Reports are coming out about a new click-fraud botnet that is being called, “Redirector.Paco Trojan.” While new botnets are being created and discovered all the time, this one is actually quite well-established all ready, though it has really only just been discovered.
The botnet has apparently been active and growing since at least 2014 and it currently has at least 900,000 computers and systems infected.
The cyber criminals have this malware “earning” money from Google’s AdSense network by taking traffic and redirecting it through search engines including Google, Bing and Yahoo. They then replace the results with those obtained from a Google Custom Search page.
It works by editing two registry entries on the victim’s computer to access a proxy auto-config file to have searches go through specific areas. While the malware itself is actually quite simple, it has also been extremely effective because it really didn’t cause noticeable problems to the users of the computers. While they may not have always gotten the exact search results that they normally would have, most people would not necessarily even notice.
“This particular campaign is mostly detrimental for private companies that pay for advertising impressions and clicks,” states Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender. “Google’s AdSense for Search programme places contextually relevant advertisements on custom search results pages and shares a portion of its advertising revenue with AdSense partners. In this particular case, the botnet operator is utilising publisher identities to operate as a Google AdSense partner and collect the money from clicks on poisoned search links.”
While there is no word on exactly how much money this botnet has generated up to this point, it can be assumed it is a very significant amount.
Computers have been infected by installing software packages that were part of YouTube Downloader, Pirate WinRAR, KMSpico Windows Application Cracker and Stardock Start. If you have any of these programs on your PC, you may be infected with the malware.
While it is possible to have the malware removed using most anti-malware programs, it is expected to continue to grow at least in the near term.
