From: InfoSec News (alertsinfosecnews.org)
Date: Thu Jul 02 2009 - 07:49:35 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.theregister.co.uk/2009/07/01/stealthy_click_fraud_malware/

By John Leyden
The Register
1st July 2009

Miscreants have developed one of most sophisticated click fraud malware
applications to date.

The Trojan code - dubbed FFsearcher by security firm SecureWorks - plugs
into a Google API that allows webmasters to add a Google-powered search
widget (called "Google Custom Search") to their website. In normal use,
search results made via the widget are displayed alongside Google
AdSense ads, with webmasters receiving a small fee every time a surfer
follows an ad.

The malware hijacks this feature so that every search an infected user
makes is performed through a search widget under their control, so that
they get paid by Google every time a surfer clicks on a sponsored ad.
Hackers have also worked out a means to pull off this sleight of hand
without giving any indication to surfers that anything might be amiss.
Google might find it hard to unravel instances of fraud.

As such, the attack is more sophisticated than previous click fraud
approaches, which relied on tricks such as changing a surfer's start
page and searches to point to a third-party search engine, types of
behaviour that might more easily be detected. FFsearcher works on both
IE and Firefox.

[...]

_______________________________________________
Attend Black Hat USA, July 25-30 in Las Vegas,
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]