Trojan hijacks search results to generate advertising revenue

There’s a Trojan out there that forces infected computers to automatically click on advertising banners. By doing so, its creators are earning money while businesses paying to be seen are just burning a hole in their budgets without achieving anything.

Those are the results of a new report by security firm Bitdefender, which has identified the Trojan as Redirector.Paco. According to the company’s press release, the Trojan has, since 2014, infected 900,000 machines.

It’s most present in India, Malaysia, Greece, the USA and Italy, and works like this: once a machine is infected, its internet configuration settings are changed so that search results on engines like Google or Yahoo are forwarded to a third party, controlled by the attackers. The server would then retrieve results and add advertising, earning botnet operators money.

"This particular campaign is mostly detrimental for private companies that pay for advertising impressions and clicks", states Bogdan Botezatu, senior e-threat analyst at Bitdefender. "Google’s AdSense for Search program places contextually relevant advertisements on custom search results pages and shares a portion of its advertising revenue with AdSense partners. In this particular case, the botnet operator is utilizing publisher identities to operate as a Google AdSense partner and collect the money from clicks on poisoned search links".

Researchers say infected users don’t lose money directly, but this Trojan does allow botnet operators to inject malicious code (ransomware, for example) if they want to. They also own the search results for the victim’s computer.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Image credit: wk1003mike / Shutterstock