[funsec] Instant Messaging Clickfraud? Hackers use Botnet Tactics in IM Land...

Fergie fergdawg at netzero.net
Tue Oct 3 17:18:53 CDT 2006

Here's something pretty interesting....



For quite some time, I've seen certain Botnets perform the following
trick: install some garbage, and hijack the end user's homepage. The
hijacked page usually contains nothing more than a bunch of adverts -
and, should the curious end-user click them (which they inevitably
will) the bad guys rake in the dough from whoever runs the Ad Network
and the advertisers or whoever.

Now, automated drones are great, but eventually you will be caught out.
Even the best auto-clickers aren't particularly brilliant. But what if
you could organise a network of drones that weren't machines but actual
people? What if you could do away with all that awful technical IRC
jibber-jabber and run what is effectively a Bot-less Botnet? What
if...you could take some code from last month, rejiggify it a little
and launch IM infections from simply visiting a webpage in IE, as
opposed to all the HEY LOL CLICK THIS nonsense you usually have to do?

Well, today's your lucky day, kids!



- ferg

"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 ferg's tech blog: http://fergdawg.blogspot.com/

More information about the funsec mailing list