New Trojan puts sneaky twist on click fraud

The malware invisibly funnels search queries through its own site, cheating Google out of money

Jeremy Kirk (IDG News Service) 02 July, 2009 04:15:00

Tags: click fraud, FFSearcher, Google, malware, trojan

A new piece of malicious software has been discovered that cheats Google and potentially other search engines out of money.

The Trojan horse perpetuates click fraud, a scam in which Web advertisements are clicked in excess or under misleading circumstances in order to generate revenue for those who own the Web pages the ads appear on.

The malware, called "FFSearcher," is "one of the more clever" ones seen of late, wrote Joe Stewart, director of malware analysis at SecureWorks, on a company blog.

The Trojan that SecureWorks analyzed revolves around the use of a widget made available to webmasters from Google. Google offers a custom search box that can be embedded in Web sites, which enables access to its search engine and also shows AdSense advertisements,

If someone clicks on an AdSense ad, Google will pay the Web site operator "a small sum of money," Stewart wrote.

For PCs that have been infected with FFSearcher, all searches the person does on Google are invisibly channeled through another Web site called My Web Way, which uses Google's search widget.

The user sees search results that appear to come from Google but actually are first channeled through My Web Way. Even the URL box indicates the results come through Google's domain, Stewart wrote.

What the creators of FFSearcher are hoping is that those infected users will also click on AdSense ads, which My Web Way will get credit for. Google loses since it pays those fees. My Web Way appeared to be no longer active as of Wednesday afternoon.

FFSearcher works with the Firefox and Internet Explorer browsers. An analysis of the code showed that Yahoo also appeared to be a target, Stewart wrote.

The problem with FFSearcher is that it may be difficult for search engine companies to detect the fraud since the behavior of users is no different than normal, Stewart wrote.

Google and other companies use technology that can, for example, detect when an automated program or bot is repeatedly clicking on an ad in a behavior inconsistent with the way a human would interact.

"FFSearcher undoubtedly raises the bar for the fraud detection teams working at the major search engines," Stewart wrote.

"It will be interesting to see how they combat it and other trojans using the same technique in the future."

Have your say!

More by Jeremy Kirk

ARN Directory | Distributors relevant to this article

Avnet Technology Solutions , Ingram Micro Australia

Newsletters

More about Google

More about Google >

More about malware

More about malware >

Comments

Sat, 04/07/2009 - 10:27 — jose cruz (not verified)

hacker

it's easy too make trojans software programs lol

Post new comment

ARN Distributor Directory

Find distributors by name
Find distributors by vendor
Find distributors by location

ARN Vendor Directory

Find vendors by name | Find by category

Jobs

BUSINESS DEVELOPMENT MANAGER - CONTENT MANAGEMENT SYSTEMS, INTRANETS,10/02/2010
Other
I.T. & T
BUSINESS DEVELOPMENT MANAGER - CONTENT MANAGEMENT SYSTEMS, INTRANETS,
WEB CONTENT MANAGEMENT SYSTEMS - BUSINESS DEVELOPMENT MANAGER10/02/2010
Other
I.T. & T
WEB CONTENT MANAGEMENT SYSTEMS - BUSINESS DEVELOPMENT MANAGER
GIS Operator/GIS Officer - 5 x Roles! (F4)9/02/2010
Other
I.T. & T
GIS Operator/GIS Officer - 5 x Roles! (F4)
IT Infrastructure Sales - Business Development9/02/2010
Other
I.T. & T
IT Infrastructure Sales - Business Development
Business Development Manager - Software Solutions!9/02/2010
Other
I.T. & T
Business Development Manager - Software Solutions!

ARN Community Comments

"SHOW ME THE MONEY!!! ..."
on Synergy finalises Leading Solutions deal
by Bill | 09 February, 2010 14:44
"I just bought a pc and it came with Vista! Now they/Microsoft will not give me a reduced price upgrade to Windows 7! B ..."
on Microsoft launches free Windows 7 upgrade deal
by Anonymous | 09 February, 2010 14:42
"How do we find out more? We have needed a new serious player in this market for some time. ..."
on Rittal brings on newly-formed distributor
by Anonymous | 09 February, 2010 10:49
"A Senator stands up and publicly speaks *against* the defence during a trial, and somehow he is not immediately thrown i ..."
on Industry: Conroy’s urge for piracy code of conduct is premature
by Just Asking For Trouble | 09 February, 2010 07:23
"when I can download a movie in full DVD/blu-ray quality legally at reasonable price and without stinking DRM. Reasonabl ..."
on Industry: Conroy’s urge for piracy code of conduct is premature
by Anonymous | 08 February, 2010 21:31

Market Watch Virtualisation

Microsoft Anti-Piracy Infringement Alert

The Microsoft Anti-Piracy Newsletter outlines what Microsoft is doing to protect your business from Software Piracy and highlights recent legal action taken against those who infringe our copyright.

Subscribe to ARN

ARN has been the premier provider of information to the Australian IT channel for more than 12 years. As the only weekly publication dedicated to the channel, ARN produces timely, accurate news and analysis about IT business issues, products and services, new technology and market opportunities.