Security researchers from Spider.io have discovered a botnet that earns its owners over $6m a month by generating fake clicks on online adverts. The botnet, known as Chameleon, is similar to the Bamital botnet (taken down by Symantec and Microsoft a month ago) except for the fact that it takes money from display ads rather than text based ones.
Thus far Chameleon has been detected on some 120,000 Windows based host computers in the US and around 64% of the traffic across them comes from the botnet –
“spider.io has observed the Chameleon botnet targeting a cluster of at least 202 websites. 14 billion ad impressions are served across these 202 websites per month. The botnet accounts for at least 9 billion of these ad impressions. At least 7 million distinct ad-exchange cookies are associated with the botnet per month. Advertisers are currently paying $0.69 CPM on average to serve display ad impressions to the botnet.”
The researchers said that all of the browser bots were identifying themselves as Internet Explorer 9 running on Windows 7. The heavy load that these bots exert on the infected machines causes them to crash and restart on a regular basis. Each time this happens the bots request a new set of cookies which provided the unique pattern that allowed them to track what was going on.
You can find a blacklist of 5,000 IP addresses detailing the worst bots within the Chameleon botnet here.