Early Prime Day Deals Roe v. Wade Overturned Surface Laptop Go 2 Review 4th of July Sales M2 MacBook Pro Deals Healthy Meal Delivery Best TVs for Every Budget Noise-Canceling Earbuds Dip to $100

'Chameleon Botnet' takes $6-million-a-month in ad money

The botnet has targeted at least 202 Web sites that serve 14 billion ad impressions. The botnet apparently accounted for 9 billion of them.

A look at the distribution of the bots across the U.S.
A look at the distribution of the bots across the U.S.

A newly discovered botnet has found a way to siphon cash from advertisers.

Spider.io, a security researcher, yesterday announced that it has discovered a new botnet, called Chameleon, that's targeting "at least" 202 Web sites. The botnet is made up of over 120,000 host machines running Windows, according to Spider.io. Those machines are connecting to the Web with a Flash-friendly Trident-based browser that executes JavaScript. The vast majority of the machines -- 95 percent -- have come from U.S.-based IP addresses.

The botnets have targeted at least 202 Web sites, hitting them with as little as 9 billion ad impressions. The sites themselves are receiving 14 billion ad impressions, meaning the majority are coming from the botnet.

But here's the crux of the issue: advertisers are paying the sites 69 cents per thousand ad impressions, believing that they're legitimate. The Chameleon botnet, therefore, is able to siphon $6 million per month in cash from the advertisers.

Although botnets have been used to target text ads, they've largely stayed away from display ads because of the more sophisticated way in which advertisers analyze activity. In many cases, that analysis catches botnets before they have a chance to take hold. However, according to Spider.io, Chameleon is extremely sophisticated and act as though they're normal users surfing the Web. Still, the botnet has some hallmarks that give it away. According to Spider.io:

Despite the sophistication of each individual bot at the micro level, the traffic generated by the botnet in aggregate is highly homogenous. All the bot browsers report themselves as being Internet Explorer 9.0 running on Windows 7. The bots visit the same set of websites, with little variation. The bots generate uniformly random click co-ordinates across ad impressions and the bots also generate randomised mouse traces.

The discovery of the Chameleon botnet comes a little over a month after Microsoft and Symantec announced that they had taken down another botnet, known as Bamital, that redirected Web sites. It's believed that botnet was earning at least $1 million per year.

(Via ZDNet)