By John Leyden
1st July 2009
Miscreants have developed one of most sophisticated click fraud malware
applications to date.
The Trojan code - dubbed FFsearcher by security firm SecureWorks - plugs
into a Google API that allows webmasters to add a Google-powered search
widget (called "Google Custom Search") to their website. In normal use,
search results made via the widget are displayed alongside Google
AdSense ads, with webmasters receiving a small fee every time a surfer
follows an ad.
The malware hijacks this feature so that every search an infected user
makes is performed through a search widget under their control, so that
they get paid by Google every time a surfer clicks on a sponsored ad.
Hackers have also worked out a means to pull off this sleight of hand
without giving any indication to surfers that anything might be amiss.
Google might find it hard to unravel instances of fraud.
As such, the attack is more sophisticated than previous click fraud
approaches, which relied on tricks such as changing a surfer's start
page and searches to point to a third-party search engine, types of
behaviour that might more easily be detected. FFsearcher works on both
IE and Firefox.
Attend Black Hat USA, July 25-30 in Las Vegas,
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com