Researchers have discovered a new botnet that cashes-in on aggressive advertising, mostly in Germany and the United States. Criminals infect their victims’ computers with the Magala Trojan Clicker, generating fake ad views, and making up to $350 (£270) from each machine. Small enterprises lose out most because they end up doing business with unscrupulous advertisers, without even knowing it.
Contextual online advertising is a lifesaver for small enterprises that are usually unable to promote their products and services and increase potential customer awareness in other ways. The most common way to build a channel of supply and communication for these organisations is to purchase ads from legal advertising companies. However, if the latter are unscrupulous, customers may not see the ad, and small companies will flush money down the drain.
Its authors compromise computers with malware, which then generates fake views and ad clicks, thus switching machines into zombie mode and making a profit for the malware’s authors. Once propagated, Magala imitates a user click on a particular webpage, boosting ad click counts. The main victims are those paying for the ad; typically, they are small enterprise owners dealing with fraudulent advertisers.
The Magala infection vector is quite simple – it propagates computers via compromised websites and discreetly installs its required adware. Magala then contacts the remote server and requests a list of search queries for click counts that need to be boosted. Using this list, the program begins to send search queries and clicks on each of the first 10 links in the search results, with an interval of 10 seconds between each click.
According to Kaspersky Lab’s researchers, an average cost per click (CPC) in a campaign like this is 0.07 USD (£0.05). The cost per thousand (CPM) comes to 2.2 USD (£1.7). A botnet consisting of 1000 infected computers clicking 10 website addresses from each search result, and performing 500 search requests with no overlaps in the search results, could mean the virus writer earns up to 350 USD (£270) from each infected computer.
Sergey Yunakovsky at Kaspersky Lab said: “Although this type of advertising fraud has long been known, the emergence of new botnets focusing on that area indicates that there is still a demand on half-legitimate promotion. Trying to cut their costs, small businesses go for that option, but spoil their ad efforts as a result. The success of Magala is yet another wake-up call for users to make the most of solid security solutions and keep all their software updated – in order to not fall victim to cybercriminals.”