Chameleon botnet fakes website visits to leave advertisers $6m a month worse off

Summary:Security researchers have discovered the Chameleon botnet, which is delivering fraudulent clicks and display ad mouse rollovers.

Security researchers have found a relatively small botnet that they claim is defrauding online advertisers of up to $6m a month by mimicking website visitor traits, such as clicking or rolling a mouse over display ads.

Fraud analytics firm Spider.io has dubbed the ad-fraud botnet Chameleon, which it says is the first botnet to hit online display advertising rather than text-based advertising.

The company worked with display ad exchanges and demand-side platforms to investigate "deviant consumption" of display advertising, and in February discovered the extent of the botnet's activity, which it claims accounts for nine billion fraudulent display ads served a month.

Chameleon operates from 120,000 infected hosts that are exploited to bombard certain websites with billions of fraudulent visits, according to Spider.io.

"The bots subject host machines to heavy load, and the bots appear to crash and restart regularly. The bots largely restrict themselves to the 202 target websites," the company says.

The bots all report themselves as Internet Explorer 9.0 running on Windows 7 and use Flash and JavaScript to generate signs of human activity, such as clicks and "mouse traces" or rollovers on advertisements. However, Spider.io's analysis of the bot's mouse movements show that they are suspiciously uniform.

"The bots visit the same set of websites, with little variation. The bots generate uniformly random click co-ordinates across ad impressions and the bots also generate randomised mouse traces," Spider.io notes.

The nine billion ad impressions served to the botnet each month make up more than half the 14 billion the 202 websites collectively serve per month. Spider.io estimated the $6m a month cost of fraud to advertisers based on a rate of $0.69 per thousand impressions.

Topics: Security

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.