Botnet puts heavy financial toll on advertising industry

The newly discovered Chameleon botnet has infected more than a hundred thousand Windows computers in the US and misuses its hosts to simulate clicks on online display ads. According to Spider.io, a service that specialises in analysing advertisement clicks, this is costing the advertising industry around $6 million a month.

The company says that it first registered the botnet's activities in December 2012. The Chameleon botnet exploits its more than 120,000 host computers to regularly visit about 202 web sites. Chameleon's approach appears to display quite a high degree of sophistication. The botnet finds the ads on an accessed page and then tries to mimic human clicking behaviour as closely as possible by simulating mouse movements.

Around 14 billion ads per month are served on the selected web sites; Spider.io says that at least 9 billion of them can be attributed to the botnet. According to the company's calculations, the damage caused by Chameleon is 70 times higher than that of Bamital, a botnet that was taken down by Symantec and Microsoft. Bamital only generated a "revenue" of around $1 million per year.

The Spider.io service specialises in differentiating bots and spiders from human web site visitors. For the current analysis, the company has been supported by its partners DataXu and media6degrees. The analysis of Chameleon is not yet considered complete; Spider.io says that what has been presented are the results to date, but that a far greater number of computers could potentially be affected. It has, though, already published a list of the 5000 worst offending IP addresses infected with the botnet.

(fab)