|
| Recent
Articles |
The Future Of IP Telephony
IP Telephony is a rapidly emerging technology for voice communication that uses the ubiquity of IP-based networks to deploy IP Technology enabled devices in enterprise and home environments.
VON: IM – The State Of Presence
Instant messaging technology received a panel's attention during pulvermedia's Fall 2006 VON conference, as reps from the heavy Internet hitters discussed presence and its place at the core of IM with voice communications.
Google Apps No Microsoft Threat Yet
Google debuted its Apps for Your Domain as a hosted communications option for domain owners, and it is being touted in some places as a gauntlet being tossed down in challenge to Microsoft.
Dialpro Taps Tyler To Take Over Helm
Enterprise voice messaging company Dialpro Northwest Inc. was acquired by software and telecommunications industry executive Dennis R. Tyler. Tyler, taking over for the retiring owners and founders.
What Makes A Good Audio Conference Call?
When making conference calls, it's important to make sure first of all that everyone is seeing eye to eye on the technology that's going to be used.
Updated Jabber Product Improves Messaging
Jabber, Inc. has launched an updated version of its Jabber Extensible Communications Platform (Jabber XCP) in the form of a 5.1 release. Features have been added and compatibility has been improved from the last...
|
|
|
10.04.06
Botnet Tactics Enable Click Fraud
 By
David Utter
An instant messaging botnet attack that plagued users of Yahoo's Messenger client has been revamped into a more sophisticated approach that could lure people into clicking lucrative ads for the attacker's benefit.
FaceTime researcher Chris Boyd, who also writes under the pen name Paperghost at VitalSecurity.org, has found a variant of some malicious code seen traveling over IM. People whose machines were infected by the malware had a bot placed on their machines, which in turn perform automated clicks on the bad guy's ad-stuffed page.
The new version removes the bot from the equation. Instead, the person who clicks on a link in the message ends up at a page that causes their client to send out messages to others on the buddy list, which also leads to the malicious page.
Then the real aim of the crime appears, according to Boyd:
Meanwhile, you'll find your homepage has been jacked, Botnet style, to a site stuffed with adverts.
Not just any old adverts, though - these guys have done their homework. Unlike the previous ads that I've seen served up by Botnets, these ones are targeted towards a specific kind of cancer. Namely, Mesothelioma.
Among keywords, mesothelioma has a decent payout for clicks in online advertising. Overture's bid tool listed a top bid of $13.02 for "mesothelioma help." Where an automated bot would normally begin clicking away, it is left to the user to click, or not click, on the ads.
A click or two from a number of people across a range of IP addresses probably would not prompt the same level of scrutiny that a horde of botnet clicks should generate inside the black boxes of contextual advertising engines at places like Google or Yahoo.
If that happens, the advertiser ends up losing money, the advertising company makes money, and the individuals who spread the infection profit.
Boyd discussed the ploy in a more formal fashion at FaceTime. He noted it only works when someone uses Internet Explorer to visit the malicious webpage. "Remember - in this attack, you simply need to visit the offending webpage to become infected. There is NO need to physically allow a download or run a file," he wrote.
Other tactics in use, such as filtering who sees the ad page by IP address, make it less likely such a scheme would be caught by detection filters at Google. If the visitor's IP address is from a country that would not normally see such ads, the malicious page will not display them.
Since one person or group has now made this attempt at using people to do the work of bots, we won't be surprised to see this scheme appear in copycat ploys in the future.
About the Author:
David Utter is a business and technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.
|
