Chameleon Botnet Robbing Advertisers Blind

Updated on

A botnet, nicknamed Chameleon, which is made up of  over 120,000 compromised PCs running Windows 7 in the United States (95%), was discovered this week by British web analysis group Spider.io. They estimate that this network has been costing advertisers over $70 million a year, or $6 million per month by replicating the mouse moves and clicks that advertisers use to determine payouts to websites. Spider.io went on to say that this suspicious activity was found on more than 200 websites and the botnet was responsible for as many as 9 billion false impressions each month.

Chameleon Botnet Robbing Advertisers Blind

Now it is up to the company to begin the process of determining who would stand to gain from these false ad views. Something that the company is looking into while suggesting a difficulty. Whether that is a matter of “sandbagging” to make the guilty party or parties less worried about their ongoing investigation is anyone’s guess.

“This particular botnet is being used to emulate human users surfing the web, mimicking normal browsing sessions and normal ad engagement,” said the firm’s chief executive Douglas de Jager speaking with BBC News.

“It is difficult to imagine why one would run this type of botnet across a cluster of 202 sites other than to commit display advertising fraud.

“Unfortunately, we can’t be sure precisely which of the financially motivated parties is behind this. It could perhaps even be a single person within one of the companies, unbeknownst to others at this company.”
He went on to say that the reason the company was able to detect this behavior is that the Chameleon botnet forced a heavy workload on the infected machines which caused frequent crashes and restarts. After the restart, computers in the botnet are forced to request “cookies” anew from each of these sites, creating an identifiable bot signature.
It’s truly amazing how many people, especially those running PCs do not use, or fail to keep anti-virus programs current. Fortunately, this version of Chameleon is believed to be so unstable that many surely sensed that something was wrong with their machine and likely took measures to disengage from this botnet.
Chameleon is quite clever in how it operates. Ads that were targeted, were done in a random fashion that showed users spending random amounts of time hovering over ads and clicking the ads in numerous locations.

Leave a Comment