Chameleon Botnet Takes $6m Per Month From Advertisers

Security researchers from have discovered a botnet that earns its owners over $6m a month by generating fake clicks on online adverts. The botnet, known as Chameleon, is similar to the Bamital botnet (taken down by Symantec and Microsoft a month ago) except for the fact that it takes money from display ads rather than text based ones.


Thus far Chameleon has been detected on some 120,000 Windows based host computers in the US and around 64% of the traffic across them comes from the botnet –

“ has observed the Chameleon botnet targeting a cluster of at least 202 websites. 14 billion ad impressions are served across these 202 websites per month. The botnet accounts for at least 9 billion of these ad impressions. At least 7 million distinct ad-exchange cookies are associated with the botnet per month. Advertisers are currently paying $0.69 CPM on average to serve display ad impressions to the botnet.”

The researchers said that all of the browser bots were identifying themselves as Internet Explorer 9 running on Windows 7. The heavy load that these bots exert on the infected machines causes them to crash and restart on a regular basis. Each time this happens the bots request a new set of cookies which provided the unique pattern that allowed them to track what was going on.

“Chameleon is a sophisticated botnet. Individual bots run Flash and execute JavaScript. Bots generate click traces indicative of normal users. Bots also generate client-side events indicative of normal user engagement. They click on ad impressions with an average click-through rate of 0.02%; and they surprisingly generate mouse traces across 11% of ad impressions.”

You can find a blacklist of 5,000 IP addresses detailing the worst bots within the Chameleon botnet here.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind