Contextual online advertising is a lifesaver for small enterprises that are usually unable to promote their products and services and increase potential customer awareness in other ways. The most common way to build a channel of supply and communication for these organizations is to purchase ads from legal advertising companies. However, if the latter are unscrupulous, small companies will flush money down the drain, and customers simply will not see the ad. This is exactly what happens with the Magala botnet.
Its authors compromise computers with malware,which then generates fake views and clicks for ads, thus switchingmachines into zombie mode and making a profit for the malware’sauthors. Once propagated, Magalaimitates a user click on a particular webpage, boosting ad click counts. The main victims are those paying for the ad; typically, they are small enterprise owners dealing with fraudulent advertisers.
Kaspersky Lab’s researchers have discovered a new botnet that cashes-in on aggressive advertising, mostly in Germany and the US. The Magala Trojan Clicker, generates fake ad views and make up to 350$ from each machine. Small and Medium enterprises (SMEs) mostly small enterprises lose out most because they end up doing business with unscrupulous advertisers, without even knowing it.
The Magala infection vector is quite simple – it propagates computers via compromised websites and discreetly installs itsrequired adware. Magala then contacts the remote server and requests a list of search queries for click counts that need to be boosted.Using this list, the program begins to send search queries and click on each of the first 10 links in the search results, with an interval of 10 seconds between each click.
According to Kaspersky Lab’s researchers,an average cost per click (CPC) in a campaign like this is 0.07 USD. The cost per thousand (CPM) comes to 2.2 USD. Ideally, a botnet consisting of 1000 infected computers clicking 10 website addresses from each search result, and performing 500 search requests with no overlaps in the search results, could ideally mean the virus writer earns up to 350 USD from each infected computer.
“Although this type of advertising fraud has long been known, the emergence of new botnets focusing on that area indicates that there is still a demand on half-legitimate promotion. Trying to cut their costs, small businesses go for that option, but spoil their ad efforts as a result. The success of Magala is yet another wake-up call for users to make the most of solid security solutions and keep all their software updated – in order to not fall victim to cybercriminals,” concludes Sergey Yunakovsky, security expert at Kaspersky Lab.