{"id":1451,"date":"2013-03-21T12:44:26","date_gmt":"2013-03-21T16:44:26","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=1451"},"modified":"2013-03-21T12:44:26","modified_gmt":"2013-03-21T16:44:26","slug":"chameleon-clickfraud-botnet-costs-advertisers-6-million-a-month","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/03\/21\/chameleon-clickfraud-botnet-costs-advertisers-6-million-a-month\/","title":{"rendered":"Chameleon clickfraud botnet costs advertisers $6 million a month"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.techspot.com\/news\/52006-chameleon-clickfraud-botnet-costs-advertisers-6-million-a-month.html\"><img decoding=\"async\" alt=\"\" src=\"http:\/\/nccomputertech.files.wordpress.com\/2013\/03\/clickfraud.jpg\" \/><\/a><\/p>\n<p>Researchers at Spider.io have detailed the discovery of a clickfraud botnet that is purportedly causing at least 70 times more financial damage than the Bamital network Microsoft and Symantec killed in early February. By its estimates, the security outfit says the &#8220;Chameleon&#8221; botnet is costing advertisers more than $6 million per month.<br \/>\nSpider.io has been tracking the network&#8217;s behavior since last December and believes it must be highly sophisticated to have evaded display advertisers, which use various algorithms to monitor site activity. The malware targets Windows PCs and uses them to access webpages with a Flash-enabled Trident-based browser.<br \/>\nCurrently, more than 120,000 host machines have been identified with 95% of them located in the US. The midwest, southwest and west coast seem to have the highest concentration of infected systems, particularly California, Hawaii and Texas, which each have 10,000 or more computers that have been affected by Chameleon.<br \/>\nThe botnet-controlled machines are directed to generate views for at least 202 websites, though more could be discovered. Spider.io says about 14 billion ad impressions are served across those sites and Chameleon is responsible for a whopping 9 billion or more of them, as well as 7 million distinct ad-exchange cookies.<br \/>\nThe researchers say the bots produce click traces and generate engagement activity similar to normal users and they can run Flash and execute JavaScript. However, the network is less impressive on a macro level as all the bots show up as running IE9 on Windows 7 and they repeatedly visit the same sites with little variation.<br \/>\nSpider.io has provided a blacklist of 5,000 IP addresses for the worst of Chameleon&#8217;s bots, but we haven&#8217;t seen any information about shutdown and cleanup efforts. Perhaps that&#8217;s underway and the researchers simply chose not to reveal anything yet. If not, this seems like a prime candidate for Microsoft&#8217;s next takedown.<br \/>\nvia <a href=\"http:\/\/www.techspot.com\/news\/52006-chameleon-clickfraud-botnet-costs-advertisers-6-million-a-month.html\" target=\"_blank\">Chameleon clickfraud botnet costs advertisers $6 million a month &#8211; TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers at Spider.io have detailed the discovery of a clickfraud botnet that is purportedly causing at least 70 times more [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[6,7,9,10],"tags":[142,183,198,655,1167],"class_list":["post-1451","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","category-software","category-technology","tag-botnet","tag-chameleon","tag-click-fraud","tag-malware","tag-virus"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-np","jetpack-related-posts":[{"id":8923,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/17\/this-botnet-has-infected-nearly-a-million-devices-since-2014\/","url_meta":{"origin":1451,"position":0},"title":"This botnet has infected nearly a million devices since 2014","author":"NCCT","date":"May 17, 2016","format":false,"excerpt":"By Shawn Knight | TechSpot One of the many ways that cybercriminals earn income is through affiliate advertising programs like Google\u2019s AdSense. Rather than generate traffic through content creation, hackers figure out ways to trick advertising platforms into thinking a partner is sending them legitimate traffic. Not knowing they're being\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8771,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/12\/07\/microsoft-global-law-enforcement-agencies-disrupt-dorkbot-botnet\/","url_meta":{"origin":1451,"position":1},"title":"Microsoft, global law enforcement agencies disrupt Dorkbot botnet","author":"NCCT","date":"December 7, 2015","format":false,"excerpt":"By Shawn Knight | Techspot Microsoft, in cooperation with a number of law enforcement agencies around the world, managed to disrupt a botnet that\u2019s infected over a million PCs across more than 190 countries. First discovered in April 2011, Dorkbot is an IRC-based botnet that has been commercialized by its\u2026","rel":"","context":"In &quot;Networking&quot;","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8453,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/07\/07\/zeusvm-malware-building-tool-leak-may-cause-botnet-surge\/","url_meta":{"origin":1451,"position":2},"title":"ZeusVM malware building tool leak may cause botnet surge","author":"NCCT","date":"July 7, 2015","format":false,"excerpt":"The Internet could see a new wave of botnets based on the ZeusVM banking Trojan after the tools needed to build and customize the malware program were published online for free. The source code for the builder and control panel of ZeusVM version 2.0.0.0 was leaked sometime in June, according\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5943,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/11\/facebook-helped-shut-down-lecpetex-botnet-responsible-for-turning-pcs-into-litecoin-miners\/","url_meta":{"origin":1451,"position":3},"title":"Facebook helped shut down &#8216;Lecpetex&#8217; botnet responsible for turning PCs into Litecoin miners","author":"NCCT","date":"July 11, 2014","format":false,"excerpt":"Law enforcement officials in Greece recently arrested two people last week that they believe were responsible for operating a botnet called Lecpetex. The hackers reportedly infiltrated up to 50,000 Facebook accounts and some 250,000 computer which were used to mine Litecoins, a popular alternative virtual currency similar to Bitcoins. As\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5750,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/11\/one-click-test-finds-gameover-zeus-infections-on-pcs\/","url_meta":{"origin":1451,"position":4},"title":"One-click test finds Gameover Zeus infections on PCs","author":"NCCT","date":"June 11, 2014","format":false,"excerpt":"Users can test by simply visiting a Web page if their computers have been infected with Gameover Zeus, a sophisticated online banking Trojan that law enforcement officers temporarily disrupted last week. The one-click test was developed by security researchers from antivirus vendor F-Secure and takes advantage of the malware\u2019s aggressive\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8721,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/05\/nasty-new-ransomware-program-threatens-to-leak-your-files-online\/","url_meta":{"origin":1451,"position":5},"title":"Nasty new ransomware program threatens to leak your files online","author":"NCCT","date":"November 5, 2015","format":false,"excerpt":"Lucian Constantin | PCWorld Ransomware creators have taken their extortion one step further: in addition to encrypting people\u2019s private files and asking for money before releasing a key, they now threaten to publish those files on the Internet if they\u2019re not paid. This worrying development has recently been observed in\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=1451"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1451\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=1451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=1451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=1451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}