Information Security News: Stealthy click fraud tool exploits 9ball attack

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2009/07/01/stealthy_click_fraud_malware/

By John Leyden
The Register
1st July 2009

Miscreants have developed one of most sophisticated click fraud malware 
applications to date.

The Trojan code - dubbed FFsearcher by security firm SecureWorks - plugs 
into a Google API that allows webmasters to add a Google-powered search 
widget (called "Google Custom Search") to their website. In normal use, 
search results made via the widget are displayed alongside Google 
AdSense ads, with webmasters receiving a small fee every time a surfer 
follows an ad.

The malware hijacks this feature so that every search an infected user 
makes is performed through a search widget under their control, so that 
they get paid by Google every time a surfer clicks on a sponsored ad. 
Hackers have also worked out a means to pull off this sleight of hand 
without giving any indication to surfers that anything might be amiss. 
Google might find it hard to unravel instances of fraud.

As such, the attack is more sophisticated than previous click fraud 
approaches, which relied on tricks such as changing a surfer's start 
page and searches to point to a third-party search engine, types of 
behaviour that might more easily be detected. FFsearcher works on both 
IE and Firefox.

[...]


_______________________________________________      
Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com