{"id":8923,"date":"2016-05-17T13:00:29","date_gmt":"2016-05-17T17:00:29","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8923"},"modified":"2016-05-17T13:00:29","modified_gmt":"2016-05-17T17:00:29","slug":"this-botnet-has-infected-nearly-a-million-devices-since-2014","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/17\/this-botnet-has-infected-nearly-a-million-devices-since-2014\/","title":{"rendered":"This botnet has infected nearly a million devices since 2014"},"content":{"rendered":"

By Shawn Knight<\/a> | TechSpot<\/a><\/p>\n

One of the many ways that cybercriminals earn income is through affiliate advertising programs like Google\u2019s AdSense. Rather than generate traffic through content creation, hackers figure out ways to trick advertising platforms into thinking a partner is sending them legitimate traffic. Not knowing they’re being scammed, the advertising platform pays the partner for the referral.<\/p>\n

Such is the case with a clickbot known as Redirector.Paco which Bitdefender Labs detailed<\/a> on Monday.<\/p>\n

According to the security firm, Redirector.Paco has been active in the wild since September 2014. On an infected system, whenever you perform a query on a popular search engine like Bing, Google or Yahoo, the search results are replaced with affiliate links which, when clicked, generate revenue for the hacker.<\/p>\n

Bitdefender Labs says the malware is able to redirect traffic by making a few simple registry tweaks on the infected system which tells the browser to send the traffic to a different address. The malware attempts to make the search results look authentic although there are signs \u2013 like messages in the status bar referencing a proxy \u2013 that indicate something is amiss.<\/p>\n

Lengthy load times are also an indicator of infection, Bitdefender Labs said.<\/p>\n

The malware has infected more than 900,000 IPs worldwide, most of which are located in Algeria, Brazil, Greece, India, Italy, Malaysia, Pakistan and the US. The payload is typically injected into modified installers for trusted programs including Connectify, WinRAR, KMSPico, Start8, Stardock and YouTube Downloader.<\/p>\n","protected":false},"excerpt":{"rendered":"

By Shawn Knight | TechSpot One of the many ways that cybercriminals earn income is through affiliate advertising programs like […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[142,199,655,896],"class_list":["post-8923","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-botnet","tag-clickbot","tag-malware","tag-redirector-paco"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-2jV","jetpack-related-posts":[{"id":9343,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/05\/27\/this-week-in-tech-668-how-many-cups-in-a-stone\/","url_meta":{"origin":8923,"position":0},"title":"This Week in Tech 668: How Many Cups in a Stone?","author":"NCCT","date":"May 27, 2018","format":false,"excerpt":"https:\/\/youtu.be\/i1oqaFyVcQ0 --The FBI wants you to reboot your router right now. FBI agents have gained control of a huge Russian botnet. If your router is affected you just need to reboot it. --Facebook and Russian ads - how should government react in the age of cyber warfare? --Amazon sells facial\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/i1oqaFyVcQ0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9452,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/19\/internal-bug-discovery-security-now-693\/","url_meta":{"origin":8923,"position":1},"title":"Internal Bug Discovery – Security Now 693","author":"NCCT","date":"November 19, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ClVI9PMQGCY Australia vs Encryption, Google+ Bugs Hasten its Demise -- Australia's recently passed anti-encryption legislation -- Details of a couple more mega-breaches including a bit of Marriott follow-up -- A welcome call for legislation from Microsoft -- A new twist on online advertising click fraud -- The DHS is interested\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ClVI9PMQGCY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9938,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/google-antitrust-ruling-breakdown-what-this-means-for-chrome-and-search\/","url_meta":{"origin":8923,"position":2},"title":"Google Antitrust Ruling Breakdown – What This Means for Chrome and Search","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/ELXjmrnN1uM The panel breaks down the antitrust ruling that could force Google to sell Chrome, stop paying Apple billions for default search placement, and fundamentally reshape the internet. This is just one explosive topic from This Week in Tech - we also discuss AI's environmental impact and the government's security\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ELXjmrnN1uM\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9378,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/07\/13\/smart-home-security-tips\/","url_meta":{"origin":8923,"position":3},"title":"Smart Home Security Tips","author":"NCCT","date":"July 13, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ESqqAf3IGok Megan Morrone and Florence Ion talk to Stacey Higginbotham about tips for securing your smart home. The advantages and disadvantages of running devices on a guest network. Plus, how do you know if your devices are getting regular firmware updates.","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ESqqAf3IGok\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9930,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/fbi-says-toss-your-old-router\/","url_meta":{"origin":8923,"position":4},"title":"FBI Says Toss Your Old Router","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/scR199zRjvA On Security Now, Steve talks about the FBI's suggestion that we should be tossing out our old routers.","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/scR199zRjvA\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":8923,"position":5},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8923"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8923\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}