Malware that secretly clicks on ads in order to defraud advertisers might seem
generally harmless to infected machines, but can serve as a gateway to more serious
infections, according to a report released today by Damballa.
Clickfraud malware has been showing up a lot this year, said Stephen Newman,
CTO at security vendor Damballa, with about 32 million active infections spotted in the
company's customer base during the first half of this year, or about 210,000 per day.
According to the Association of National Advertisers, it costs US businesses about
$6.3 billion a year in wasted ad money.
But how much of a threat is it to enterprises with infected machines?
If it sneaks in past initial security controls, the malware tries to be as
undetectable as possible while it racks up the fraudulent ad clicks in the background.
"It doesn't pose any immediate risk to the business," said Newman. That's a
challenge for enterprise security professionals who have to prioritize which threats they
address first and put off dealing with clickfraud-related infections.
That's because click fraud is often just the first invader of a potentially long chain.
Once the machine is part of the botnet, the criminals aren't going to let go of it
easily.
Once the first clickfraud campaign is over, the botnet operators will sell the
machine to another criminal group. And when that campaign is done, it gets resold
again.
At some point in the chain, it will get used for ransomware or another dangerous
attack.
"This is a significant problem for security teams inside enterprises," Newman
said. "It is critically important for security teams to not only discover which systems are
compromised, but to track changes in behavior over time.