ARN

New Trojan puts sneaky twist on click fraud

The malware invisibly funnels search queries through its own site, cheating Google out of money

A new piece of malicious software has been discovered that cheats Google and potentially other search engines out of money.

The Trojan horse perpetuates click fraud, a scam in which Web advertisements are clicked in excess or under misleading circumstances in order to generate revenue for those who own the Web pages the ads appear on.

The malware, called "FFSearcher," is "one of the more clever" ones seen of late, wrote Joe Stewart, director of malware analysis at SecureWorks, on a company blog.

The Trojan that SecureWorks analyzed revolves around the use of a widget made available to webmasters from Google. Google offers a custom search box that can be embedded in Web sites, which enables access to its search engine and also shows AdSense advertisements,

If someone clicks on an AdSense ad, Google will pay the Web site operator "a small sum of money," Stewart wrote.

For PCs that have been infected with FFSearcher, all searches the person does on Google are invisibly channeled through another Web site called My Web Way, which uses Google's search widget.

The user sees search results that appear to come from Google but actually are first channeled through My Web Way. Even the URL box indicates the results come through Google's domain, Stewart wrote.

What the creators of FFSearcher are hoping is that those infected users will also click on AdSense ads, which My Web Way will get credit for. Google loses since it pays those fees. My Web Way appeared to be no longer active as of Wednesday afternoon.

FFSearcher works with the Firefox and Internet Explorer browsers. An analysis of the code showed that Yahoo also appeared to be a target, Stewart wrote.

The problem with FFSearcher is that it may be difficult for search engine companies to detect the fraud since the behavior of users is no different than normal, Stewart wrote.

Google and other companies use technology that can, for example, detect when an automated program or bot is repeatedly clicking on an ad in a behavior inconsistent with the way a human would interact.

"FFSearcher undoubtedly raises the bar for the fraud detection teams working at the major search engines," Stewart wrote.

"It will be interesting to see how they combat it and other trojans using the same technique in the future."

State of the IT Channel 2012: Register your view and win a Toshiba tablet!

Come socialise with us! Facebook | LinkedIn

More about: Google, SecureWorks, Yahoo
References show all

Comments

1

jose cruz

Sat 04/07/2009 - 10:27

hacker

it's easy too make trojans software programs lol

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: click fraud, FFSearcher, Google, malware, trojan
ARN Directory | Distributors relevant to this article
Aquion , Avnet Technology Solutions , Ingram Micro Australia
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/dpsa/2011-05-29_389_we-have-apc-in-stock
DPSA

We have APC in stock!

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.