After Mevade Trojan emerged as the first large botnet to hide inside and attack Tor network, a new malware followed which will perform click-fraud. Sefnit Malware, likely to be developed by developers of Mevade Trojan, is reportedly generating click-fraud activity as confirmed by researcher Geoff McDonald at Microsoft Malware Protection Center.
According to McDonald, Sefnit malware was first discovered as a new click-fraud malware back in 2011. Microsoft detected click-fraud activity in Sefnit malware which uses open source 3proxy project to defraud search engine users. Considering the succession of emergence of Sefnit malware and Mevade Trojan, Microsoft suspects that they belong to the same family, with Sefnit malware being the click-fraud part of the latter.
How Sefnit malware works and defrauds?
The new Sefnit malware click fraud method is more advanced and stealthier than the method developers used in 2011. Earlier in 2011, the old Sefnit malware used click hijacking method to perform click-fraud that whenever an infected user was browsing Internet and attempted to click on any search engine result, their clicks would be hijacked to a webpage which looked similar to the users’ destination. Sefnit malware was using advertising agencies to divert the search results and those clicks were in large volume that it was nearly impossible to detect such click-fraud activities by any anti-fraud agency, but some observant users reported the incidence and submitted samples to antimalware researchers. As a result, Sefnit malware developers were forced to close down.
Well, for a short time; the Sefnit malware authors have sophisticated their click-fraud activities that they are now using a network of affiliate search programs such as mywebsearch.com and other legitimate advertising agencies to deceive genuine advertisers. Microsoft has explained Sefnit malware activities using GroupOn; if Sefnit malware authors are using proxy service to ‘fake a click’ of a Google ad of GroupoOn site to n affiliate site. Now that the retailer is paying to Google for this click, Google is earning its share and paying out to these Sefnit malware affiliates.
Thus, Groupon ends up paying money for this fake advertisement to Google and the Sefnit authors are receiving a commission on the click, by signing up as an affiliate for mywebsearch. Have you equipped your computer with the right kind of amtimalware software which renders browser protection, real-time protection, anti-spyware, anti-rootkit, antivirus and other added security protection?