Chameleon Botnet Takes $6m Per Month From Advertisers

Security researchers from Spider.io have discovered a botnet that earns its owners over $6m a month by generating fake clicks on online adverts. The botnet, known as Chameleon, is similar to the Bamital botnet (taken down by Symantec and Microsoft a month ago) except for the fact that it takes money from display ads rather than text based ones.

Chameleon-botnet

Thus far Chameleon has been detected on some 120,000 Windows based host computers in the US and around 64% of the traffic across them comes from the botnet –

“spider.io has observed the Chameleon botnet targeting a cluster of at least 202 websites. 14 billion ad impressions are served across these 202 websites per month. The botnet accounts for at least 9 billion of these ad impressions. At least 7 million distinct ad-exchange cookies are associated with the botnet per month. Advertisers are currently paying $0.69 CPM on average to serve display ad impressions to the botnet.”
Spider.io

The researchers said that all of the browser bots were identifying themselves as Internet Explorer 9 running on Windows 7. The heavy load that these bots exert on the infected machines causes them to crash and restart on a regular basis. Each time this happens the bots request a new set of cookies which provided the unique pattern that allowed them to track what was going on.

“Chameleon is a sophisticated botnet. Individual bots run Flash and execute JavaScript. Bots generate click traces indicative of normal users. Bots also generate client-side events indicative of normal user engagement. They click on ad impressions with an average click-through rate of 0.02%; and they surprisingly generate mouse traces across 11% of ad impressions.”

You can find a blacklist of 5,000 IP addresses detailing the worst bots within the Chameleon botnet here.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*