funsec mailing list archives
Re: CWSandbox vs. Click-Fraud Trojans
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 25 Sep 2006 16:15:05 +1200
fergie wrote:
Via Honeyblog. [snip] Business Week had an interesting story about click fraud recently (also at /.). This seems to be a really lucrative business and there is of course also malware that helps the attacker to automatically generate clicks on websites.
<<snip>> Such things have been around since the mid-late 90's (i.e. close to a decade), tracking the development of pay-per-view and pay-per-click webvertising. The first one I recall analyzing in any depth was installed instead of a warez FTP ("pubstro") site if the dropper/ downloader doing the install decided that the local network connection speed was too slow (done by timing the download of a large-ish file from a well-connected site -- IIRC, one of the older AOL installers around the 1-1.5MB size from an AOL site). Thus, the warez servers ended up on fast cable and DSL machines, generally with rather stable IPs, while the dial-up victims with their slow, but ephemeral IP, connections got ad-clickers. And here's a thing some of you (especially Gadi! 8-) ) will find hard to believe -- "back then" it was often difficult to get AV vendors to add detection of such things... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- CWSandbox vs. Click-Fraud Trojans Fergie (Sep 24)
- Re: CWSandbox vs. Click-Fraud Trojans Nick FitzGerald (Sep 24)