There is a new twist on the bot networks that have been the plague of computing in recent years. This one is called ClickBot. The story is from Incidents.org Many sites, (like this one) use adsense to “monetize their content”. The idea is that advertisers bid on “clicks”. So, if I wanted to advertise on the keywords “asheville computer repair” I might bid 5 cents for every click on one of my ads. The problem is many content owners are less than scrupulous.
(Wasn’t that some plot line in one of the Superman movies from the 80′s – with Richard Pryor as a computer programmer, getting maybe the fraction of a cent interest from all the banks accounts transfered to his each month….) Anyway – random thought through the brain.
Here’s sans summary of the bot….
With pay per click programs such as Google Adsense, there is another way to earn money from advertisers by building a scam where the money flows like this:
The advertisers pay Google for clicks in the hope to sell something.
Google has a bunch of publishers that own a website and run banners for them. Google pays (a high percentage) of the revenue to the publisher.
Some of these publishers aren’t honest, but Google (tries to) detects fraudulous clicks and suspends them, so they need to hide the additional clicks better.
Somebody with a botnet generates the clicks from a few hundred machines and makes sure they look as innocent as possible. Keeps it a low profile while at it. Of course the botnet owner will want a share from the publisher.
Bottom line is that the advertiser pays in exchange for a bot visiting him.
It seems some bot operator left a website with both the bot’s *.exe and the web based control panels wide open. An anonymous source sent us the URL.
While some of the *.exe’s were detected pretty well, this one stood out [Virustotal results]:
AntiVir 220.127.116.11/20060514 found [TR/Drop.Small.ann.1]
Avast 4.6.695.0/20060512 found nothing
AVG 386/20060512 found nothing
BitDefender 7.2/20060514 found nothing
CAT-QuickHeal 8.00/20060512 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20060512 found nothing
DrWeb 4.33/20060514 found [Adware.IEHelper]
eTrust-InoculateIT 23.72.7/20060512 found nothing
eTrust-Vet 12.4.2207/20060512 found nothing
Ewido 3.5/20060513 found [Hijacker.BHO.d]
Fortinet 18.104.22.168/20060514 found [suspicious]
F-Prot 3.16c/20060512 found nothing
Ikarus 0.2.65.0/20060512 found nothing
Kaspersky 22.214.171.124/20060514 found [Trojan-Dropper.Win32.Small.ann]
McAfee 4761/20060512 found nothing
Microsoft 1.1372/20060513 found nothing
NOD32v2 1.1536/20060513 found nothing
Norman 5.90.17/20060512 found nothing
Panda 126.96.36.199/20060513 found [Suspicious file]
Sophos 4.05.0/20060513 found nothing
Symantec 8.0/20060514 found nothing
TheHacker 188.8.131.52/20060512 found nothing
UNA 1.83/20060512 found nothing
VBA32 3.11.0/20060513 found nothing
It is interesting to note that the botnet was 115 bots in size at the early time of the day I was looking at it and most were under 15 clicks each.
It’s been reported to Google in order to make sure nobody gets paid.
Related PostsRelated Posts
- NO, Google has NOT cancelled click-to-call It was an odd message that started this on the official google blog. I saw it and thought this doesn't make sense - it doesn't sound like an official statement and it claims it was translated from another language???? Posted by "Maximal" here is the original Google Blog post... After......
- Wordpress 2.0 plugins One of the real hesitations I had in moving current sites to Wordpress 2.0 was the thought of "what plugins will break?" From what I saw the supported plugins list was short and so was the "broken" plugins list. Which said many were likely untested. So, after I installed a......
- Virus Warning - Email Subjects - IRS Notice - Important Information from the IRS I've seen a couple of these emails today and wanted to give a post just to warn people that these are bogus and you should NOT follow the link suggested in the email. I HOPE no one reading this falls for it, but the "tax software update" that they are......
- Creating Your Personal World Wide Web Banners Makes Sense Off! Banner ads are one of the most extremely popular and effective ways of internet advertising. Advertising online is economical for businesses of most sizes and empowers you to reach audiences worldwide in a way that isn't possible with any other media. Animated Banners Deliver Greater Answer Using an animated banner......
- New Loan Funded — Try this one more time, group leader, wantabe borrower — $19,500 at 14.34% — AA Credit — DTI 59% A new loan funded (Try this one more time, group leader, wantabe borrowerÂ Â â $19,500 at 14.34%).Â I participated via my standing order RL Overlooked.Â The borrower hadÂ AA credit, a 59% DTI, and is a homeowner.Â This was a non autofunding loan.Â As a reminder my standing orders (and manual bids)Â only......
- The Secrets To Boosting The CTR Of Your AdWords Campaign The clickthrough rate of your AdWords campaign happens to be the most important element when it comes to boosting your conversions and sales. A low CTR means that the quality of your campaign will diminish, leading to a lower number of visitors. You need to do everything in your power......
- Google Adsense changes
- New competition for Google Adsense in blogs
- Adsense Firefox referrals available for those outside the US