Botnets. To security researchers, they’re like digital Hydra. For each vicious head they lop off, another two explode from the stump.
Just a month ago, Microsoft and Symantec announced that they’d manage to take down the massive Bamital botnet, which is said to have been fakin’ clicks to the tune of around a million bucks a year. This new guy that just popped up? Six million. Per month.
Spider.io, a security research/traffic analysis firm out of London, says they’ve been on this botnet’s trail since December of 2012. Dubbing it “Chameleon” (because of the many ways it hides), they’ve shared a whole stack of stats regarding this nasty thing’s behavior:
As if the insanely high numbers weren’t enough, Chameleon also packs quite a few tricks up its sleeve to make it hard to detect/fight. It’s constantly moving the mouse around the page whenever the bot is surfing sans driver, which helps it sneak by any fraud-detection system that’s on the lookout for suspiciously robotic movements. It’s constantly running multiple concurrent sessions per visitor, and it’ll automatically reboot itself anytime once its slave sessions crash. Guh.
According to Spider.io, Chameleon seems to be primarily focusing its trickery on 202 different websites. Which 202 websites? They don’t say — presumably because it implies that any one or all of those websites might be in on it, when that’s really just not the case. Any one who’s set to profit from this (or, hell, anyone who just wanted to flex their tech muscles and write a sophisticated botnet) could have put it together.
On the upside, Spider.io has managed to pin down a list of what they say is 5,000 of the most active infected computers. On the downside, that’s.. you know, 5,000 out of 120,000 and counting. SAVE US, SYMANTEC.
[Photo Credit: D. Richard Hipp on Flickr under creative commons]