TDL-4 click-fraud campaign claims 280k victims

Powered by SC Magazine
 

Attack claims 30,000 victims in last seven days.

A click-fraud campaign has been launched using a new dangerous TDL-4 malware variant which has claimed some 280,000 victims.

The malware TDL-4 rose to infamy in 2011 when researchers discovered it supported a botnet of more than four million infected computers.

The latest version of the malware uses a domain-generation algorithm (DGA) in which the infected machines create thousands of domain names daily to hide command-and-control infrastructure.

Victims were caught in a money-making campaign where they were redirected from legitimate ads to URLs where attackers earn revenue off the traffic.

The malware variant emerged in May according to researchers at Damballa Labs, and had infected up to 30,000 machines in the past week.

Victims were usually unaware of the attack and researchers at Damballa and Georgia Tech Information Security Center did not know what types of fradulent ads were used.

“We are in the process of further analysing the ad campaign,” Damballa academic sciences director Manos Antonakakis said. “We have several people working to define what [attackers] are actually doing.”

More than 40 Fortune 500 companies are among the victims infected by the TDL-4 variant, as well as government agencies and ISP networks. Damballa also pinpointed 85 servers, hosted primarily in Russia, Romania and the Netherlands, that were linked to the botnet.

The attacks were centralised within the US, Germany and Britan, Antonakakis said.

The company described TDL4 as a multipurpose launching pad for other malware which could have other unknown features.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


TDL-4 click-fraud campaign claims 280k victims
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  25%
TOTAL VOTES: 346

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 144

Vote