[funsec] CWSandbox vs. Click-Fraud Trojans
Fergie
fergdawg at netzero.net
Sun Sep 24 15:40:24 CDT 2006
Via Honeyblog.
[snip]
Business Week had an interesting story about click fraud recently (also
at /.). This seems to be a really lucrative business and there is of
course also malware that helps the attacker to automatically generate
clicks on websites.
One example of such a piece of malware is Trojan.Clicker (named by
F-Secure), which currently also dominates the monthly world map of
malware infections. The operation mode of this Trojan is rather simple:
after the initial infect (e.g., download via bots), it remains resident
in memory and periodically opens certain web pages with the help of
Internet Explorer, thus generating clicks on that web page. Hence, the
attacker automatically generates revenue from his compromised
machines...
A more detailed analysis of a particular Trojan.Clicker variant is
available as CWSandbox report.
[snip]
Link(s):
http://honeyblog.org/archives/59-CWSandbox-vs.-Click-Fraud-Trojans.html
- ferg
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec
mailing list