Researchers Unleash Human-Like Botnet; Chameleon Mines $6 million a Month

Researchers at Spider.io discovered a Ëœhuman-like` botnet counting over 120,000 infected systems, and costing advertisers more than $6 million a month, according to Spider.io. Chameleon is the first botnet to directly impact display advertisers rather than text-link advertisers.

“At least 7 million distinct ad-exchange cookies are associated with the botnet per month,” the researchers said. “Advertisers are currently paying $0.69 CPM on average to serve display ad impressions to the botnet.”

By simulating human activity, the click-fraud botnet was used to steal money from unwary advertisers on over 200 websites, hijacking at least 65 percent of their traffic from ads. Most infected machines accessed the Web from US IP addresses.

“I’m not aware of any other botnet that tries to impersonate human beings as a way to siphon off advertising dollars,” DataXu`s vice president of innovation, Christian Carrillo, told CSO Online. The marketing software company provided forensic data to Spider.io, and said this was probably the most unusual botnet they have monitored.

The research team has analyzed Chameleon`s behavior since December last year 2012, and managed to extract a blacklist of 5,000 IP addresses of its worst bots.