In response to the news that a new botnet has been discovered which is stealing millions of dollars from advertisers by generating make advert viewings: http://www.bbc.co.uk/news/technology-21860360, Tim Keanini, CRO, nCircle writes.
There was a time when the person down the street used to make a claim like, “Oh, I don’t care about security because I really have nothing on that computer to steal”. Think again dude because you sit supply side to the bot-herders. Botnet’s allow for many capabilities all having to do with a system assuming that because a click or a request is coming from a unique machine, it must be a real person and thus no stronger authentication is required. Such is the case with the entire only advertising model that just got exploited. As Lamar said, botnets having been around for quite some time and it is the mere fact that exploiting a remote controlling 1000’s of machines on the internet is so darn simple to do. What botnets are used for is what changes and adding features and functionality to botnets is just a simple matter of programming.
The people behind this attack are criminals who know they can make money exploiting this architectural flaw and more importantly, not get caught doing it. The cost to them is low and the payoff high. Something will need to change for them to go away and chase down a new money making strategy.
So what is so wrong with the advertising models on the Internet today? The old model is just paying for ‘clicks’ is going to have to change – it was super sketchy to begin with and I’m surprised it has taken this long to publicly be exploited.
Fake clicks, fake Twitter followers, fake only shoppers influencing reputation ranking, fake bots in online gaming, fake accounts on online dating services, fake chat bots on IM, all of them exploiting the Achilles heel of the Internet: authenticity. As always, people build systems weak, they get exploited, they make it stronger, it gets exploited, they make it stronger, and so on and so on.”
Lamar Bailey, director of security research and development, nCircle said: “These types of botnets have been around for a very long time and have been a reliable source of income for hackers. For a botnet to generate millions of dollars a month it has to be quite large and is probably the combination of multiple botnets. Bot-hearding is a cut throat "business" and the botnet owes are always attacking each other’s targets to gain control over their bots. Many of these botnets are Swiss army knives they function as SPAM bots, generating revenue from advertisers, launching DDOS attacks and infecting new systems. The hackers target home users be generally they are a easier target to attack via phishing, infected freeware and shareware, illegal downloads and infected websites.