An anonymous reader writes "From The Washington Post's Security Fix blog comes news of a new Trojan horse program that takes click fraud to the next level. The Trojan, dubbed FFsearcher by Atlanta-based SecureWorks, was among the pieces of malware installed by sites hacked with the Nine-Ball mass compromise that attacked some 40,000 Web sites this month. The Trojan takes advantage of Google's "Adsense for Search," application programming interface (API), which allows Web sites to embed Google search results alongside the usual Google AdSense ads. The story notes that while most search hijackers give themselves away on the victim's machine by redirecting the browser through some no-name search engine, FFsearcher 'converts every search a victim makes through Google.com, so that each query is invisibly redirected through the attackers' own Web sites, via Google's Custom Search API. Meanwhile, the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search, but instead sees the search results as though they were returned directly from Google.com (and with Google.com in the victim browser's address bar, not the address of the attacker controlled site). Adding to the stealth is the fact that search results themselves aren't altered by the attackers, who are merely going after the referral payments should victims click on any of the displayed ads. What's more, the attackers aren't diverting clicks or ad revenue away from advertisers or publishers, as in traditional click fraud: They are simply forcing Google to pay commissions that it wouldn't otherwise have to pay." Link to Original Source
This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.
Nine-Ball Attacks Spread New Click Fraud Tactics 0 Comments More Login /
Get More Comments