IE Used To Launch Yahoo IM Clickfraud

← Back to Stories (view on slashdot.org)

IE Used To Launch Yahoo IM Clickfraud

Posted by ryuzaki0 on Tuesday October 3, 2006 @11:48AM from the botless-botnets dept.

An anonymous reader writes, "There's a new Instant Messaging worm in the wild that is taking the idea of Botnet clickfraud up a level. It trades in automated drones (prone to malfunction and detection) for real live people who (of course) have the option of not actually clicking anything, thus theoretically making their clicks harder to identify as 'fraudulent.' This IM attack doesn't even need a victim to physically run anything to become infected — simply visiting a certain site in Internet Explorer will cause the files to download and start sending infection messages. At this point, their homepage is changed to a site using Mesothelioma (a rare form of cancer) to ring up high-paying results on the perpetrators' Google ads. As the researcher who discovered the infection notes, 'It's way, way harder to trace some random boob who has a ton of (partially) unconnected people shunting IM links all over the place. Try staying anonymous as a Botnet owner who just had the entire details of his server splattered across the net by Shadowserver. What will be interesting to see is if some of the smaller Botnet guys ditch their technical woes and jump on the much-easier-to-maintain IM bandwagon to get their clickfraud kicks.'"

4 of 76 comments (clear)

Min score:

Reason:

Sort:

Sorry to ask the obvious.... by Anonymous Coward · 2006-10-03 13:01 · Score: 1, Interesting

...but surely google would quickly become aware of the website and cancel the google ad accounts of the sites linked from the page? Thus the scammers would get no "Step 3.... profit!!!"?
Re:What? by icepick72 · 2006-10-03 15:25 · Score: 2, Interesting

I'm so relieved this self-help thread exists. I cannot understand a damn thing that article is saying. I'm not alone (;_;) To hell with it, I'm waiting for the next story. No comment.
Re:Does this effcet us by Technician · 2006-10-03 19:16 · Score: 2, Interesting

Does anyone that comes here on purpose us IE still

At work some of us are stuck with the corporate desktop environment which means IE. The IT department has done a pretty good job keeping it locked down. When they run the corporate proxy server, it's easier to get a handle on what doesn't make it in. They also use managed switches, so if a machine starts spewing, it gets disconnected. It tends to stop worms that try to scan for vuneribilities or other bot activities. Even the new version of Skype that used supernotes triggered the defences and dropped a bunch of machines while they tried to figure out the cause of the unusual data pattern.

Home users have no monitor that triggers and disconnects on unusual data patterns on the net.

--
The truth shall set you free!
YIM uses IE functionality by Old.UNIX.Nut · 2006-10-04 05:00 · Score: 2, Interesting

Several years ago I disabled cookies in IE and found it broke YIM. I decided this made YIM a security risk and quickly switched to Trillian for all my IM need. I have NEVER regretted making this change.