[ISN] Stealthy click fraud tool exploits 9ball attack
InfoSec News
alerts at infosecnews.org
Thu Jul 2 07:49:35 CDT 2009
http://www.theregister.co.uk/2009/07/01/stealthy_click_fraud_malware/
By John Leyden
The Register
1st July 2009
Miscreants have developed one of most sophisticated click fraud malware
applications to date.
The Trojan code - dubbed FFsearcher by security firm SecureWorks - plugs
into a Google API that allows webmasters to add a Google-powered search
widget (called "Google Custom Search") to their website. In normal use,
search results made via the widget are displayed alongside Google
AdSense ads, with webmasters receiving a small fee every time a surfer
follows an ad.
The malware hijacks this feature so that every search an infected user
makes is performed through a search widget under their control, so that
they get paid by Google every time a surfer clicks on a sponsored ad.
Hackers have also worked out a means to pull off this sleight of hand
without giving any indication to surfers that anything might be amiss.
Google might find it hard to unravel instances of fraud.
As such, the attack is more sophisticated than previous click fraud
approaches, which relied on tricks such as changing a surfer's start
page and searches to point to a third-party search engine, types of
behaviour that might more easily be detected. FFsearcher works on both
IE and Firefox.
[...]
More information about the ISN
mailing list