making use of NYTimes.com, attackers are using fake antivirus software to infect PCs.Click Forensics has found an unusually large spike in click fraud traffic
coming from a new botnet apparently eluding the filters of search engines,
publishers and ad networks alike.
Dubbed the "Bahama botnet," the network of compromised computers
is distributing malware while masking itself as a legitimate source of search
advertising traffic. According to Click Forensics, links to the malware behind
the Bahama botnet were found in Google search results for "Facebook Fan
Check virus."
The malware is extremely similar to the rogue
anti-virus program found the weekend of Sept. 12 in advertisements
on NYTimes.com. In both cases, cyber-scammers sought to trick users into
downloading malware posing as the solution to their supposedly infected systems.
However, the program was in fact a Trojan that would have enabled an attacker
to take control of the users' computers.
"During the past four years we've monitored billions of clicks for top
search engines, ad networks, publishers and advertisers. This scheme is one of
the most sophisticated we've seen," Paul Pellman, CEO
of Click Forensics, said in a statement Sept. 17. "The botnet is
effectively disguising the fraud it produces as 'good traffic' by altering the
interval and breadth of the attacks across legions of infected machines."
The Bahama botnet commits click fraud in a number of different ways,
according to Click Forensics. For one, it generates paid clicks by using normal
user behavior to transform an organic search into a paid click. It also uses
its network
of compromised machines to auto-generate paid clicks without any human
interaction.
The botnet got its nickname because when it was first detected it redirected
traffic through 200,000 parked domains located in the Bahamas.
Since then, the botnet has been reprogrammed to redirect traffic through
intermediate sites hosted in Amsterdam,
the United Kingdom
and San Jose, Calif.
It is believed to have infected thousands of computers at this time.
Click Forensics said it has reached out to security vendors, including Symantec
and McAfee, for help removing the malware. It is also cooperating with top ad
networks, search engines, advertisers and online publishers to identify traffic
from the botnet.
|
|
�������xr㶲(;; Yڦx�iJe[klҌפ*�EB�c")_&'/:/qt�M�J=�g}dl��Fwh4~ 'I"nZΈ\̦dw}��轿K$��}��9UQ#�3W)9bP�S4mzΠN@\��}@^cfw��D%x�_'Щ�ѩ�wɘZqP�ɈQߕ>}^~d
w��.hrL�Il_P+$ȁ_MM9�J�D>�֥�E!m�$oaX}:[_�V�ANÉ,}!*{�'E%�k4ً�ᐨqG/��Ə;/�!�X]~�ꄽ4-jd`-vu=yͰ
[�a��z.�9�1rz�н[�@/&lwrD�ƞ4HCsd"�LJ^`:pm3��G^A]õ]��\.ϑRF�eCwt=S��źS]k�ԏPL0H��6=~0[� Q�����68��j+0�~b[>4I�:��eh?AuoezV�u�#ϝ9>yq�L�%X䄍ER6'�>6)�|@��ɤ:!Zda=}ٗe̛�f4öۼC�ٰo�4TiUE9(TR�8+{1{߶كS;�Qo|{UMSE}v#�GA��m�+h[J"ZAP\;I\v>Ƀ
�9N6��|'�L
R*��rP8$ȇ ��;r�jw{�`�rM7JzQ߹pKX+hv��dꁑ�f1O=˧0�_8RCf9l�{uk]_]-k��^['>ߙecfy�3�?�b Jw3D~�/W�7'7�7MtqSEV5�$!|Бd��mxq=Z.3+ЍE��Xn`vt�&h/ap{4�ڭ�l=
K�pI}x�X�O9�&ztmP`��5$GC-ߟ�L��s#08w�ɝ�5�y0KwC�@b!L{��TM}��PC�n@�}S(�r`OA=X�9;ݲeǀxԜ�Ї)u�%w2R}g9>�] CRRP$S$��hI#r�����
Bг!,`@o%`G`[X;k� a�b
.<��Ҧ�B�ICvn<�){T�Kh!+�K@fsfh(4{~6�cbB�|#'b�Xr`Y
�\h+|�i)lb
Ԩ˶V.hXi(P�s�0 =#WV+*Z
�ңF +8�`S̷�rH�z::3�MGs{��D�&�f+Lo>L>hQoĸG6}�ˀ)4+��pPs'�>`|�=-0Xհݙ2|dң{��I8�%o5+8~n7MAV?�T�y
�|9�p��9E#rUϚX� 5<�.�&B#5w�:�Q OjBnihJJ2$,4�)pd�r�K}ݼ^`�";hqNNRНB#@9z�QkڞYUo)�<4^KՕ�$/gcP*o�u�RaO[�&���ނy�0p��ZZE"b j7�{\X2,#
l,>F4~hN/a2*)WKi�vw�a=�5}n�w�V�U�鏡LYV<[)Z@jjXL[6`�aP�eQ@ҿR&a+\ڨ
N`O#w
Asm0Hw���]����<<�f�]?&1V
sXO
Mڒ(1@�/��ŵa�a�{�68e*tҝe|aQ=i-);eSKZa6O[- �V!0\{?|T30`�-e?"O��)W]&ٰ\R
�1I�6�D�ȸau-`by��gS�]WѹqH8t�1D.,g��
@?�WQ�Po�>���\��!EX+LDBYad�[s�6/Kg>f}4~�A+�p��&��>Bk�wY'Jzq#J�rEu�Xo{��`�Sքc'M}Xt�cyyW��Ni0A ��~H.Lb�V���4>�\Pb�r>+
eT6)5*�IMx�m"P/?�ˇ%Ŵ�谢��Ԙy}R�ː
0gt�ed��-NӅZ�
JL�o=9*�ER�gD+�yW�G�"MO�H�_�㬯?q�O7[fiY8~^�}v݂�/]r?2;�|d2,`�� |�/�"yd�ėaE*sj
|JZYPIb+�ģ�Y��V� W�MU���pn`{��y�~�t=G�h�x�Z
�`�i@%�
p�LM{jLwg
`�Z7~,p,�3�YZD]bRYE�G�ÙʚR�z��ԃ!3~��b_@�UR�Tʞ"�9�AG�^320"��;�wF\!v̬q~�q?Nqߎ3XA�m�k+sD
�ü
�z30Jј<,*=:Z4AP,2Ϧy3iqS"ܪ�+_�}ˀ�GeyM/ܛZJc="JL7Ϧ�W<�sƃ~�ٷ"�Y@*F=�D�q?n216y�m/POG]մR�/sƗɘBÜb+�>�AM:+l30Uf�fyr;Wk*�+����z��uv6e*r1�_�?L]�[L4�zɖ0`OO-�� �r�uhՂrO��'(3߅rf>k5VΚ>:lv'G<�
hr�õm��7f>�D��v? �sc%'Yo\SK�n[JI)�`uVDZ)~�9HǞ1|]�ܩe>t1�G;*}z)c��ʌ�Eo(SYmq'&F.҄^�\f�vmv_&*|)2S�G)kEXqkX��=O
+(U|`�y5�&Q�rMu�E
t&ŏh(UrVՋC>PjQ�kIu|d*�+ZR�<*���n,��:
�/6" ތb��l[
ezפ\+ԕK��Oe3q1�GX=x=�d6
�5C+jBgyr�`�1O?f#[FI�eYy�Vum4uP�"5Hq+�$˴��I>N�����0atA�*¾�G�.CGTTWFogM�GD�o0|�f��^%u�RiE�mT)�~ܑN\X 8zA�bQ�=Y�r�v�jT
�rF2�R@BZNb.xœo
-"ԄtLa�V*c�7xo~.Rȓ�$ |J�D�O1Of4��~�PV=8Y,rh%縕vq��a~:)}B-N9˝��~@Ҽ�"g��Í7�w j�EΧ5p>�[ISB�9kթ�-ݱi'>�fax!w�m~?q�%՝b"w?BٸEO,jm-�'̑s0S)�i�# �m$jRSfj�# $_2HI,v+Vht$lAW j��Ú�mf�/.i_n6D20�O&8v�\d0G`�q�k�5É@P� V�-Cp0S�`0#>9˫|1}~XU*�۽L���H1s
��ذq�;eΫ� Pf|�v�v�,N�͗>W}3lyRѵl�d@T7�]���XG9�X16q�w�v`ϓ;~�\[ܵS2G4a�ϝ*hu5fX%��gNtA�?C.;=<ﵮIs�09lJs �t�k�5y�ׅO>���4wH�\/O8#-[�^tۭݷ2ߓ�Oݿ�v_t9nin[nǡ8�
��0�Nd$4P$yUZ¶�/VU�$]ve%���FpZx>2�&n]�%3���wD/�Zu'&]LvķAfO�Tp/�hsm]0�b
&g�L
CFחuzA�Sg�'g,&Rc$�%bC`4XiO崯:��"Mz79s2<�ƚl`@_Z3h_
.xS/(%�\)V%o�r�ol�jt^qQ mB^͊�{{N!rDH�_Y0M�vTO%���[:)Z\*BQ`�uO���! ���h.$
2�L d
>D|Sd��V\�bwYn
�/H"iɓ�<8$)#�~X�G�{�\�݊ii2Mř;m;$t th
�-nK4Z�K.�ĀG*]d�\i!hK~]�4f'WTcV۔#/Αm_
T[:�ԴA`vA�õy
y|�.w߿.��
Pk�+Q9MYta3y�����X�HjPP�'���E8 [S D~�� R%)�-u�Ĭ�ڣRO�%=͵64 ��pC�hIoL!)ƍoC�I$ec�|-�KYۯlPt:l(]3{G{GV8�+0jd�o9(jMr*vC˼+,G�/n'>}r�XE-njE~a�xNU]&
�x1�~(4% A\�"4(8�ĭ�Q�[�Q H7!+�ݓ %
FT7tg�lF{:3@�)j}"^$D'ዄz=��
p��:�yNcn�w�J�x�SaF�qޚLmR�:�(NuVEHM2/]jGjR��χ��6BF@q#J�OA��"�J(oJې/NKCܐ_��3j%\�R,ug�F
gy�/~t vtuJ3�RLbx#1<[{=$
@Ɠ_ݐJ_[yv2%LR{(<\H��a�X1YWI*b2D�W2]>�hi Mjm8g" 90=x,5}5,�¬ҧN*h(�a�pH�goG8^$/B9����[!T8wGeH�-��]@
�x.:Y/�{P(!VX�E*�I+�{{{{{R�^ଦGa*��,b`9c5
�FT0E֒x/�U6>3-O7i�naczW�/Ö1?;ҍ�,�m3~|kF�]
r�O}�1o�CP`S�D6CYon0]XM�|ҍ/-/1`d#���H�!d�E�f쟀{66�@"Ơ|TuRwl;u�w�H-9&sH=:f6P�¡4|��w2h$�)C{5$
$4>�tbND�E�2]x;�S�0
?#abcXUx2�|5�сfLL��W&b־hnJ-,+0�L|;kf,朹i.[��5v6#?�4��۹}IJ�]n)��l %FH�6X,�&�Lݩn=c�x ɿ2FrW|k�gN;�D�L2%B(a5=6[7oLSvj}e*+kk3&{A�-�[�o�f�6௶aul`��C &Hm~�90m�,X�j�3"g�\ʝ�^jwT60g�8{7�~�=eO)�
x-�}�-�6LӪ=鸅/� 3g#JCMwힸב�!iWjʃOdЯw'�@�amI��YfX"�l
bMq�ì�3X�/0q_7�nm=�uT;m:'k2u@w�wvOaR�,:'7 "�E��o!
<��7�^ֹ={=6w ��߀ɮ�O8"��cb�ke�k('>?GN�:\g+N\4o�.��@,��a�ٽ:)ȰdžEMc3�k�x�]EYF7�i."d؝b�e9L1Z69v%1h}PR�
#�%1��j{=c8hgs0T%5x}� ��M�r59"@�� �Rxc�)�Kh��x��B,p�e_FpxAҲ�&z�3ls�h*b4�B�-'�-�}L1Z咋|�?9Bӊ,w)]�dDo=?�:էBZck��Wes[��ɣS#D�]t�HU)
&
0Z`7]i1�<�cms=7��l�W-Ts�Z.W��z`N�FG�V$(�b�؛�~-=�u8>dy�E0����-o�zpWӸZ �I�j�S�_AH��g}XC�@0K{IF^YA5Xd愁+Nܯ0ڱ�J R
��?SRmF��ΝNtIˎ�1/V7Wk)�G��aI9Z|fVؖTm}qV�NS�)q4�>3�K7�(��CVY
`Oh$�~b Ӓ\_vRHe� ��?��83�*�9:F��2*mG{/.nrj�'[ք ᑰ
�5"���,N�n#BLk8�3D�װ�Þ�1;mN�9�e�)_�t/:ǓT�4[7� T6CĊ�1�g��cI�[7'��ΥiEZ\?& .ycI�� 8�^yN4X+L7,X��2|��
=܇>RXX_1[��> MꪂOJ�BveX
&z{[wy}�yfY3{�8~\O�z%r�uW0`A='i92dg4t\K�HIS��ko;}�sgrҹ&Mrrju\y�OKa[K��|Uw�;ǟ:WOڗe�s�zx31~湾��,g:KFY�ybvʌPN�:#ͅfU�,x��y�^/J��M`jBy|�{�J*Q^e9DM@*}u7M�&6+�_=VeS+�{Пgg:.53;qtAn�^Z�+�!PU8i67axL�P��"v[筣�\rФo%�u��CFPkF5_.?j�63;P(GN.?���2ʏhu $>ӌ~ڹY{uy8h�gC�CL2�nQ�?.?��ak\d��Ȃ�Ƞ�">�E����y�y(�_~O�gP~Q�(GF�_d^f%e\]f_��O'Ct@t2�U�\W�_�\gO�f��z��kuG� ?e�~2�A�(*��h&��Ku1�Ay3CΚWpz~;"9(/��R*z�U�K˓�g賲���+F'_˰ʠsk3�2Я!ednldھ:�'�R+��]Q%5-{�[I�2nX_�ȣ�{i� K{�O�2
�r hxVyd�b�
bye?VP�w;]�SҤ�]�r�{%])rXѧ�Z}5_9�3�>�qLkd�3�'S�]b>�T#�0�?f
}u'K6�&riW�-p~K5 D 9bY�[16�vtAu<,ŃB5yܯ�.;4m>FL2#0' MĮKfAj3�rf�,1{g
��='G�̄08B8L?��T|-
5).�X&"�>m��?'6w�c�C��>�X��e.,s(ŬBSd��=�)O?5'[nA5�y`0v4aehDSL/Tvy*s*>�% �/��-ixٜM��C2z�lx$_Oxƪ~Saxr=&=��fз��57`�([|�ӽGL>zQ[`+��L\��~���0qGĦ2C|R2OEpv�R������?93_[�樹����Wvm:kmlQ/>uG]Q'�naRWt�{.��!Xi[��e1BpCɖ)�tO�=��BVt3Cӗ5�`/��=H,�^�(\�n)ZF��1u��B\
(a��t L/Qa˟]�lہP#jȅ-`�j+�7EmEtAYʐL\kD�I
qk-.,wv�Ua4,Lb1��"[\QI�(`�жX�3�|"@a)5xd�n�~ӣ�f<�4W�6QĶq��ytʵ-���ˑ;}dy/�|[zw0�XjPw�$gꎾ�V�;~v��?;m a�%
ѨT\��ߴڧg%Gu���nчc)h,=R$Dq+
AHcdEg��
6A|>Ðy6��x�L�v{kjuU+kD;ydMn+:cSEᘸe=)jaKmw9n�~;�1{l~r�)�Us̥D5^JB\rbh6
|
Network Security & Hardware 
