+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

This Is What It Looks Like When A Click-Fraud Botnet Secretly Controls Your Web Browser

Nov 28, 2013, 02:48 IST

"Zeus" is the name of malignant software that is used to create click-fraud botnets.

Spider.io, a London company that specializes in detecting click-fraud on the internet, has done the world a huge favor by producing some graphics and a video that show exactly what happens when your PC becomes infected with malware that creates false clicks on ads.

Advertisement

Advertisers waste about $7 million a month on fraudulent clicks from bots (networks of PCs infected with malware). Botnet controllers can sell their army of infected PCs to anyone who wants to generate tons of "traffic" - i.e. unethical web publishers who run advertising but don't have any real people clicking on their ads.

Spider.io obtained a copy of "Zeus," a notorious piece of "root-kit" software that nestles inside the system of any infected PC. Once a machine is infected with Zeus, you can instruct the malware to do your bidding by having it open a hidden Internet Explorer window in which the malware secretly visits web sites and clicks on ads, all without the innocent user knowing what is going on. Spider.io claims about 3.6 million PCs in the U.S. are infected with Zeus.

The ingenious part is that the botnet copies your real browsing behavior so that it looks like its fake clicks are real human clicks.

First, a Spider.io researcher began using the infected machine. The researcher browsed a series of shopping websites to build up a bunch of tracking cookies, the little bits of code that advertisers use to target you on the web. Here is the researcher looking at wine glasses on the John Lewis department store web site:

Advertisement

Spider.io

Next, the researcher goes to buy a train ticket. The cookies - which are legit - do their job, and the researcher is targeted with John Lewis ads on National Rail web site:

Spider.io

But the PC is infected with Zeus, and the botnet controller can see the PC being used on his or her controller dashboard:

Spider.io

Advertisement

The controller then sends a command to the infected machine. This one is called "Ghost Visitor":

Spider.io

Even though the machine is infected and under the control of a botnet commander, the PC's Task Monitor shows no unusual activity:

Spider.io

But there is a hidden browser window that is active, controlled by the botnet:

Advertisement

Spider.io

Scroll down the list of hidden windows, and there it is:

Spider.io

Spider.io has redacted the name of the web site being displayed by the hidden window. When Spider.io clicked to show the window, here is what they got. The company anonymized the web page, too, but it's clearly some sort of cat video library. Note that the cookies, which were legit but have now been hijacked by Zeus, are triggering John Lewis ads at the top of the page:

Spider.io

Advertisement

The Zeus malware then reproduces the mouse activity that the human researcher did on previous web pages, and clicks on an ad:

Spider.io

Boom! John Lewis must now pay the cat web site owner for serving an ad - even though the click was completely fake.

Here is a video of the whole process:

Advertisement
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article