A new worm makes clicking on AdSense links
A month ago, an AutoIt.D virus was detected, which replicated through the Yahoo Instant Messenger internet pager. From the infected machine, he sent text messages to the contact list with a link to a web page. If the victim followed the link, the AutoIt.D virus penetrated the system through Internet Explorer.
A new, interesting variant of this virus has been discovered, perhaps the first of its kind. The KMeth virus changes the user's home page to another page filled with contextual advertising ( screenshot ), with the most expensive, at $ 4-13 per conversion. The idea is that the user clicks on the sponsored links and thereby brings earnings to the virus writer. Otherwise, the virus enters as a normal scenario: infects a computer through Internet Explorer and sends the same text messages with a link to the infectious page to addresses from the contact list of the Yahoo Instant Messenger pager.
Thus, specialists in click-fraud (among them, as we know, many Russians ) are increasingly using virus programs. Previously, we already talked about the cooperation of spammers and virus writers. Now they have been joined by fraudsters from the click fraud industry.
The KMeth virus is distinguished by some “advanced features”. For example, he displays a special status message in the contact list to attract the user's attention ( screenshot ). This message changes periodically.
')
In addition, for additional conspiracy from Google's anti-fraud algorithms, the authors of the virus use the free online system TrafficCleaner , which filters the transition by advertising links, taking into account the user's IP addresses.
A new, interesting variant of this virus has been discovered, perhaps the first of its kind. The KMeth virus changes the user's home page to another page filled with contextual advertising ( screenshot ), with the most expensive, at $ 4-13 per conversion. The idea is that the user clicks on the sponsored links and thereby brings earnings to the virus writer. Otherwise, the virus enters as a normal scenario: infects a computer through Internet Explorer and sends the same text messages with a link to the infectious page to addresses from the contact list of the Yahoo Instant Messenger pager.
Thus, specialists in click-fraud (among them, as we know, many Russians ) are increasingly using virus programs. Previously, we already talked about the cooperation of spammers and virus writers. Now they have been joined by fraudsters from the click fraud industry.
The KMeth virus is distinguished by some “advanced features”. For example, he displays a special status message in the contact list to attract the user's attention ( screenshot ). This message changes periodically.
')
In addition, for additional conspiracy from Google's anti-fraud algorithms, the authors of the virus use the free online system TrafficCleaner , which filters the transition by advertising links, taking into account the user's IP addresses.
Source: https://habr.com/ru/post/4497/
All Articles