The ad-fraud botnet, dubbed Chameleon, mimics website visitor traits, like clicking or rolling a mouse over display ads. It is the first, to hit online display advertising, and requires “a surprising level [of] sophistication,” according to fraud analytics firm Spider.io.
“Spider.io has been tracking anomalous behaviour associated with Chameleon botnet since December, 2012, and in February of this year the extent of the Chameleon botnet’s principal web-browsing activity was established,” an advisory by spider.io explains.
Spider.io say that with the help of display ad exchanges and demand-side platforms, has identified “deviant consumption,” which accounted for 9 billion fraudulent display ads served a month.
So far, more than 120,000 host machines have been identified — 95 percent of which come from residential IP addresses in the U.S.
“The bots visit the same set of websites, with little variation,” the firm said. “The bots generate uniformly random click co-ordinates across ad impressions and the bots also generate randomized mouse traces.”
Chameleon is relatively unstable, though. The botnet subjects its host machines to a heavy load, crashing and restarting regularly, and possibly signaling to users that something is wrong.
This recent botnet discovery comes after last month’s Microsoft and Symantec takedown of the Bamital botnet, which also cost online advertisers millions of dollars, according to Spider.io.