Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Symantec and Microsoft Tackle Click Fraud Botnet

Symantec and Microsoft Tackle Click Fraud Botnet

Symantec and Microsoft have joined forces to successfully tackle the Bamital botnet, which helped cyber gangs steal more than US$1.1 million annually.

Symantec has been tracking this botnet since late 2009 and recently partnered with Microsoft to identify and shut down all known components vital to the botnet's operation.

Bamital is a malware family whose primary purpose is to hijack search engine results, redirecting clicks to an attacker controlled command-and-control (C&C) server. The C&C server redirects the results to websites of the attackers' choosing.

Bamital also has the ability to click on advertisements without user interaction. This results in poor user experience when using search engines along with an increased risk of further malware infections.

The malware’s origin can be tracked back to late 2009 and has evolved through multiple variations over the past couple of years. Bamital has primarily propagated through drive-by-downloads and maliciously modified files in peer-to-peer (P2P) networks.

From analysis of a single Bamital C&C server over a six-week period in 2011 we were able to identify more than 1.8 million unique IP addresses communicating with the server, and an average of three million clicks being hijacked on a daily basis.

Recent information from the botnet shows the number of requests reaching the C&C server to be well over one million per day.

Clickfraud, the name used for the type of fraud committed by Bamital, is the process of a human or automated script emulating online user behaviour and clicking on online advertisements for monetary gain.

Bamital redirected end users to ads and content which they did not intend to visit. It also generated non-human initiated traffic on ads and websites with the intention of getting paid by ad networks.

Bamital was also responsible for redirecting users to websites peddling malware under the guise of legitimate software. The following video illustrates how Bamital exploits the online advertising model:

Bamital is just one of many botnets that utilise clickfraud for monetary gain and to foster other cybercrime activities. Many of the attackers behind these schemes feel they are low risk as many users are unaware that their computers are being used for these activities.

This takedown sends a message to those attackers that these clickfraud operations are being monitored and can be taken offline.

For further details on Bamital's activities you can download a copy of our whitepaper.

Details on recovering from a Bamital infection are available here: Users of up-to-date Symantec security products are protected against Bamital and its variants.

Symantec Security Response would like to acknowledge Spain's Civil Guardia, Catalunyan CERT (CESICAT), and Microsoft for assisting us in understanding and ultimately bringing this botnet to its demise.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Postnatal Depression: 'The Thief That Steals Motherhood' - Alison McCulloch

Post-natal depression is a sly and cruel illness, described by one expert as ‘the thief that steals motherhood’, it creeps up on its victims, hiding behind the stress and exhaustion of being a new parent, catching many women unaware and unprepared. More>>


DIY: Kiwi Ingenuity And Masking Tape Saves Chick

Kiwi ingenuity and masking tape has saved a Kiwi chick after its egg was badly damaged endangering the chick's life. The egg was delivered to Kiwi Encounter at Rainbow Springs in Rotorua 14 days ago by a DOC worker with a large hole in its shell and against all odds has just successfully hatched. More>>


Trade: Key To Lead Mission To India; ASEAN FTA Review Announced

Prime Minister John Key will lead a trade delegation to India next week, saying the pursuit of a free trade agreement with the protectionist giant is "the primary reason we're going" but playing down the likelihood of early progress. More>>



MYOB: Digital Signatures Go Live

From today, Inland Revenue will begin accepting “digital signatures”, saving businesses and their accountants a huge amount of administration time and further reducing the need for pen and paper in the workplace. More>>

Oil Searches: Norway's Statoil Quits Reinga Basin

Statoil, the Norwegian state-owned oil company, has given up oil and gas exploration in Northland's Reinga Basin, saying the probably of a find was 'too low'. More>>


Modern Living: Auckland Development Blowouts Reminiscent Of Run Up To GFC

The collapse of property developments in Auckland is "almost groundhog day" to the run-up of the global financial crisis in 2007/2008 as banks refuse to fund projects due to blowouts in construction and labour costs, says John Kensington, the author of KPMG's Financial Institutions Performance Survey. More>>


Health: New Zealand's First ‘No Sugary Drinks’ Logo Unveiled

New Zealand’s first “no sugary drinks logo” has been unveiled at an event in Wellington... It will empower communities around New Zealand to lift their health and wellbeing and send a clear message about the damage caused by too much sugar in our diets. More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news