One month ago, Microsoft and Symantec took down the massive Bamital botnet, a system that was creating fake clicks in order to generate millions of dollars in advertising revenue each year. Fast forward to the present day, and the newly discovered Chameleon botnet is believed to be draining advertisers of nearly $6 million per month.
London-based security research and traffic analysis firm Spider.io has been following the Chameleon botnet since December 2012, and the company found various issues with the network.
Spider.io found Chameleon to be running on at least 120,000 computers, targeting the Windows OS. The firm also found that the Chameleon botnet is targeting not only text based ads as Bamital had but also graphic/Flash ads.
The report finds that the Chameleon botnet is faking around nine billino ad impressions per month at a click rate of just 0.02 percent.
The research firm has found that 95 percent of the infected PCs discovered appear to be residential systems, likely systems left unprotected.
When all is said and done, the service appears to be costing around $.069 per thousand pageviews or the equivalent of $6 million in non-viewed ad dollars.
The Chameleon botnet appears to be smarter than previous botnets. For example, the product moves the mouse around the page whenever it is surfing sand driver. That maneuver allows it to bypass fraud-detection by looking less suspicious. The system also runs concurrent sessions per visitor and reboots itself when a slave session crashes.
The botnet is currently running on 202 different websites, although Spider.io has not said which website the platform targets. Spider.io is careful to note that other websites are likely part of the botnet but not yet discovered.
Spider.io has thus far managed to figure out which computers are the most infected, although that list only targets 5000 of 120,000 infected machines.
If you’re an advertiser, this type of setup should remind you why it is important to add in the hidden costs of online advertising, specifically the costs of ongoing fraud.