Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

IE Used To Launch Yahoo IM Clickfraud 76

Posted by kdawson from the botless-botnets dept.
An anonymous reader writes, "There's a new Instant Messaging worm in the wild that is taking the idea of Botnet clickfraud up a level. It trades in automated drones (prone to malfunction and detection) for real live people who (of course) have the option of not actually clicking anything, thus theoretically making their clicks harder to identify as 'fraudulent.' This IM attack doesn't even need a victim to physically run anything to become infected — simply visiting a certain site in Internet Explorer will cause the files to download and start sending infection messages. At this point, their homepage is changed to a site using Mesothelioma (a rare form of cancer) to ring up high-paying results on the perpetrators' Google ads. As the researcher who discovered the infection notes, 'It's way, way harder to trace some random boob who has a ton of (partially) unconnected people shunting IM links all over the place. Try staying anonymous as a Botnet owner who just had the entire details of his server splattered across the net by Shadowserver. What will be interesting to see is if some of the smaller Botnet guys ditch their technical woes and jump on the much-easier-to-maintain IM bandwagon to get their clickfraud kicks.'"
This discussion has been archived. No new comments can be posted.

IE Used To Launch Yahoo IM Clickfraud More

IE Used To Launch Yahoo IM Clickfraud

Comments Filter:

  • Re:Huh? (Score:5, Informative)

    by manastungare ( 596862 ) <manasNO@SPAMtungare.name> on Tuesday October 03, 2006 @08:11PM (#16299685) Homepage
    At this point, their homepage is changed to a site using^H^H^H^H^H about Mesothelioma (a rare form of cancer) to ring up high-paying results on the perpetrators' Google ads. High-paying, because mesothelioma is an uncommon word.

  • without RTFA... (Score:2, Informative)

    by tygt ( 792974 ) on Tuesday October 03, 2006 @08:23PM (#16299795)
    Without RTFA, and thus most likely wrong, but someone feeling right, I think that what's up is that it pops open an IE with links that are just begging to be clicked, and when you do, they get their money. Of course, the user may not actually click anything, but if they're like the lusers I've seen too much of, they'll go "huh, what's that" and cha-ching...

  • Mesothelioma ads = gold mine for hucksters (Score:5, Informative)

    by davidwr ( 791652 ) on Tuesday October 03, 2006 @08:23PM (#16299797) Homepage Journal
    For those who didn't RTFA, here's another summary:

    You get an infected Yahoo IM. In addition to propogating, it turns your IE home page into an ad-filled page. The ad page works like Google's adsense, only in this case instead of Google paying a legitimate web site when people click-through the ad, Google or some other company winds up paying the scammer or his cronies.

    Because of the way it works it's a lot harder to detect than automated fraud or paid-human click fraud. Because the end user will likely click on the ad only if he's actually interested in it, the company that originated the ad might not even consider it fraud - he's just found a live potential client.

    What makes it fraud is that the end user's web page has been hijacked. In other words - it's spyware/adware.

    Workaround: Don't use IE, and use a malware-detector that detects and blocks Yahoo IM Malware.

  • Re:Huh? (Score:5, Informative)

    by Software ( 179033 ) on Tuesday October 03, 2006 @08:25PM (#16299813) Journal
    No, "mesothelioma" is high-paying because it's only caused by exposure to asbestos. Therefore, plaintiff's lawyers have determined that anybody searching for it probably has the disease and therefore the ability to win a case against the asbestos manufacturers. The lawyer will, of course, get a nice cut of that (tens or hundreds of thousands of dollars). So the searchers and their clicks are very valuable to plaintiff's lawyers. One estimate I heard was that AdSense links for mesothelioma were going for about $50, if you wanted a decent position.

    If you want to screw over some lawyers and Google, search for mesothelioma and click on the AdSense links.

  • Just another example ... (Score:5, Informative)

    by zappepcs ( 820751 ) on Tuesday October 03, 2006 @08:35PM (#16299881) Journal
    Just another example of clever people taking advantage of anyone that is unfortunate enough to not know to click on unwanted popup things that ask them to click here, or enter your financial information etc.

    The internet will not be safe, ever, because of those people. Yes, "click here to win a date with name-a-rising-star" will always find its way to someone that thinks there is some remote possibility that Bill Gates will pay you to forward emails, or that a music hall-of-famer needs a date from someone just like them. The human factor in security will always be the weakest link. ALWAYS.

  • Re:Huh? (Score:5, Informative)

    by Anonymous Coward on Tuesday October 03, 2006 @08:54PM (#16300013)
    Google does offer a public tool for estimating cost-per-click and position based on keyword, match type, and maximum bid. Toying with it...

    For 'mesothelioma', Exact Match, the current estimate seems to be that a max bid of $100/click will normally land one in position 1-3 and cost $44.23/click -- which is very, very good. It's not the highest I've seen (and there are ones that have both significantly higher CPC and probably a much higher clickthrough rate given greater applicability, judging from some experimentation... but I'm not here to help the click-spammers increase their take), but it's up there.

  • [Translated Version] (Score:3, Informative)

    by Anonymous Coward on Tuesday October 03, 2006 @09:13PM (#16300115)
    The exploit changes their homepage to some page with Google ads about mesotheleoma, and the bad guys get money from the clickfraud (people seeing impressions on an expensive Google keyword, most likely because liability lawyers are suing over it or something, and looking for people to join various class action suits where the lawyers can get big money).

  • Re:What? (Score:1, Informative)

    by hdparm ( 575302 ) on Tuesday October 03, 2006 @10:58PM (#16300695) Homepage
    I thought self respecting slashdotters don't use web browser in question.

  • Doesn't sound right (Score:3, Informative)

    by CaseyB ( 1105 ) on Wednesday October 04, 2006 @12:22AM (#16301199)
    The article is written so badly that's it's very hard to figure out the meaning. But this bit seems to describe the "entry point" to the infection:

    Here, we have something different - an Instant Messaging attack launched by a webpage forcibly dumping executable files into a PCs temporary files directory, via some nifty VisualBasic scripting.

    and further on:

    So, how does this happen?
    First of all, you need to hit an infection site using Internet Explorer - this exploit doesn't work in Firefox, for example. Due to the way these files are downloaded onto the PC, you can effectively make any site a potential threat and can scatter these files around wherever you like.

    This sounds like a straight up "go to a web page and an arbitrary executable runs" attack. That would be a HUGE security hole in IE that has nothing to do with the rest of this issue. Not that it's never happened before, but I somehow doubt that this would be the first place we'd hear about it.

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?

Close