Dismantle the Control System of a Network for Swindling “Pay Per Click’ Systems

A joint effort between RSA Security, the expert in protecting online identities and digital assets, and Panda Software, has once again resulted in the detection and neutralization of a sophisticated online fraud attack.

The companies, who collaborate in order to detect and mitigate existing and emerging online fraud attacks, worked together to help dismantle the control system of a bot network designed to swindle “pay per click’ systems, as follows:

– Fraudsters set up a number of Internet addresses and posted a series of (genuine) syndicated search-engine advertisements.

– The bot network -comprised of more than 50,000 zombie machines infected by Clickbot.A – was programmed to access these Internet addresses and to register clicks on the syndicated advertisements.

– The fraudsters received a slice of the “pay per click’ advertising revenues even though the original advertisers did not receive any visits to their sites.

The entire bot network was managed by a complex control center. Each bot could be monitored remotely, allowing attackers to determine, for example, the number of clicks from each bot, or control the number of bots that were active at any one time. This monitoring system was centralized on a server which also allowed attackers to track precise statistics of the botnet activity. As a result of the joint efforts of the Online Threats Managed Services team at RSA Security and Panda Software, the central control server was disabled, thus greatly hindering the continuity of the scam.

“The level of sophistication that we’re seeing – and the speed at which new fraudster techniques are introduced – is tremendous,” said Keren Levy, director of the Online Threats Managed Services group at RSA Security.

“Botnets are part of the cyber-crime business model, as they are normally hired or sold to third parties to carry out malicious actions such as sending spam, stealing confidential data or installing other types of malware”, explains Luis Corrons, head of PandaLabs, adding: “This particular case represents a variant of that model, as it seems that bot authors are obtaining financial benefits directly, swindling companies that pay for each click. The fact that companies pay a certain amount of money for each click on their ads, combined with the number of bots involved in the swindle, gives an idea of the huge proportions of this fraud”.

To date, the cooperation between RSA Security and Panda Software has produced very effective results. Among others, the companies also recently assisted in the dismantling of a complex scheme to create and sell custom Trojans that were targeted against specific financial institutions and their customers.




Share this