TDL-4 variant spreads click-fraud campaign

Share this article:

A click-fraud campaign – in which attackers redirect users from legitimate ads on major sites, like Facebook and YouTube, to URLs where they can receive money for clicks – has been launched using a new TDL-4 malware variant.

TDL-4 rose to infamy in 2011, when researchers discovered that the malware supported a botnet of more than four million infected computers, which were primarily in the United States.

The latest version of the malware uses a domain-generation algorithm (DGA), in which the infected machines generate hundreds to thousands of domain names a day to hide the command-and-control infrastructure.

Researchers at Damballa Labs discovered the malware variant and believe it emerged in May, infecting approximately 280,000 machines since then. The last 30,000 cases of infection have emerged in the past week alone.

Manos Antonakakis, the director of academic sciences for Damballa, told SCMagazine.com on Tuesday that researchers are still analyzing the malware's capabilities, but that infections have been centralized to certain areas.

“The major countries affected by this are the U.S., Germany and U.K.,” Antonakakis said. Once the malware is on victims' machines, it hijacks the devices when users click on legitimate ads found on sites – like Facebook, YouTube, Yahoo, MSN and Google – to direct web traffic to ads that will gain attackers money.

Victims are usually unaware that the click-fraud activity has even transpired.

Researchers at Damballa, as well as at the Georgia Tech Information Security Center (GTISC), which is collaborating with the firm, have not determined what kinds of ads criminals may be using to further their campaign.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.