Massive Chameleon botnet steals $6M per month from advertisers
Posted on 19 March 2013.
Bookmark and Share
Web traffic analytics firm spider.io has discovered a massive botnet that emulates human visitors in order to earn its master(s) over $6 million per month from online advertisers.


Dubbed Chameleon, the botnet numbers over 120,000 hosts located in the US, running Microsoft Windows and accessing the Web through a Flash-enabled Trident-based browser that executes JavaScript.

"Chameleon is a sophisticated botnet," the researchers shared. "Bots generate click traces indicative of normal users. Bots also generate client-side events indicative of normal user engagement. They click on ad impressions with an average click-through rate of 0.02%; and they surprisingly generate mouse traces across 11% of ad impressions."

The company has been tracking the botnet since last December, searching for specific patterns typical of this bot activity, such as crashing and restarting regularly, targeting a specific cluster of 202 websites, simulating the visitation of a number of web pages across a number of websites, and so on.

Apart from its obvious sophistication, the botnet is also notable for the amount of money it generates for its master(s), and for being the first one spotted to affect display ad advertisers instead of text link ones.

Every month the botnet has been serving at least 14 billion ad impressions, using at least 7 million distinct ad-exchange cookies, exchanged after each bot crash.

"Despite the sophistication of each individual bot at the micro level, the traffic generated by the botnet in aggregate is highly homogenous," the researchers pointed out. "All the bot browsers report themselves as being Internet Explorer 9.0 running on Windows 7. The bots visit the same set of websites, with little variation. The bots generate uniformly random click co-ordinates across ad impressions and the bots also generate randomized mouse traces."

Spider.io has compiled a blacklist of 5,000 IP addresses of the worst bots participating in the Chameleon botnet.









Spotlight

Dissecting the unpredictable DDoS landscape

Posted on 23 April 2014.  |  DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Apr 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //