PandaLabs has detected a network of computers infected with the bot Clickbot.A, which is being used to defraud ëpay per clickí systems, registering clicks automatically and providing lucrative returns for the creators. According to the data collected so far, the scam is exploiting a global network comprising more than 34,000 zombie computers (those infected by the bot).
The bots are controlled remotely through several Web servers. This allows the perpetrators to define, for example, the web pages on which the adverts are hosted or the maximum number of clicks from any one IP address in order not to arouse suspicions. Similarly, the number of clicks from the bot can be monitored as well as the computers online at any one time. The system used can evade fraud detection systems by sending click requests from different, unrelated IP addresses.
ìRenting and selling botnets has become a genuine business model for cyber-crooks. The scam we have now uncovered exploits infected systems to generate profits through ëPay per Clickí systems, instead of by installing spyware sending spam,î explains Luis Corrons, director of PandaLabs. ìGiven the proliferation of these networks, it is highly advisable for users to scan their systems with fully up-to-date anti-malware solutions, as bots like those involved in this case can be perfectly concealed on computersî.
The Clickbot.A mechanism consists of two parts. The first is an executable file that launches a dynamic link library on the system, which later deletes itself. The second is a component of Internet Explorer that notifies the attacker that the computer is infected, even allowing the control components to be updated. The bot then registers in the database of the control system, checking that the creator has given authorisation to start clicking, and if so, will request the list of addresses from which to click.
Bots represent one of the fastest growing threats on the Internet, given that they adapt perfectly to the new malware dynamic in which threat creators are no longer searching for notoriety, but for financial returns. With this in mind, they try to ensure their creations are installed without arousing the suspicions of users or security companies.
ìThe current situation requires the use of proactive technologies, which can detect unknown threats by examining their behaviour and complements traditional antivirus products. For example, our TruPrevent proactive technologies have detected more than 46,000 examples of new malware since first released in 2004,î adds Corrons.
For more information about Clickbot.A go to Panda Softwareís Virus Encyclopedia.
Make sure your computer is free from viruses, spyware and other Internet threats using the free online solution Panda ActiveScan.
PandaLabs uncovers a pay per click botnet fraud
.
