CWSandbox vs. Click-Fraud Trojans

["Fergie" <fergdawg () netzero net>]

Via Honeyblog.

[snip]

Business Week had an interesting story about click fraud recently (also
at /.). This seems to be a really lucrative business and there is of
course also malware that helps the attacker to automatically generate
clicks on websites.

One example of such a piece of malware is Trojan.Clicker (named by
F-Secure), which currently also dominates the monthly world map of
malware infections. The operation mode of this Trojan is rather simple:
after the initial infect (e.g., download via bots), it remains resident
in memory and periodically opens certain web pages with the help of
Internet Explorer, thus generating clicks on that web page. Hence, the
attacker automatically generates revenue from his compromised
machines...

A more detailed analysis of a particular Trojan.Clicker variant is
available as CWSandbox report.

[snip]

Link(s):
http://honeyblog.org/archives/59-CWSandbox-vs.-Click-Fraud-Trojans.html


- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.