A powerful botnet sending swathes of fake traffic to different websites has been discovered, in a fraud campaign thought to have conned advertising companies out of nearly £4 million per month.
Discovered by analytics firm Spider.io and dubbed Chameleon, the botnet delivers huge amounts of traffic to over 200 sites owned by a small group of publishers. 14 billion ad impressions are served across these websites - of which Chameleon counts for at least 9 billion – and advertisers currently pay an average of $0.69 (46p) CPM to serve display ads to the botnet, costing them around $6.2 million every month.
Security researchers at Spider.io have been tracking the activity since December 2012, with the scale of the web-browsing fraud becoming apparent in February. Chameleon appears to run on 120,000 host machines using Windows, of which 95 per cent accessed the web via US IP addresses.
According to the Spider.io analysts, “For the Chameleon botnet to evade detection and to impact display advertisers to the extent that it has requires a surprising level sophistication.”
This involves the bots opening up a large number of web pages within the browser until it crashes and is forced to restart, at which time it acquires a new set of cookies.
Each bot presents itself as several web visitors visiting the site concurrently before each sessions end at the same time, with the repeated pattern helping expose the fraudulent traffic to researchers.