Botnet can Direct Traffic

Thursday, December 22, 2011 @ 11:12 AM gHale


The KOOBFACE botnet just underwent an upgrade and added in a sophisticated traffic direction system (TDS) that handles all of their traffic referenced to affiliate websites.

KOOBFACE is a botnet that uses a pay-per install and pay-per click mechanism to help the masterminds that run it earn millions.

RELATED STORIES
Spam Still High, but Down, Symantec Says
Flex SDK Framework Flaw Fixed
Email Hole Enables Spam Messages
Rootkit, Trojan Unite
Busted: Ghost Click Nets Six

The TDS redirects traffic to locations that earn the crooks affiliate cash for each user they fool into accessing the specific sites, said researchers at Trend Micro.

Since Google implemented some security mechanisms that make sure botnets can no longer create fake email accounts useful for spamming and creating social media profiles, cyber criminals began relying on Yahoo! Mail to help them.

Once they make the email accounts, the botnet uses them to create other accounts on social networking sites such as Twitter, Tumblr, FriendFeed, FC2, livedoor, So-net, and Blogger.

In the third part of the process, images gather together with the help of a new binary component that gathers pictures of celebrities, cars and anything else that might attract unsuspecting users.

In the next stage, dedicated pieces of malware begin creating blog accounts and retrieve content for them from the C&C server. The posts from these rogue blogs specifically make sure they’ll pop up among the first results in search engines.

By using an obfuscated JavaScript code that references the botnet’s TDS domain they are able to track the number of visits to each rogue blog post and redirect victims to the affiliated sites that help them earn cash.

In 2009 alone, the gang that runs KOOBFACE reportedly earned $2 million.

“TDS creation definitely provided the KOOBFACE gang a means to more efficiently target celebrity fans, online daters, casual porn surfers, and car enthusiasts,” said Jonell Baltazar, Senior Threat Researcher at Trend Micro. “Their TDS allowed them to efficiently handle the increase in the number of unwitting users who land on specially crafted blog posts that lead to various advertising, click-fraud, and other affiliate sites, which all translate to profit.”



Leave a Reply

You must be logged in to post a comment.