Kaspersky labs has found a new botnet that, rather than being used as a tool for DDoS attacks, instead infects machines with a Trojan called Magala. The malware is especially harmful to small businesses, which are at risk of doing business with unscrupulous advertising firms.
Many SMBs purchase contextual advertising from ad companies to promote their business, product or service. However, if the ad seller is not a legitimate company then real customers may never see the adverts, resulting in many clicks, but no conversions.
The Magala Trojan Clicker infects computers and then generates fake advertising views and clicks. Because contextual advertising is paid per-click, this means that advertisers pay a huge amount, with no prospect of any real business; instead, the malware authors make up to $350 from each infected machine:
‘An average cost per click (CPC) in a campaign like this is $0.07 (£0.05). The cost per thousand (CPM) comes to $2.20 (£1.70). A botnet consisting of 1,000 infected computers clicking 10 website addresses from each search result, and performing 500 search requests with no overlaps in the search results, could mean the virus writer earns up to $350 USD (£270) from each infected computer.'
Magala spreads through infected websites, Kaspersky describes in a blog post; specifically, using Internet Explorer, although versions older than IE8 are safe as the Trojan will not run. If a newer version is detected, then a virtual desktop is initialised without the user's knowledge. It then carries out various actions, such as installing a toolbar and setting a specific website as the home page. After all of these are completed, Magala pings its remote server for a list of click counts that need boosting, and begins to send the requested search queries and clicks.
This adware may not pose much of a threat to the infected user - it simply consumes some system resources - but is extremely harmful to the targeted advertisers.
Sergey Yunakovsky of Kaspersky said, "Although this type of advertising fraud has long been known, the emergence of new botnets focusing on that area indicates that there is still a demand on half-legitimate promotion. Trying to cut their costs, small businesses go for that option, but spoil their ad efforts as a result. The success of Magala is yet another wake-up call for users to make the most of solid security solutions and keep all their software updated - in order to not fall victim to cybercriminals."
14nm Cavium ThunderX2 CPUs deployed in HPE Apollo 70 supercomputer for US National Nuclear Security Administration
MWR's Countercept platform and phishd technologies key to F-Secure acquisition
Brexit labour shortages will lead to higher adoption of robotics
Newbies will be thrown in with the big boys on Sanhok as Kar98 fodder