'Chameleon Botnet' takes $6-million-a-month in ad money

The botnet has targeted at least 202 Web sites that serve 14 billion ad impressions. The botnet apparently accounted for 9 billion of them.

Don Reisinger
Former CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
2 min read
A look at the distribution of the bots across the U.S.
A look at the distribution of the bots across the U.S. Spider.io

A newly discovered botnet has found a way to siphon cash from advertisers.

Spider.io, a security researcher, yesterday announced that it has discovered a new botnet, called Chameleon, that's targeting "at least" 202 Web sites. The botnet is made up of over 120,000 host machines running Windows, according to Spider.io. Those machines are connecting to the Web with a Flash-friendly Trident-based browser that executes JavaScript. The vast majority of the machines -- 95 percent -- have come from U.S.-based IP addresses.

The botnets have targeted at least 202 Web sites, hitting them with as little as 9 billion ad impressions. The sites themselves are receiving 14 billion ad impressions, meaning the majority are coming from the botnet.

But here's the crux of the issue: advertisers are paying the sites 69 cents per thousand ad impressions, believing that they're legitimate. The Chameleon botnet, therefore, is able to siphon $6 million per month in cash from the advertisers.

Although botnets have been used to target text ads, they've largely stayed away from display ads because of the more sophisticated way in which advertisers analyze activity. In many cases, that analysis catches botnets before they have a chance to take hold. However, according to Spider.io, Chameleon is extremely sophisticated and act as though they're normal users surfing the Web. Still, the botnet has some hallmarks that give it away. According to Spider.io:

Despite the sophistication of each individual bot at the micro level, the traffic generated by the botnet in aggregate is highly homogenous. All the bot browsers report themselves as being Internet Explorer 9.0 running on Windows 7. The bots visit the same set of websites, with little variation. The bots generate uniformly random click co-ordinates across ad impressions and the bots also generate randomised mouse traces.

The discovery of the Chameleon botnet comes a little over a month after Microsoft and Symantec announced that they had taken down another botnet, known as Bamital, that redirected Web sites. It's believed that botnet was earning at least $1 million per year.

(Via ZDNet)