There's a Trojan out there that 'forces' infected computers to automatically click on advertising banners. By doing so, its creators are earning money, while businesses paying to be seen, are just burning a hole in their budgets without achieving anything.
Those are the results of a new report by security firm Bitdefender, which has identified the Trojan as Redirector.Paco. According to the company’s press release, the Trojan has, since 2014, infected 900,000 machines.
It’s most present in India, Malaysia, Greece, the USA and Italy, and works like this: once a machine is infected, its internet configuration settings are changed so that search results on engines like Google or Yahoo are forwarded to a third party, controlled by the attackers. The server would then retrieve results and add advertising, earning botnet operators money.
“This particular campaign is mostly detrimental for private companies that pay for advertising impressions and clicks,” states Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender. “Google’s AdSense for Search programme places contextually relevant advertisements on custom search results pages and shares a portion of its advertising revenue with AdSense partners. In this particular case, the botnet operator is utilising publisher identities to operate as a Google AdSense partner and collect the money from clicks on poisoned search links.”
Researchers say infected users don’t lose money directly, but this Trojan does allow botnet operators to inject malicious code (ransomware, for example) if they want to. They also own the search results for the victim’s computer.
Photo credit: Gunnar Assmy / Shutterstock